admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source 
"-Synchronized-Data."
This commit is contained in:
TWCERTCC - CNA 2021-11-15 17:24:55 +08:00 committed by GitHub
commit d783155e55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2526 changed files with 116025 additions and 7477 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2002/20xxx/CVE-2002-20001.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-20001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Balasys/dheater",
"refsource": "MISC",
"name": "https://github.com/Balasys/dheater"
},
{
"url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol",
"refsource": "MISC",
"name": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol"
},
{
"refsource": "MISC",
"name": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/",
"url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/"
},
{
"refsource": "MISC",
"name": "https://github.com/mozilla/ssl-config-generator/issues/162",
"url": "https://github.com/mozilla/ssl-config-generator/issues/162"
}
]
}
}

58
2010/2xxx/CVE-2010-2496.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2496",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-2496",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer."
}
]
}

63
2011/1xxx/CVE-2011-1075.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1075",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-1075",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FreeBSD/crontab",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://marc.info/?l=full-disclosure&m=129891323028897&w=2",
"url": "https://marc.info/?l=full-disclosure&m=129891323028897&w=2"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/02/28/14",
"url": "https://www.openwall.com/lists/oss-security/2011/02/28/14"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions."
}
]
}

63
2011/1xxx/CVE-2011-1497.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1497",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-1497",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "rails",
"version": {
"version_data": [
{
"version_value": "rails 3.0.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/04/06/13",
"url": "https://www.openwall.com/lists/oss-security/2011/04/06/13"
},
{
"refsource": "MISC",
"name": "https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG",
"url": "https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6."
}
]
}

58
2011/2xxx/CVE-2011-2195.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2195",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-2195",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "websvn",
"version": {
"version_data": [
{
"version_value": "websvn 2.3.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2011/Jun/34",
"url": "https://seclists.org/bugtraq/2011/Jun/34"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system."
}
]
}

68
2011/4xxx/CVE-2011-4119.json
View File

@ -1,17 +1,71 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4119",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4119",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "caml-light",
"version": {
"version_data": [
{
"version_value": "caml-light <= 0.75"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2011/q4/249",
"url": "https://seclists.org/oss-sec/2011/q4/249"
},
{
"refsource": "MISC",
"name": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html",
"url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
},
{
"refsource": "MISC",
"name": "http://gnats.netbsd.org/45558",
"url": "http://gnats.netbsd.org/45558"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install."
}
]
}

73
2011/4xxx/CVE-2011-4124.json
View File

@ -1,17 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4124",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4124",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Calibre",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/calibre/+bug/885027",
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"refsource": "MISC",
"name": "https://lwn.net/Articles/464824/",
"url": "https://lwn.net/Articles/464824/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges."
}
]
}

73
2011/4xxx/CVE-2011-4125.json
View File

@ -1,17 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4125",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4125",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Calibre",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/calibre/+bug/885027",
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"refsource": "MISC",
"name": "https://lwn.net/Articles/464824/",
"url": "https://lwn.net/Articles/464824/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root."
}
]
}

73
2011/4xxx/CVE-2011-4126.json
View File

@ -1,17 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4126",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4126",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Calibre",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/calibre/+bug/885027",
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"refsource": "MISC",
"name": "https://lwn.net/Articles/464824/",
"url": "https://lwn.net/Articles/464824/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere."
}
]
}

58
2011/4xxx/CVE-2011-4574.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4574",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4574",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "PolarSSL",
"version": {
"version_data": [
{
"version_value": "PolarSSL 1.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02",
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
}
]
}

15
2013/0xxx/CVE-2013-0340.json
View File

@ -156,6 +156,21 @@
"refsource": "MLIST",
"name": "[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
"url": "http://www.openwall.com/lists/oss-security/2021/10/07/4"
},
{
"refsource": "FULLDISC",
"name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
"url": "http://seclists.org/fulldisclosure/2021/Oct/62"
},
{
"refsource": "FULLDISC",
"name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
"url": "http://seclists.org/fulldisclosure/2021/Oct/63"
},
{
"refsource": "FULLDISC",
"name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
"url": "http://seclists.org/fulldisclosure/2021/Oct/61"
}
]
}

5
2014/0xxx/CVE-2014-0107.json
View File

@ -241,6 +241,11 @@
"refsource": "MLIST",
"name": "[tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107",
"url": "https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

