admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-21 16:01:16 +00:00
parent e1b9edb67a
commit d31550fb18
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 415 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2011/5xxx/CVE-2011-5282.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-5282",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mIRC",
"product": {
"product_data": [
{
"product_name": "mIRC",
"version": {
"version_data": [
{
"version_value": "prior to 7.22"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "data leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.mirc.com/news.html",
"refsource": "MISC",
"name": "http://www.mirc.com/news.html"
}
]
}

53
2012/5xxx/CVE-2012-5190.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5190",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/57242",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57242"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81163",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81163"
}
]
}

10
2018/11xxx/CVE-2018-11778.json
View File

@ -62,6 +62,16 @@
"name": "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0",
"refsource": "MLIST",
"url": "https://seclists.org/oss-sec/2018/q4/11"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E"
}
]
}

10
2019/12xxx/CVE-2019-12397.json
View File

@ -63,6 +63,16 @@
"refsource": "MLIST",
"name": "[ranger-dev] 20191229 [jira] [Updated] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"url": "https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f@%3Cdev.ranger.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E"
}
]
},

5
2019/12xxx/CVE-2019-12838.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2536",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0085",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html"
}
]
},

67
2019/14xxx/CVE-2019-14765.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dimo-crm.fr/blog-crm/",
"refsource": "MISC",
"name": "https://www.dimo-crm.fr/blog-crm/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305",
"url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305"
}
]
}
}

67
2019/14xxx/CVE-2019-14766.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dimo-crm.fr/blog-crm/",
"refsource": "MISC",
"name": "https://www.dimo-crm.fr/blog-crm/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305",
"url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305"
}
]
}
}

72
2019/14xxx/CVE-2019-14767.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dimo-crm.fr/blog-crm/",
"refsource": "MISC",
"name": "https://www.dimo-crm.fr/blog-crm/"
},
{
"url": "https://www.elysium-security.com/sitemap.php",
"refsource": "MISC",
"name": "https://www.elysium-security.com/sitemap.php"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305",
"url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305"
}
]
}
}

67
2019/14xxx/CVE-2019-14768.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dimo-crm.fr/blog-crm/",
"refsource": "MISC",
"name": "https://www.dimo-crm.fr/blog-crm/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305",
"url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305"
}
]
}
}

5
2019/19xxx/CVE-2019-19727.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://www.schedmd.com/news.php",
"url": "https://www.schedmd.com/news.php"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0085",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html"
}
]
}

5
2019/19xxx/CVE-2019-19728.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://www.schedmd.com/news.php",
"url": "https://www.schedmd.com/news.php"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0085",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html"
}
]
}

3
2019/3xxx/CVE-2019-3864.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3864",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

5
2019/5xxx/CVE-2019-5068.json
View File

@ -53,6 +53,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191115 [SECURITY] [DLA 1993-1] mesa security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0084",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html"
}
]
},

17
2020/2xxx/CVE-2020-2604.json
View File

@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
"value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
@ -71,21 +71,6 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0122",
"url": "https://access.redhat.com/errata/RHSA-2020:0122"
},
{
"refsource": "DEBIAN",
"name": "DSA-4605",
"url": "https://www.debian.org/security/2020/dsa-4605"
},
{
"refsource": "BUGTRAQ",
"name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
"url": "https://seclists.org/bugtraq/2020/Jan/24"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0157",
"url": "https://access.redhat.com/errata/RHSA-2020:0157"
}
]
}