admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-09 21:01:05 +00:00
parent 20b14abd14
commit 0eb1080877
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 1027 additions and 756 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/16xxx/CVE-2018-16530.json
View File

@ -11,7 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Forcepoint",
"product": {
"product_data": [
{

76
2018/1xxx/CVE-2018-1356.json
View File

@ -1,17 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1356",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2018-1356",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSandbox",
"version": {
"version_data": [
{
"version_value": "2.5.2"
},
{
"version_value": "2.5.1"
},
{
"version_value": "2.5.0"
},
{
"version_value": "2.4.1"
},
{
"version_value": "2.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-18-024",
"url": "https://fortiguard.com/advisory/FG-IR-18-024"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component."
}
]
}

6
2019/0xxx/CVE-2019-0869.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \u0027Azure DevOps Server HTML Injection Vulnerability\u0027."
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0869"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0869",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0869"
}
]
}

6
2019/0xxx/CVE-2019-0870.json
View File

@ -57,7 +57,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
}
]
},
@ -76,7 +76,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
}
]
}

6
2019/0xxx/CVE-2019-0871.json
View File

@ -57,7 +57,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
}
]
},
@ -76,7 +76,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
}
]
}

6
2019/0xxx/CVE-2019-0874.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0874"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0874",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0874"
}
]
}

6
2019/0xxx/CVE-2019-0875.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka \u0027Azure DevOps Server Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0875"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0875",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0875"
}
]
}

6
2019/0xxx/CVE-2019-0876.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka \u0027Open Enclave SDK Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0876"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0876",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0876"
}
]
}

6
2019/0xxx/CVE-2019-0877.json
View File

@ -152,7 +152,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \u0027Jet Database Engine Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879."
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879."
}
]
},
@ -171,7 +171,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0877"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0877",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0877"
}
]
}

6
2019/0xxx/CVE-2019-0879.json
View File

@ -152,7 +152,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \u0027Jet Database Engine Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877."
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877."
}
]
},
@ -171,7 +171,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0879"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0879",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0879"
}
]
}

3
2019/3xxx/CVE-2019-3842.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3842",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

78
2019/5xxx/CVE-2019-5585.json
View File

@ -1,17 +1,75 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5585",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5585",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiClientMac",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "107693",
"url": "http://www.securityfocus.com/bid/107693"
},
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-19-003",
"url": "https://fortiguard.com/advisory/FG-IR-19-003"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes."
}
]
}

67
2019/6xxx/CVE-2019-6140.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6140",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6140",
"ASSIGNER": "psirt@forcepoint.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Forcepoint",
"product": {
"product_data": [
{
"product_name": "Forcepoint Email Security",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "8.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.forcepoint.com/KBArticle?id=000016668",
"url": "https://support.forcepoint.com/KBArticle?id=000016668"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed."
}
]
}

64
2019/8xxx/CVE-2019-8456.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8456",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-8456",
"ASSIGNER": "cve@checkpoint.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Check Point",
"product": {
"product_data": [
{
"product_name": "Check Point IPsec VPN",
"version": {
"version_data": [
{
"version_value": "Up to R80.30"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk149892",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk149892"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server."
}
]
}

69
2019/9xxx/CVE-2019-9696.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9696",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-9696",
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Symantec",
"product": {
"product_data": [
{
"product_name": "Symantec VIP Enterprise Gateway",
"version": {
"version_data": [
{
"version_value": "All EG Versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/en_US/article.SYMSA1477.html",
"url": "https://support.symantec.com/en_US/article.SYMSA1477.html"
},
{
"refsource": "BID",
"name": "107692",
"url": "http://www.securityfocus.com/bid/107692"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
]
}