25
2014/3xxx/CVE-2014-3004.json
View File

@ -52,21 +52,11 @@
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html"
},
{
"name": "openSUSE-SU-2014:0822",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811"
},
{
"name": "20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks",
"refsource": "FULLDISC",
@ -86,6 +76,21 @@
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811"
}
]
}

18
2015/20xxx/CVE-2015-20019.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-20019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2015/20xxx/CVE-2015-20067.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-20067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2016/0xxx/CVE-2016-0762.json
View File

@ -179,6 +179,11 @@
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2016/1000xxx/CVE-2016-1000031.json
View File

@ -161,6 +161,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2016/1xxx/CVE-2016-1575.json
View File

@ -76,6 +76,11 @@
"name": "[oss-security] 20160224 User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/24/7"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up",
"url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
}
]
}

5
2016/1xxx/CVE-2016-1576.json
View File

@ -86,6 +86,11 @@
"name": "http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/",
"refsource": "MISC",
"url": "http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up",
"url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
}
]
}

5
2016/2xxx/CVE-2016-2183.json
View File

@ -441,6 +441,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2016/2xxx/CVE-2016-2853.json
View File

@ -71,6 +71,11 @@
"name": "[aufs] 20160219 aufs3 and aufs4 GIT release",
"refsource": "MLIST",
"url": "https://sourceforge.net/p/aufs/mailman/message/34864744/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up",
"url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
}
]
}

5
2016/3xxx/CVE-2016-3976.json
View File

@ -76,6 +76,11 @@
"name": "39996",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39996/"
},
{
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2234971",
"url": "https://launchpad.support.sap.com/#/notes/2234971"
}
]
}

25
2016/5xxx/CVE-2016-5018.json
View File

@ -80,11 +80,6 @@
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93942"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name": "RHSA-2017:1552",
"refsource": "REDHAT",
@ -185,11 +180,6 @@
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
"url": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
@ -209,6 +199,21 @@
"refsource": "UBUNTU",
"name": "USN-4557-1",
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
"url": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html"
}
]
}

15
2016/6xxx/CVE-2016-6794.json
View File

@ -65,11 +65,6 @@
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name": "[announce] 20161027 [SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure",
"refsource": "MLIST",
@ -184,6 +179,16 @@
"refsource": "UBUNTU",
"name": "USN-4557-1",
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

15
2016/6xxx/CVE-2016-6796.json
View File

@ -85,11 +85,6 @@
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93944"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name": "RHSA-2017:1552",
"refsource": "REDHAT",
@ -214,6 +209,16 @@
"refsource": "UBUNTU",
"name": "USN-4557-1",
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

15
2016/6xxx/CVE-2016-6797.json
View File

@ -70,11 +70,6 @@
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93940"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name": "[announce] 20161027 [SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources",
"refsource": "MLIST",
@ -184,6 +179,16 @@
"refsource": "UBUNTU",
"name": "USN-4557-1",
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2016/9xxx/CVE-2016-9563.json
View File

@ -61,6 +61,11 @@
"name": "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/"
},
{
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2296909",
"url": "https://launchpad.support.sap.com/#/notes/2296909"
}
]
}

95
2017/20xxx/CVE-2017-20007.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-20T09:00:00.000Z",
"ID": "CVE-2017-20007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Information Exposure in INGEPAC DA AU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "INGEPAC DA AU",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "AUC_1.13.0.28",
"version_value": "AUC_1.13.0.28"
}
]
}
}
]
},
"vendor_name": "Ingeteam"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Industrial Cybersecurity team of S21sec, special mention to Jacinto Moral Matell\u00e1n."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device\u00b4s web service could exploit this vulnerability in order to obtain different configuration files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All the firmware versions from AUC_1.14.0.29 fix this issue."
}
],
"source": {
"advisory": "INCIBE-2021-0429",
"discovery": "EXTERNAL"
}
}

5
2017/5xxx/CVE-2017-5645.json
View File

@ -451,6 +451,11 @@
"refsource": "MLIST",
"name": "[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645",
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3Cgithub.beam.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

2
2017/5xxx/CVE-2017-5991.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation."
"value": "An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected."
}
]
},

5
2017/7xxx/CVE-2017-7655.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2793-1] mosquitto security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00022.html"
}
]
}

5
2017/9xxx/CVE-2017-9216.json
View File

@ -61,6 +61,11 @@
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697934",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697934"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211028 [SECURITY] [DLA 2796-1] jbig2dec security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html"
}
]
}

