admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #209 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-12-30 10:32:37 -05:00 committed by GitHub
commit d0ed035dc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
734 changed files with 24777 additions and 1108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2007/0xxx/CVE-2007-0158.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0158",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "thttpd 2007 has buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://taviso.decsystem.org/research.t2t",
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.t2t"
}
]
}

5
2010/3xxx/CVE-2010-3904.json
View File

@ -141,6 +141,11 @@
"name": "SUSE-SA:2010:053",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"
}
]
}

53
2011/1xxx/CVE-2011-1474.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1474",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1474",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1474"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2011/q1/579",
"url": "http://seclists.org/oss-sec/2011/q1/579"
}
]
}

85
2012/2xxx/CVE-2012-2736.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2736",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "network-manager",
"product": {
"product_data": [
{
"product_name": "network-manager",
"version": {
"version_data": [
{
"version_value": "0.9.2.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2736",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2736"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-2736",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-2736"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/06/15/2",
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/06/15/4",
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/4"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1483-1",
"url": "http://www.ubuntu.com/usn/USN-1483-1"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1483-2",
"url": "http://www.ubuntu.com/usn/USN-1483-2"
}
]
}

60
2012/3xxx/CVE-2012-3462.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3462",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sssd",
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "1.9.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-3462",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-3462"
},
{
"refsource": "MISC",
"name": "https://pagure.io/SSSD/sssd/issue/1470",
"url": "https://pagure.io/SSSD/sssd/issue/1470"
}
]
}

80
2012/4xxx/CVE-2012-4420.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4420",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "java-1.7.0-openjdk",
"product": {
"product_data": [
{
"product_name": "java-1.7.0-openjdk",
"version": {
"version_data": [
{
"version_value": "1.7.0_04 to 1.7.0_10"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-4420",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-4420"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/13/3",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/3"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55538",
"url": "http://www.securityfocus.com/bid/55538"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2012/09/12/4",
"url": "https://www.openwall.com/lists/oss-security/2012/09/12/4"
},
{
"refsource": "MISC",
"name": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857",
"url": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857"
}
]
}

53
2012/4xxx/CVE-2012-4980.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4980",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "55644",
"url": "http://www.securityfocus.com/bid/55644"
},
{
"refsource": "XF",
"name": "78801",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78801"
}
]
}

65
2013/2xxx/CVE-2013-2011.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2011",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Super Cache Plugin",
"product": {
"product_data": [
{
"product_name": "Super Cache Plugin",
"version": {
"version_data": [
{
"version_value": "1.3.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2011",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2011"
},
{
"url": "http://www.securityfocus.com/bid/59473",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59473"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/25/4",
"url": "http://www.openwall.com/lists/oss-security/2013/04/25/4"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83800",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83800"
}
]
}

48
2013/3xxx/CVE-2013-3085.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3085",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.ise.io/research/studies-and-papers/belkin_f5d8236-4v2/",
"url": "https://www.ise.io/research/studies-and-papers/belkin_f5d8236-4v2/"
}
]
}

53
2013/3xxx/CVE-2013-3088.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3088",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Belkin N900 router (F9K1104v1) contains an Authentication Bypass using \"Javascript debugging\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
},
{
"refsource": "MISC",
"name": "https://www.ise.io/research/studies-and-papers/belkin_n900/",
"url": "https://www.ise.io/research/studies-and-papers/belkin_n900/"
}
]
}

55
2013/4xxx/CVE-2013-4318.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4318",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Features",
"product": {
"product_data": [
{
"product_name": "Features",
"version": {
"version_data": [
{
"version_value": "0.3.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4318",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4318"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/09/10",
"url": "http://www.openwall.com/lists/oss-security/2013/09/09/10"
}
]
}

53
2013/4xxx/CVE-2013-4621.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4621",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/60761",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60761"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85252",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85252"
}
]
}

58
2013/4xxx/CVE-2013-4664.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4664",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SPBAS Business Automation Software 2012 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.offcon.org/research.html",
"refsource": "MISC",
"name": "http://www.offcon.org/research.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/26244",
"url": "https://www.exploit-db.com/exploits/26244"
},
{
"refsource": "MISC",
"name": "https://www.exploit-database.net/?id=48229",
"url": "https://www.exploit-database.net/?id=48229"
}
]
}

