admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-26 16:01:18 +00:00
parent 30b95d92b7
commit 103711db00
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
30 changed files with 1207 additions and 519 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/8xxx/CVE-2017-8759.json
View File

@ -82,6 +82,11 @@
"name": "1039324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039324"
},
{
"refsource": "MISC",
"name": "https://github.com/GitHubAssessments/CVE_Assessments_01_2020",
"url": "https://github.com/GitHubAssessments/CVE_Assessments_01_2020"
}
]
}

5
2019/14xxx/CVE-2019-14615.json
View File

@ -98,6 +98,11 @@
"refsource": "UBUNTU",
"name": "USN-4287-1",
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
},

5
2019/15xxx/CVE-2019-15217.json
View File

@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/15xxx/CVE-2019-15220.json
View File

@ -116,6 +116,11 @@
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/15xxx/CVE-2019-15221.json
View File

@ -116,6 +116,11 @@
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/17xxx/CVE-2019-17351.json
View File

@ -81,6 +81,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/19xxx/CVE-2019-19051.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4225-2",
"url": "https://usn.ubuntu.com/4225-2/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/19xxx/CVE-2019-19056.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/19xxx/CVE-2019-19066.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/19xxx/CVE-2019-19068.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2675",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

5
2019/19xxx/CVE-2019-19965.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-4287-1",
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

66
2019/19xxx/CVE-2019-19986.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19987.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19988.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19989.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19989",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19990.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19991.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19991",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19992.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19992",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19993.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19993",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

66
2019/19xxx/CVE-2019-19994.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"url": "https://www.seling.it/",
"refsource": "MISC",
"name": "https://www.seling.it/"
},
{
"url": "https://www.seling.it/product/vam/",
"refsource": "MISC",
"name": "https://www.seling.it/product/vam/"
}
]
}

5
2019/20xxx/CVE-2019-20096.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-4287-1",
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
}

174
2019/4xxx/CVE-2019-4537.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"S" : "U",
"SCORE" : "5.300",
"AC" : "L",
"A" : "N",
"UI" : "N",
"PR" : "N",
"I" : "N",
"C" : "L"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Service Registry and Repository",
"version" : {
"version_data" : [
{
"version_value" : "8.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/3436359",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/3436359",
"title" : "IBM Security Bulletin 3436359 (WebSphere Service Registry and Repository)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165593",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-websphere-cve20194537-info-disc (165593)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4537",
"DATE_PUBLIC" : "2020-02-25T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"AV": "N",
"S": "U",
"SCORE": "5.300",
"AC": "L",
"A": "N",
"UI": "N",
"PR": "N",
"I": "N",
"C": "L"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Service Registry and Repository",
"version": {
"version_data": [
{
"version_value": "8.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/3436359",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/3436359",
"title": "IBM Security Bulletin 3436359 (WebSphere Service Registry and Repository)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165593",
"title": "X-Force Vulnerability Report",
"name": "ibm-websphere-cve20194537-info-disc (165593)"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4537",
"DATE_PUBLIC": "2020-02-25T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0"
}

178
2019/4xxx/CVE-2019-4596.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-02-25T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4596"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/3144369",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 3144369 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/3144369"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167879",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve20194596-xss (167879)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-25T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4596"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
"url": "https://www.ibm.com/support/pages/node/3144369",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 3144369 (Sterling B2B Integrator)",
"name": "https://www.ibm.com/support/pages/node/3144369"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167879",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve20194596-xss (167879)"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "5.2.6.5"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "R",
"A" : "N",
"C" : "L",
"PR" : "L",
"I" : "L",
"AV" : "N",
"S" : "C",
"SCORE" : "5.400",
"AC" : "L"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
},
"BM": {
"UI": "R",
"A": "N",
"C": "L",
"PR": "L",
"I": "L",
"AV": "N",
"S": "C",
"SCORE": "5.400",
"AC": "L"
}
}
},
"data_format": "MITRE",
"data_type": "CVE"
}

178
2019/4xxx/CVE-2019-4597.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-02-25T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4597"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/3145401",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/3145401",
"title" : "IBM Security Bulletin 3145401 (Sterling B2B Integrator)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve20194597-sql-injection (167880)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167880"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-02-25T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4597"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
"url": "https://www.ibm.com/support/pages/node/3145401",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/3145401",
"title": "IBM Security Bulletin 3145401 (Sterling B2B Integrator)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve20194597-sql-injection (167880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167880"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "5.2.6.5"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"AC" : "L",
"SCORE" : "6.300",
"S" : "U",
"AV" : "N",
"I" : "L",
"PR" : "L",
"C" : "L",
"A" : "L",
"UI" : "N"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"AC": "L",
"SCORE": "6.300",
"S": "U",
"AV": "N",
"I": "L",
"PR": "L",
"C": "L",
"A": "L",
"UI": "N"
}
}
},
"data_format": "MITRE",
"data_type": "CVE"
}

182
2019/4xxx/CVE-2019-4598.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2019-4598",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-02-25T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
}
]
}
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/3145065",
"title" : "IBM Security Bulletin 3145065 (Sterling B2B Integrator)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/3145065"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167881",
"refsource" : "XF",
"name" : "ibm-sterling-cve20194598-sql-injection (167881)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"SCORE" : "6.300",
"S" : "U",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"UI" : "N",
"A" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-4598",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-02-25T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "5.2.6.5"
}
]
}
}
]
}
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/3145065",
"title": "IBM Security Bulletin 3145065 (Sterling B2B Integrator)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/3145065"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167881",
"refsource": "XF",
"name": "ibm-sterling-cve20194598-sql-injection (167881)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"SCORE": "6.300",
"S": "U",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"UI": "N",
"A": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE"
}

182
2019/4xxx/CVE-2019-4726.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"SCORE" : "4.300",
"S" : "U",
"AV" : "N",
"I" : "L",
"PR" : "N",
"C" : "N",
"A" : "N",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-02-25T00:00:00",
"ID" : "CVE-2019-4726"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "5.2.6.5"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"SCORE": "4.300",
"S": "U",
"AV": "N",
"I": "L",
"PR": "N",
"C": "N",
"A": "N",
"UI": "R"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/3145833",
"title" : "IBM Security Bulletin 3145833 (Sterling B2B Integrator)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/3145833"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172363",
"name" : "ibm-sterling-cve20194726-csrf (172363)",
"title" : "X-Force Vulnerability Report"
}
]
}
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-02-25T00:00:00",
"ID": "CVE-2019-4726"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "5.2.6.5"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/3145833",
"title": "IBM Security Bulletin 3145833 (Sterling B2B Integrator)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/3145833"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172363",
"name": "ibm-sterling-cve20194726-csrf (172363)",
"title": "X-Force Vulnerability Report"
}
]
}
}

5
2019/5xxx/CVE-2019-5108.json
View File

@ -73,6 +73,11 @@
"refsource": "UBUNTU",
"name": "USN-4287-1",
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4286-2",
"url": "https://usn.ubuntu.com/4286-2/"
}
]
},

56
2020/8xxx/CVE-2020-8951.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8951",
"url": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8951"
}
]
}

56
2020/8xxx/CVE-2020-8952.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-8952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp timeOut parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8952",
"url": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8952"
}
]
}

61
2020/9xxx/CVE-2020-9274.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa",
"refsource": "MISC",
"name": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa"
},
{
"url": "https://www.pureftpd.org/project/pure-ftpd/news/",
"refsource": "MISC",
"name": "https://www.pureftpd.org/project/pure-ftpd/news/"
}
]
}