25
2017/9xxx/CVE-2017-9841.json
View File

@ -57,26 +57,31 @@
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101798"
},
{
"name": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5",
"refsource": "MISC",
"url": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5"
},
{
"name": "1039812",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039812"
},
{
"name": "https://github.com/sebastianbergmann/phpunit/pull/1956",
"refsource": "MISC",
"url": "https://github.com/sebastianbergmann/phpunit/pull/1956"
},
{
"name": "GLSA-201711-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-15"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5",
"refsource": "MISC",
"url": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5"
},
{
"name": "https://github.com/sebastianbergmann/phpunit/pull/1956",
"refsource": "MISC",
"url": "https://github.com/sebastianbergmann/phpunit/pull/1956"
},
{
"refsource": "MISC",
"name": "http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/",

5
2018/1000xxx/CVE-2018-1000168.json
View File

@ -79,6 +79,11 @@
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211017 [SECURITY] [DLA 2786-1] nghttp2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"
}
]
}

5
2018/10xxx/CVE-2018-10237.json
View File

@ -306,6 +306,11 @@
"refsource": "MLIST",
"name": "[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version",
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2018/11xxx/CVE-2018-11039.json
View File

@ -104,6 +104,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2018/11xxx/CVE-2018-11040.json
View File

@ -99,6 +99,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

27
2018/12xxx/CVE-2018-12542.json
View File

@ -11,18 +11,23 @@
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "Eclipse Vert.x",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_affected": ">=",
"version_value": "3.0"
},
{
"version_affected": "<=",
"version_value": "3.5.3"
}
]
}
}
]
},
"vendor_name": "n/a"
"vendor_name": "The Eclipse Foundation"
}
]
}
@ -38,6 +43,12 @@
}
]
},
"credit": [
{
"lang": "eng",
"value": "Vishwanath Viraktamath"
}
],
"problemtype": {
"problemtype_data": [
{
@ -52,6 +63,11 @@
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://github.com/vert-x3/vertx-web/issues/1025",
"refsource": "CONFIRM",
@ -61,11 +77,6 @@
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}

5
2018/12xxx/CVE-2018-12613.json
View File

@ -81,6 +81,11 @@
"refsource": "GENTOO",
"name": "GLSA-201904-16",
"url": "https://security.gentoo.org/glsa/201904-16"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html"
}
]
}

5
2018/12xxx/CVE-2018-12895.json
View File

@ -76,6 +76,11 @@
"name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1452-1] wordpress security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00046.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.html",
"url": "http://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.html"
}
]
}

5
2018/13xxx/CVE-2018-13982.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2618-3] smarty3 regression update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html"
}
]
}

5
2018/14xxx/CVE-2018-14550.json
View File

@ -71,6 +71,11 @@
"url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token",
"refsource": "MISC",
"name": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

14
2018/14xxx/CVE-2018-14640.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14640",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-14640",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}

5
2018/15xxx/CVE-2018-15756.json
View File

@ -181,6 +181,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

53
2018/16xxx/CVE-2018-16060.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16060",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html",
"url": "http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html"
}
]
}

53
2018/16xxx/CVE-2018-16061.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16061",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html"
}
]
}

5
2018/17xxx/CVE-2018-17937.json
View File

@ -72,6 +72,11 @@
"refsource": "GENTOO",
"name": "GLSA-202009-17",
"url": "https://security.gentoo.org/glsa/202009-17"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211029 [SECURITY] [DLA 2795-1] gpsd security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html"
}
]
}

14
2018/1xxx/CVE-2018-1105.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1105",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1105",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

5
2018/1xxx/CVE-2018-1257.json
View File

@ -102,6 +102,11 @@
"name": "https://pivotal.io/security/cve-2018-1257",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1257"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2018/1xxx/CVE-2018-1258.json
View File

@ -128,6 +128,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2018/1xxx/CVE-2018-1270.json
View File

@ -127,6 +127,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2018/1xxx/CVE-2018-1271.json
View File

@ -102,6 +102,11 @@
"name": "https://pivotal.io/security/cve-2018-1271",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1271"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2018/1xxx/CVE-2018-1272.json
View File

@ -97,6 +97,11 @@
"name": "https://pivotal.io/security/cve-2018-1272",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1272"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2018/1xxx/CVE-2018-1275.json
View File