53
2013/4xxx/CVE-2013-4665.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4665",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SPBAS Business Automation Software 2012 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/26244",
"url": "https://www.exploit-db.com/exploits/26244"
},
{
"refsource": "MISC",
"name": "https://www.exploit-database.net/?id=48229",
"url": "https://www.exploit-database.net/?id=48229"
}
]
}

48
2013/4xxx/CVE-2013-4691.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4691",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sencha Labs Connect has XSS with connect.methodOverride()"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/senchalabs/connect/issues/831",
"refsource": "MISC",
"name": "http://github.com/senchalabs/connect/issues/831"
}
]
}

58
2013/4xxx/CVE-2013-4692.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4692",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/122224/Xorbin-Analog-Flash-Clock-1.0-For-Joomla-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/122224/Xorbin-Analog-Flash-Clock-1.0-For-Joomla-XSS.html"
},
{
"url": "http://www.securityfocus.com/bid/60860",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60860"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85418",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85418"
}
]
}

48
2013/4xxx/CVE-2013-4693.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4693",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WordPress Xorbin Digital Flash Clock 1.0 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/122223/Xorbin-Digital-Flash-Clock-1.0-For-WordPress-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/122223/Xorbin-Digital-Flash-Clock-1.0-For-WordPress-XSS.html"
}
]
}

53
2013/4xxx/CVE-2013-4695.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4695",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.exploit-db.com/exploits/26557",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/26557"
},
{
"url": "http://www.securitytracker.com/id/1030107",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1030107"
}
]
}

53
2013/4xxx/CVE-2013-4743.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4743",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Static HTTP Server 1.0 has a Local Overflow"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.exploit-db.com/exploits/26520",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/26520"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85417",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85417"
}
]
}

53
2013/4xxx/CVE-2013-4763.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4763",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/61280",
"url": "https://www.securityfocus.com/bid/61280"
}
]
}

53
2013/4xxx/CVE-2013-4764.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4764",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://shouji.360.cn/securityReportlist/CVE-2013-4764.html",
"refsource": "MISC",
"name": "http://shouji.360.cn/securityReportlist/CVE-2013-4764.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2013/Jul/107",
"url": "https://seclists.org/bugtraq/2013/Jul/107"
}
]
}

53
2013/4xxx/CVE-2013-4796.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4796",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/",
"refsource": "MISC",
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411"
}
]
}

53
2013/4xxx/CVE-2013-4859.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4859",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "INSTEON Hub 2242-222 lacks Web and API authentication"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86196",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86196"
},
{
"url": "http://www.exploit-db.com/exploits/27284",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/27284"
}
]
}

53
2013/4xxx/CVE-2013-4867.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4867",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.exploit-db.com/exploits/27285",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/27285"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86222",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86222"
}
]
}

58
2013/4xxx/CVE-2013-4868.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4868",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Karotz API 12.07.19.00: Session Token Information Disclosure"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.exploit-db.com/exploits/27285",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/27285"
},
{
"url": "http://www.securityfocus.com/bid/61584",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61584"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86221",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86221"
}
]
}

58
2013/4xxx/CVE-2013-4975.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4975",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hikvision DS-2CD7153-E IP Camera has Privilege Escalation"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities",
"refsource": "MISC",
"name": "http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities"
},
{
"url": "http://www.securityfocus.com/bid/61643",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61643"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86291",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86291"
}
]
}

58
2013/4xxx/CVE-2013-4976.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4976",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities",
"refsource": "MISC",
"name": "http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities"
},
{
"url": "http://www.securityfocus.com/bid/61646",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61646"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86293",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86293"
}
]
}

58
2013/4xxx/CVE-2013-4982.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4982",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AVTECH AVN801 DVR has a security bypass via the administration login captcha"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/62035",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62035"
},
{
"url": "http://seclists.org/fulldisclosure/2013/Aug/284",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Aug/284"
},
{
"refsource": "MISC",
"name": "https://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities",
"url": "https://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities"
}
]
}

