admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-20 19:00:59 +00:00
parent 757ccad00f
commit 12d3ce2490
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 263 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2018/17xxx/CVE-2018-17789.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17789",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prospecta Master Data Online (MDO) allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154498/Master-Data-Online-Cross-Site-Request-Forgery-Data-Tampering.html",
"url": "http://packetstormsecurity.com/files/154498/Master-Data-Online-Cross-Site-Request-Forgery-Data-Tampering.html"
}
]
}

20
2019/11xxx/CVE-2019-11280.json
View File

@ -16,6 +16,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Pivotal",
"product": {
"product_data": [
{
@ -23,31 +24,22 @@
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.5",
"version_value": "2.5.10"
"version_value": "2.3.x prior to 2.3.18"
},
{
"affected": "<",
"version_name": "2.6",
"version_value": "2.6.5"
"version_value": "2.4.x prior to 2.4.14"
},
{
"affected": "<",
"version_name": "2.3",
"version_value": "2.3.18"
"version_value": "2.5.x prior to 2.5.10"
},
{
"affected": "<",
"version_name": "2.4",
"version_value": "2.4.14"
"version_value": "2.6.x prior to 2.6.5"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
}
]
}

56
2019/11xxx/CVE-2019-11326.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://mezdanak.de/2019/06/21/iot-full-disclosure-topcon-positioning-net-g5-receiver/",
"url": "https://mezdanak.de/2019/06/21/iot-full-disclosure-topcon-positioning-net-g5-receiver/"
}
]
}

56
2019/11xxx/CVE-2019-11327.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://mezdanak.de/2019/06/21/iot-full-disclosure-topcon-positioning-net-g5-receiver/",
"url": "https://mezdanak.de/2019/06/21/iot-full-disclosure-topcon-positioning-net-g5-receiver/"
}
]
}

7
2019/14xxx/CVE-2019-14814.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14814",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -54,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel,allows local users to cause a denial of service(system crash) or possibly execute arbitrary code."
"value": "There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code."
}
]
},
@ -68,4 +69,4 @@
]
]
}
}
}

37
2019/14xxx/CVE-2019-14816.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14816",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -43,10 +44,40 @@
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver",
"url": "http://www.openwall.com/lists/oss-security/2019/08/28/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-4c91a2f76e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-97380355ae",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816",
"refsource": "CONFIRM"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/08/28/1",
"url": "https://www.openwall.com/lists/oss-security/2019/08/28/1"
},
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3",
"url": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2019-14816",
"url": "https://access.redhat.com/security/cve/cve-2019-14816"
}
]
},
@ -54,7 +85,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, allows local users to cause a denial of service(system crash) or possibly execute arbitrary code."
"value": "There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code."
}
]
},
@ -68,4 +99,4 @@
]
]
}
}
}

62
2019/16xxx/CVE-2019-16645.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection",
"refsource": "MISC",
"name": "https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection"
}
]
}
}

5
2019/5xxx/CVE-2019-5521.json
View File

@ -73,6 +73,11 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757"
},
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0012.html",

17
2019/5xxx/CVE-2019-5531.json
View File

@ -19,13 +19,13 @@
"version": {
"version_data": [
{
"version_value": "6.7 prior to ESXi670-201904101-SG"
"version_value": "6.7 prior to ESXi670-201810101-SG"
},
{
"version_value": "6.5 prior to ESXi650-201907101-SG"
"version_value": "6.5 prior to ESXi650-201811102-SG"
},
{
"version_value": "6.0 prior to ESXi600-201909001"
"version_value": "6.0 prior to ESXi600-201807103-SG"
}
]
}
@ -68,13 +68,8 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
}
]
},
@ -82,7 +77,7 @@
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere ESXi (6.7 prior to ESXi670-201904101-SG, 6.5 prior to ESXi650-201907101-SG, 6.0 prior to ESXi600-201909001) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user\u2019s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out."
"value": "VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user\u2019s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out."
}
]
}