@ -117,6 +117,11 @@
"name": "https://pivotal.io/security/cve-2018-1275",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1275"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

15
2018/20xxx/CVE-2018-20031.json
View File

@ -44,15 +44,20 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"refsource": "BID",
"name": "109155",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
]
},

15
2018/20xxx/CVE-2018-20032.json
View File

@ -44,15 +44,20 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"refsource": "BID",
"name": "109155",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
]
},

5
2018/20xxx/CVE-2018-20033.json
View File

@ -62,6 +62,11 @@
"refsource": "BID",
"name": "109155",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

15
2018/20xxx/CVE-2018-20034.json
View File

@ -44,15 +44,20 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"refsource": "BID",
"name": "109155",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
]
},

5
2018/20xxx/CVE-2018-20199.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-202006-17",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
}
]
}

5
2018/20xxx/CVE-2018-20360.json
View File

@ -66,6 +66,11 @@
"refsource": "GENTOO",
"name": "GLSA-202006-17",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
}
]
}

5
2018/20xxx/CVE-2018-20843.json
View File

@ -147,6 +147,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-11",

5
2018/25xxx/CVE-2018-25010.json
View File

@ -73,6 +73,11 @@
"refsource": "FULLDISC",
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211112-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
}
]
},

5
2018/25xxx/CVE-2018-25012.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211112-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
}
]
},

5
2018/25xxx/CVE-2018-25013.json
View File

@ -63,6 +63,11 @@
"refsource": "DEBIAN",
"name": "DSA-4930",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211112-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
}
]
},

18
2018/25xxx/CVE-2018-25019.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2018/8xxx/CVE-2018-8032.json
View File

@ -102,6 +102,11 @@
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2018/8xxx/CVE-2018-8088.json
View File

@ -351,6 +351,11 @@
"refsource": "MLIST",
"name": "[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088",
"url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541@%3Cissues.flink.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2019/0xxx/CVE-2019-0227.json
View File

@ -88,6 +88,11 @@
"refsource": "MLIST",
"name": "[axis-java-user] 20210928 [Axis2] Migration Issues",
"url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd@%3Cjava-user.axis.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/0xxx/CVE-2019-0228.json
View File

@ -98,6 +98,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/0xxx/CVE-2019-0230.json
View File

@ -83,6 +83,11 @@
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/0xxx/CVE-2019-0233.json
View File

@ -63,6 +63,11 @@
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/10xxx/CVE-2019-10082.json
View File

@ -113,6 +113,11 @@
"refsource": "MLIST",
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/10xxx/CVE-2019-10086.json
View File

@ -298,6 +298,11 @@
"refsource": "MLIST",
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/11xxx/CVE-2019-11358.json
View File

@ -396,6 +396,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

25
2019/12xxx/CVE-2019-12400.json
View File

@ -47,11 +47,6 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2",
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2"
},
{
"refsource": "MLIST",
"name": "[santuario-dev] 20190905 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
@ -62,11 +57,6 @@
"name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190910-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0806",
@ -111,6 +101,21 @@
"refsource": "MLIST",
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2",
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190910-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
}
]
},

5
2019/12xxx/CVE-2019-12402.json
View File

@ -178,6 +178,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/12xxx/CVE-2019-12415.json
View File

@ -103,6 +103,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/13xxx/CVE-2019-13990.json
View File

@ -121,6 +121,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2019/14xxx/CVE-2019-14900.json
View File

@ -54,6 +54,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"refsource": "MLIST",
"name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"
}
]
},

35
2019/16xxx/CVE-2019-16775.json
View File

@ -71,21 +71,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx",
"refsource": "CONFIRM",
"url": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx"
},
{
"name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli",
"refsource": "MISC",
"url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0059",
@ -120,6 +105,26 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0602",
"url": "https://access.redhat.com/errata/RHSA-2020:0602"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx",
"refsource": "CONFIRM",
"url": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx"
},
{
"name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli",
"refsource": "MISC",
"url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli"
}
]
},

5
2019/17xxx/CVE-2019-17195.json
View File

@ -116,6 +116,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2019/17xxx/CVE-2019-17566.json
View File

@ -73,6 +73,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

15
2019/17xxx/CVE-2019-17567.json
View File

@ -209,11 +209,6 @@
"name": "[oss-security] 20210609 CVE-2019-17567: Apache httpd: mod_proxy_wstunnel tunneling of non Upgraded connections",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/2"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210702-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-38",
@ -228,6 +223,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-e3f6dd670d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210702-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
}
]
},