58
2013/4xxx/CVE-2013-4985.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4985",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/63541",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/63541"
},
{
"url": "http://www.exploit-db.com/exploits/29516",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/29516"
},
{
"refsource": "MISC",
"name": "http://www.coresecurity.com/advisories/vivotek-ip-cameras-rtsp-authentication-bypass",
"url": "http://www.coresecurity.com/advisories/vivotek-ip-cameras-rtsp-authentication-bypass"
}
]
}

48
2013/5xxx/CVE-2013-5027.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5027",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Collabtive 1.0 has incorrect access control"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.immuniweb.com/advisory/HTB23169",
"url": "https://www.immuniweb.com/advisory/HTB23169"
}
]
}

58
2014/3xxx/CVE-2014-3136.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3136",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "68967",
"url": "https://www.securityfocus.com/bid/68967"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/cve/CVE-2014-3136",
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-3136"
},
{
"refsource": "XF",
"name": "95022",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95022"
}
]
}

48
2014/4xxx/CVE-2014-4519.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4519",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-conversador-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-conversador-a3-cross-site-scripting-xss"
}
]
}

48
2014/4xxx/CVE-2014-4523.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4523",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-easy-career-openings-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-easy-career-openings-a3-cross-site-scripting-xss"
}
]
}

53
2014/4xxx/CVE-2014-4525.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4525",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss"
},
{
"refsource": "CONFIRM",
"name": "http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog",
"url": "http://wordpress.org/plugins/ebay-feeds-for-wordpress/changelog"
}
]
}

48
2014/4xxx/CVE-2014-4535.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4535",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss"
}
]
}

53
2014/4xxx/CVE-2014-4536.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4536",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss"
},
{
"refsource": "CONFIRM",
"name": "http://wordpress.org/plugins/infusionsoft/changelog",
"url": "http://wordpress.org/plugins/infusionsoft/changelog"
}
]
}

48
2014/4xxx/CVE-2014-4539.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4539",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss"
}
]
}

48
2014/4xxx/CVE-2014-4544.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4544",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss"
}
]
}

48
2014/4xxx/CVE-2014-4548.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4548",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-ruven-toolkit-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-ruven-toolkit-a3-cross-site-scripting-xss"
}
]
}

48
2014/4xxx/CVE-2014-4550.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4550",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss"
}
]
}

48
2014/4xxx/CVE-2014-4558.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4558",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-woocommerce-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-woocommerce-a3-cross-site-scripting-xss"
}
]
}

48
2014/4xxx/CVE-2014-4559.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4559",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss"
}
]
}

53
2014/4xxx/CVE-2014-4567.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4567",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xss"
},
{
"refsource": "CONFIRM",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839986%40video-comments-webcam-recorder&old=686438%40video-comments-webcam-recorder"
}
]
}

48
2014/4xxx/CVE-2014-4592.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4592",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss",
"url": "http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss"
}
]
}

58
2014/5xxx/CVE-2014-5289.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5289",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/127912/Senkas-Kolibri-WebServer-2.0-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/127912/Senkas-Kolibri-WebServer-2.0-Buffer-Overflow.html"
},
{
"refsource": "BID",
"name": "69263",
"url": "http://www.securityfocus.com/bid/69263"
},
{
"refsource": "XF",
"name": "95350",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95350"
}
]
}

5
2014/6xxx/CVE-2014-6053.json
View File

@ -111,6 +111,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
}
]
}

53
2014/6xxx/CVE-2014-6420.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6420",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/128293/Livefyre-LiveComments-3.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/128293/Livefyre-LiveComments-3.0-Cross-Site-Scripting.html"
},
{
"refsource": "XF",
"name": "96037",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96037"
}
]
}

55
2015/5xxx/CVE-2015-5290.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5290",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ircd-ratbox",
"product": {
"product_data": [
{
"product_name": "ircd-ratbox",
"version": {
"version_data": [
{
"version_value": "3.0.9"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ircd-ratbox 3.0.9 mishandles the MONITOR command which allows remote attackers to cause a denial of service (system out-of-memory event)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2015-5290",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2015-5290"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5290",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5290"
}
]
}

58
2016/1000xxx/CVE-2016-1000028.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000028",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2016-11",
"url": "https://www.tenable.com/security/tns-2016-11"
},
{
"url": "http://www.securityfocus.com/bid/92134",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92134"
},
{
"url": "http://www.securitytracker.com/id/1036414",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036414"
}
]
}

58
2016/1000xxx/CVE-2016-1000029.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000029",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/92134",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/92134"
},
{
"url": "http://www.securitytracker.com/id/1036414",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1036414"
},
{
"url": "https://www.tenable.com/security/tns-2016-11",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2016-11"
}
]
}

48
2017/16xxx/CVE-2017-16778.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16778",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/breaktoprotect/CVE-2017-16778-Intercom-DTMF-Injection",
"url": "https://github.com/breaktoprotect/CVE-2017-16778-Intercom-DTMF-Injection"
}
]
}

129
2017/17xxx/CVE-2017-17168.json
View File

@ -1,17 +1,21 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17168",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DP300",
"product_name": "DP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981",
"version": {
"version_data": [
{
@ -64,35 +68,116 @@
},
{
"version_value": "V500R002C00SPCa00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00SPC200"
},
{
"version_value": "V600R006C00SPC300"
},
{
"version_value": "V600R006C00SPC400"
},
{
"version_value": "V600R006C00SPC500"
},
{
"version_value": "V100R001C10SPC300"
},
{
"version_value": "V100R001C10SPC500"
},
{
"version_value": "V100R001C10SPC600"
},
{
"version_value": "V100R001C10SPC700B010"
},
{
"version_value": "V500R002C00SPC700"
},
{
"version_value": "V500R002C00SPCb00"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V100R001C10B001"
},
{
"version_value": "V100R001C10B002"
},
{
"version_value": "V100R001C10B010"
},
{
"version_value": "V100R001C10B011"
},
{
"version_value": "V100R001C10B012"
},
{
"version_value": "V100R001C10B013"
},
{
"version_value": "V100R001C10B014"
},
{
"version_value": "V100R001C10B016"
},
{
"version_value": "V100R001C10B017"
},
{
"version_value": "V100R001C10B018"
},
{
"version_value": "V100R001C10B019"
},
{
"version_value": "V100R001C10SPC400"
},
{
"version_value": "V100R001C10SPC700"
},
{
"version_value": "V100R001C10SPC800B011"
},
{
"version_value": "V100R001C10SPC900"
},
{
"version_value": "V500R002C00SPCd00"
},
{
"version_value": "V500R002C00SPCe00"
},
{
"version_value": "V600R006C00SPC100"
},
{
"version_value": "V200R003C20SPC900"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
"value": "Input Validation"
}
]
}
@ -101,9 +186,17 @@
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900."
}
]
}

129
2017/17xxx/CVE-2017-17169.json
View File

@ -1,17 +1,21 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17169",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DP300",
"product_name": "DP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981",
"version": {
"version_data": [
{
@ -64,35 +68,116 @@
},
{
"version_value": "V500R002C00SPCa00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00SPC200"
},
{
"version_value": "V600R006C00SPC300"
},
{
"version_value": "V600R006C00SPC400"
},
{
"version_value": "V600R006C00SPC500"
},
{
"version_value": "V100R001C10SPC300"
},
{
"version_value": "V100R001C10SPC500"
},
{
"version_value": "V100R001C10SPC600"
},
{
"version_value": "V100R001C10SPC700B010"
},
{
"version_value": "V500R002C00SPC700"
},
{
"version_value": "V500R002C00SPCb00"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V100R001C10B001"
},
{
"version_value": "V100R001C10B002"
},
{
"version_value": "V100R001C10B010"
},
{
"version_value": "V100R001C10B011"
},
{
"version_value": "V100R001C10B012"
},
{
"version_value": "V100R001C10B013"
},
{
"version_value": "V100R001C10B014"
},
{
"version_value": "V100R001C10B016"
},
{
"version_value": "V100R001C10B017"
},
{
"version_value": "V100R001C10B018"
},
{
"version_value": "V100R001C10B019"
},
{
"version_value": "V100R001C10SPC400"
},
{
"version_value": "V100R001C10SPC700"
},
{
"version_value": "V100R001C10SPC800B011"
},
{
"version_value": "V100R001C10SPC900"
},
{
"version_value": "V500R002C00SPCd00"
},
{
"version_value": "V500R002C00SPCe00"
},
{
"version_value": "V600R006C00SPC100"
},
{
"version_value": "V200R003C20SPC900"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
"value": "Input Validation"
}
]
}
@ -101,9 +186,17 @@
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900."
}
]
}