20
2019/17xxx/CVE-2019-17571.json
View File

@ -578,6 +578,26 @@
"refsource": "MLIST",
"name": "[bookkeeper-commits] 20211014 [bookkeeper] branch master updated: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571 (#2816)",
"url": "https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc@%3Ccommits.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20211016 [GitHub] [bookkeeper] pkumar-singh commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20211017 [GitHub] [bookkeeper] eolivelli commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20211017 [GitHub] [bookkeeper] zymap commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20211018 [GitHub] [bookkeeper] RaulGracia commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767@%3Cissues.bookkeeper.apache.org%3E"
}
]
},

23
2019/18xxx/CVE-2019-18413.json
View File

@ -58,10 +58,29 @@
"name": "https://github.com/typestack/class-validator/issues/438"
},
{
"url": "https://github.com/typestack/class-validator#passing-options",
"refsource": "MISC",
"name": "https://github.com/typestack/class-validator#passing-options",
"url": "https://github.com/typestack/class-validator#passing-options"
"name": "https://github.com/typestack/class-validator#passing-options"
},
{
"url": "https://github.com/typestack/class-validator/issues/438#issuecomment-964728471",
"refsource": "MISC",
"name": "https://github.com/typestack/class-validator/issues/438#issuecomment-964728471"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

61
2019/19xxx/CVE-2019-19810.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.zoom.us/hc/en-us/articles/201362473-Local-Recording",
"refsource": "MISC",
"name": "https://support.zoom.us/hc/en-us/articles/201362473-Local-Recording"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording"
}
]
}

5
2019/20xxx/CVE-2019-20388.json
View File

@ -96,6 +96,11 @@
"refsource": "GENTOO",
"name": "GLSA-202010-04",
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

114
2019/3xxx/CVE-2019-3556.json
View File

@ -1,8 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-01-09",
"ID": "CVE-2019-3556",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.83.1"
},
{
"version_affected": ">=",
"version_value": "4.83.0"
},
{
"version_affected": "!>=",
"version_value": "4.82.1"
},
{
"version_affected": ">=",
"version_value": "4.82.0"
},
{
"version_affected": "!>=",
"version_value": "4.81.1"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.1"
},
{
"version_affected": ">=",
"version_value": "4.80.0"
},
{
"version_affected": "!>=",
"version_value": "4.79.1"
},
{
"version_affected": ">=",
"version_value": "4.79.0"
},
{
"version_affected": "!>=",
"version_value": "4.78.1"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.2"
},
{
"version_affected": "<",
"version_value": "4.56.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +88,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HHVM supports the use of an \"admin\" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://hhvm.com/blog/2020/11/12/security-update.html",
"url": "https://hhvm.com/blog/2020/11/12/security-update.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
"url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
},
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-3556",
"url": "https://www.facebook.com/security/advisories/cve-2019-3556"
}
]
}

5
2019/3xxx/CVE-2019-3738.json
View File

@ -90,6 +90,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2019/3xxx/CVE-2019-3739.json
View File

@ -85,6 +85,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2019/3xxx/CVE-2019-3740.json
View File

@ -85,6 +85,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2019/5xxx/CVE-2019-5427.json
View File

@ -78,6 +78,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
},

5
2019/6xxx/CVE-2019-6956.json
View File

@ -71,6 +71,11 @@
"refsource": "GENTOO",
"name": "GLSA-202006-17",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
}
]
}

5
2019/7xxx/CVE-2019-7317.json
View File

@ -256,6 +256,11 @@
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

51
2020/10xxx/CVE-2020-10005.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "11.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged network position may be able to perform denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211931",
"name": "https://support.apple.com/en-us/HT211931"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service."
}
]
}

5
2020/10xxx/CVE-2020-10543.json
View File

@ -106,6 +106,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2020/10xxx/CVE-2020-10672.json
View File

@ -86,6 +86,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2020/10xxx/CVE-2020-10673.json
View File

@ -86,6 +86,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2020/10xxx/CVE-2020-10683.json
View File

@ -136,6 +136,11 @@
"refsource": "MLIST",
"name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

5
2020/10xxx/CVE-2020-10878.json
View File

@ -111,6 +111,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}

Some files were not shown because too many files have changed in this diff Show More