129
2017/17xxx/CVE-2017-17170.json
View File

@ -1,17 +1,21 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17170",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DP300",
"product_name": "DP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981",
"version": {
"version_data": [
{
@ -64,35 +68,116 @@
},
{
"version_value": "V500R002C00SPCa00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00SPC200"
},
{
"version_value": "V600R006C00SPC300"
},
{
"version_value": "V600R006C00SPC400"
},
{
"version_value": "V600R006C00SPC500"
},
{
"version_value": "V100R001C10SPC300"
},
{
"version_value": "V100R001C10SPC500"
},
{
"version_value": "V100R001C10SPC600"
},
{
"version_value": "V100R001C10SPC700B010"
},
{
"version_value": "V500R002C00SPC700"
},
{
"version_value": "V500R002C00SPCb00"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V100R001C10B001"
},
{
"version_value": "V100R001C10B002"
},
{
"version_value": "V100R001C10B010"
},
{
"version_value": "V100R001C10B011"
},
{
"version_value": "V100R001C10B012"
},
{
"version_value": "V100R001C10B013"
},
{
"version_value": "V100R001C10B014"
},
{
"version_value": "V100R001C10B016"
},
{
"version_value": "V100R001C10B017"
},
{
"version_value": "V100R001C10B018"
},
{
"version_value": "V100R001C10B019"
},
{
"version_value": "V100R001C10SPC400"
},
{
"version_value": "V100R001C10SPC700"
},
{
"version_value": "V100R001C10SPC800B011"
},
{
"version_value": "V100R001C10SPC900"
},
{
"version_value": "V500R002C00SPCd00"
},
{
"version_value": "V500R002C00SPCe00"
},
{
"version_value": "V600R006C00SPC100"
},
{
"version_value": "V200R003C20SPC900"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
"value": "Input Validation"
}
]
}
@ -101,9 +186,17 @@
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900."
}
]
}

129
2017/17xxx/CVE-2017-17304.json
View File

@ -1,17 +1,21 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17304",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DP300",
"product_name": "DP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981",
"version": {
"version_data": [
{
@ -64,35 +68,116 @@
},
{
"version_value": "V500R002C00SPCa00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00SPC200"
},
{
"version_value": "V600R006C00SPC300"
},
{
"version_value": "V600R006C00SPC400"
},
{
"version_value": "V600R006C00SPC500"
},
{
"version_value": "V100R001C10SPC300"
},
{
"version_value": "V100R001C10SPC500"
},
{
"version_value": "V100R001C10SPC600"
},
{
"version_value": "V100R001C10SPC700B010"
},
{
"version_value": "V500R002C00SPC700"
},
{
"version_value": "V500R002C00SPCb00"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V100R001C10B001"
},
{
"version_value": "V100R001C10B002"
},
{
"version_value": "V100R001C10B010"
},
{
"version_value": "V100R001C10B011"
},
{
"version_value": "V100R001C10B012"
},
{
"version_value": "V100R001C10B013"
},
{
"version_value": "V100R001C10B014"
},
{
"version_value": "V100R001C10B016"
},
{
"version_value": "V100R001C10B017"
},
{
"version_value": "V100R001C10B018"
},
{
"version_value": "V100R001C10B019"
},
{
"version_value": "V100R001C10SPC400"
},
{
"version_value": "V100R001C10SPC700"
},
{
"version_value": "V100R001C10SPC800B011"
},
{
"version_value": "V100R001C10SPC900"
},
{
"version_value": "V500R002C00SPCd00"
},
{
"version_value": "V500R002C00SPCe00"
},
{
"version_value": "V600R006C00SPC100"
},
{
"version_value": "V200R003C20SPC900"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
"value": "Input Validation"
}
]
}
@ -101,9 +186,17 @@
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900."
}
]
}

25
2017/5xxx/CVE-2017-5645.json
View File

@ -246,6 +246,31 @@
"refsource": "MLIST",
"name": "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]",
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]",
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E"
}
]
}

48
2018/10xxx/CVE-2018-10387.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10387",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceforge.net/p/tftp-server/discussion/550564/thread/a586ce62/",
"url": "https://sourceforge.net/p/tftp-server/discussion/550564/thread/a586ce62/"
}
]
}

48
2018/10xxx/CVE-2018-10388.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10388",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceforge.net/p/tftp-server/discussion/550564/thread/a586ce62/",
"url": "https://sourceforge.net/p/tftp-server/discussion/550564/thread/a586ce62/"
}
]
}

48
2018/10xxx/CVE-2018-10389.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10389",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceforge.net/p/tftp-server/discussion/550564/thread/a586ce62/",
"url": "https://sourceforge.net/p/tftp-server/discussion/550564/thread/a586ce62/"
}
]
}

5
2018/10xxx/CVE-2018-10536.json
View File

@ -86,6 +86,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

5
2018/10xxx/CVE-2018-10537.json
View File

@ -86,6 +86,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

5
2018/10xxx/CVE-2018-10538.json
View File

@ -76,6 +76,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

5
2018/10xxx/CVE-2018-10539.json
View File

@ -76,6 +76,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

5
2018/10xxx/CVE-2018-10540.json
View File

@ -76,6 +76,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

7
2018/11xxx/CVE-2018-11116.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution."
"value": "** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately."
}
]
},
@ -56,6 +56,11 @@
"name": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html",
"refsource": "MISC",
"url": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html"
},
{
"refsource": "MISC",
"name": "https://forum.openwrt.org/t/rpcd-vulnerability-reported-on-vultdb/16497/3",
"url": "https://forum.openwrt.org/t/rpcd-vulnerability-reported-on-vultdb/16497/3"
}
]
}

10
2018/11xxx/CVE-2018-11784.json
View File

@ -203,6 +203,16 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4596",
"url": "https://www.debian.org/security/2019/dsa-4596"
},
{
"refsource": "BUGTRAQ",
"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
"url": "https://seclists.org/bugtraq/2019/Dec/43"
}
]
}

25
2018/13xxx/CVE-2018-13096.json
View File

@ -57,11 +57,6 @@
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3821-1/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200167",
"refsource": "MISC",
@ -77,6 +72,21 @@
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"refsource": "BUGTRAQ",
"name": "20190130 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)",
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:3202",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4094-1",
@ -86,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3"
}
]
}

25
2018/13xxx/CVE-2018-13097.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=78bbd741456e31e0acb983283a8d3993ba859c15",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=78bbd741456e31e0acb983283a8d3993ba859c15"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200171",
"refsource": "MISC",
@ -67,6 +62,21 @@
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"refsource": "BUGTRAQ",
"name": "20190130 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)",
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:3202",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"refsource": "UBUNTU",
"name": "USN-3932-1",
@ -86,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9dc956b2c8523aed39d1e6508438be9fea28c8fc",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9dc956b2c8523aed39d1e6508438be9fea28c8fc"
}
]
}

11
2018/13xxx/CVE-2018-13098.json
View File

@ -58,9 +58,9 @@
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200173"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad"
"refsource": "SUSE",
"name": "openSUSE-SU-2018:3202",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"refsource": "UBUNTU",
@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2"
}
]
}

30
2018/13xxx/CVE-2018-13099.json
View File

@ -67,11 +67,6 @@
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104680"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a"
},
{
"name": "DSA-4308",
"refsource": "DEBIAN",
@ -82,6 +77,26 @@
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200179"
},
{
"refsource": "BUGTRAQ",
"name": "20190130 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)",
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:3202",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"refsource": "BUGTRAQ",
"name": "20181001 [SECURITY] [DSA 4308-1] linux security update",
"url": "https://seclists.org/bugtraq/2018/Oct/4"
},
{
"refsource": "UBUNTU",
"name": "USN-3932-1",
@ -101,6 +116,11 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dbe38dc386910c668c75ae616b99b823b59f3eb",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dbe38dc386910c668c75ae616b99b823b59f3eb"
}
]
}

25
2018/13xxx/CVE-2018-13100.json
View File

@ -57,11 +57,6 @@
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104679"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200183",
"refsource": "MISC",
@ -72,6 +67,21 @@
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"refsource": "BUGTRAQ",
"name": "20190130 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)",
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:3202",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"refsource": "UBUNTU",
"name": "USN-3932-1",
@ -91,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42bf546c1fe3f3654bdf914e977acbc2b80a5be5",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42bf546c1fe3f3654bdf914e977acbc2b80a5be5"
}
]
}

53
2018/18xxx/CVE-2018-18288.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18288",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://il.linkedin.com/in/yuval-orenstein-9a6698106/",
"refsource": "MISC",
"name": "https://il.linkedin.com/in/yuval-orenstein-9a6698106/"
},
{
"refsource": "MISC",
"name": "https://www.crushftp.com/version8_build.html",
"url": "https://www.crushftp.com/version8_build.html"
}
]
}

5
2018/19xxx/CVE-2018-19840.json
View File

@ -91,6 +91,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

5
2018/19xxx/CVE-2018-19841.json
View File

@ -91,6 +91,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

86
2018/1xxx/CVE-2018-1934.json
View File

@ -1,17 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1934",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-19T00:00:00",
"ID": "CVE-2018-1934",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"UI": "R",
"SCORE": "4.300",
"A": "N",
"C": "N",
"S": "U",
"PR": "N",
"I": "L",
"AC": "L",
"AV": "N"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.2.2"
}
]
},
"product_name": "Cognos Business Intelligence"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1142626 (Cognos Business Intelligence)",
"name": "https://www.ibm.com/support/pages/node/1142626",
"url": "https://www.ibm.com/support/pages/node/1142626"
},
{
"refsource": "XF",
"name": "ibm-cognos-cve20181934-csrf (153179)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153179"
}
]
}

5
2018/20xxx/CVE-2018-20021.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2016-1] ssvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
}
]
}

5
2018/20xxx/CVE-2018-20022.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2016-1] ssvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
}
]
}

53
2018/20xxx/CVE-2018-20492.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20492",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"url": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/"
}
]
}

17
2018/21xxx/CVE-2018-21029.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "systemd 239 through 244 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend."
"value": "** DISPUTED ** systemd 239 through 244 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)."
}
]
},
@ -81,6 +81,21 @@
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/pull/13870",
"url": "https://github.com/systemd/systemd/pull/13870"
},
{
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207",
"url": "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207"
},
{
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207",
"url": "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207"
},
{
"refsource": "MISC",
"name": "https://tools.ietf.org/html/rfc7858#section-4.1",
"url": "https://tools.ietf.org/html/rfc7858#section-4.1"
}
]
}

5
2018/6xxx/CVE-2018-6767.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

5
2018/7xxx/CVE-2018-7225.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
}
]
}

5
2018/7xxx/CVE-2018-7253.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

5
2018/7xxx/CVE-2018-7254.json
View File

@ -86,6 +86,11 @@
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}

10
2018/8xxx/CVE-2018-8014.json
View File

@ -215,6 +215,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4596",
"url": "https://www.debian.org/security/2019/dsa-4596"
},
{
"refsource": "BUGTRAQ",
"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
"url": "https://seclists.org/bugtraq/2019/Dec/43"
}
]
}

10
2019/0xxx/CVE-2019-0199.json
View File

@ -178,6 +178,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3931",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"refsource": "DEBIAN",
"name": "DSA-4596",
"url": "https://www.debian.org/security/2019/dsa-4596"
},
{
"refsource": "BUGTRAQ",
"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
"url": "https://seclists.org/bugtraq/2019/Dec/43"
}
]
},

10
2019/0xxx/CVE-2019-0221.json
View File

@ -129,6 +129,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3931",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"refsource": "DEBIAN",
"name": "DSA-4596",
"url": "https://www.debian.org/security/2019/dsa-4596"
},
{
"refsource": "BUGTRAQ",
"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
"url": "https://seclists.org/bugtraq/2019/Dec/43"
}
]
},

50
2019/10xxx/CVE-2019-10758.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10758",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "mongo-express",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 0.54.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215",
"url": "https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment."
}
]
}

104
2019/11xxx/CVE-2019-11044.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "link() silently truncates after a null byte on Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"platform": "Windows",
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"platform": "Windows",
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Submitted by ryat at php.net"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170 Improper Null Termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78862",
"name": "https://bugs.php.net/bug.php?id=78862"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78862"
],
"discovery": "EXTERNAL"
}
}

106
2019/11xxx/CVE-2019-11045.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "DirectoryIterator class silently truncates after a null byte"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Submitted by ryat at php.net"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170 Improper Null Termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78863",
"name": "https://bugs.php.net/bug.php?id=78863"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78863"
],
"discovery": "EXTERNAL"
}
}

106
2019/11xxx/CVE-2019-11046.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Buffer underflow in bc_shift_addsub"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Submitted by thomas-josef dot riedmaier at siemens dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78878",
"name": "https://bugs.php.net/bug.php?id=78878"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78878"
],
"discovery": "EXTERNAL"
}
}

106
2019/11xxx/CVE-2019-11047.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Heap-buffer-overflow READ in exif"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19044"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78910",
"name": "https://bugs.php.net/bug.php?id=78910"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78910"
],
"discovery": "INTERNAL"
}
}

104
2019/11xxx/CVE-2019-11049.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "mail() may release string with refcount==1 twice"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"platform": "Windows",
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The issue affects Windows systems using mail() function where the headers could be externally controlled."
}
],
"credit": [
{
"lang": "eng",
"value": "Submitted by Christoph M. Becker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78943",
"name": "https://bugs.php.net/bug.php?id=78943"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78793"
],
"discovery": "INTERNAL"
}
}

106
2019/11xxx/CVE-2019-11050.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Use-after-free in exif parsing under memory sanitizer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Submitted by Nikita Popov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78793",
"name": "https://bugs.php.net/bug.php?id=78793"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78793"
],
"discovery": "INTERNAL"
}
}

5
2019/11xxx/CVE-2019-11109.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K54164678?utm_source=f5support&amp;utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K54164678?utm_source=f5support&amp;utm_medium=RSS"
}
]
},

5
2019/11xxx/CVE-2019-11165.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00284.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00284.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K07357521?utm_source=f5support&amp;utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K07357521?utm_source=f5support&amp;utm_medium=RSS"
}
]
},

5
2019/11xxx/CVE-2019-11477.json
View File

@ -226,6 +226,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"refsource": "CONFIRM",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
}
]
},

5
2019/12xxx/CVE-2019-12155.json
View File

@ -141,6 +141,11 @@
"refsource": "REDHAT",
"name": "RHBA-2019:3723",
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4344",
"url": "https://access.redhat.com/errata/RHSA-2019:4344"
}
]
}

10
2019/12xxx/CVE-2019-12211.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2031-1] freeimage security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00012.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4593",
"url": "https://www.debian.org/security/2019/dsa-4593"
},
{
"refsource": "BUGTRAQ",
"name": "20191229 [SECURITY] [DSA 4593-1] freeimage security update",
"url": "https://seclists.org/bugtraq/2019/Dec/45"
}
]
}

10
2019/12xxx/CVE-2019-12213.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2031-1] freeimage security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00012.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4593",
"url": "https://www.debian.org/security/2019/dsa-4593"
},
{
"refsource": "BUGTRAQ",
"name": "20191229 [SECURITY] [DSA 4593-1] freeimage security update",
"url": "https://seclists.org/bugtraq/2019/Dec/45"
}
]
}

10
2019/12xxx/CVE-2019-12397.json
View File

@ -53,6 +53,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20190808 CVE update - fixed in Apache Ranger 2.0.0",
"url": "http://www.openwall.com/lists/oss-security/2019/08/08/1"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20191229 [jira] [Created] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"url": "https://lists.apache.org/thread.html/ab2de1adad96f5dbd19d976b28715dfc60dbe75e82a74f48be8ef695@%3Cdev.ranger.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20191229 [jira] [Updated] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"url": "https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f@%3Cdev.ranger.apache.org%3E"
}
]
},

Some files were not shown because too many files have changed in this diff Show More