admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-10 19:00:46 +00:00
parent 29a2f5ae08
commit 1315c3c29e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 357 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
2008/7xxx/CVE-2008-7220.json
View File

@ -111,6 +111,21 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
]
}

15
2015/9xxx/CVE-2015-9251.json
View File

@ -116,6 +116,21 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
]
}

15
2018/14xxx/CVE-2018-14040.json
View File

@ -86,6 +86,21 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
]
}

15
2018/14xxx/CVE-2018-14041.json
View File

@ -81,6 +81,21 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
]
}

15
2018/14xxx/CVE-2018-14042.json
View File

@ -76,6 +76,21 @@
"refsource": "BUGTRAQ",
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
]
}

70
2018/7xxx/CVE-2018-7119.json
View File

@ -1,17 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7119",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7119",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HPE",
"product": {
"product_data": [
{
"product_name": "NonStop SAFEGAURD and NonStop H-series STDSEC-STANDARD SECURITY Product",
"version": {
"version_data": [
{
"version_value": "SAFEGUARD All prior versions before SPR T9750L01^AIC or T9750H05^AIH"
},
{
"version_value": "and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND"
},
{
"version_value": "all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW"
},
{
"version_value": "and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND"
},
{
"version_value": "all versions on H-series"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Disclosure of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03910en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03910en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials."
}
]
}

58
2018/7xxx/CVE-2018-7120.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7120",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7120",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HPE",
"product": {
"product_data": [
{
"product_name": "HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy",
"version": {
"version_data": [
{
"version_value": "HPE Virtual Connect SE 16Gb Fibre Channel Module for Synergy 5.00.50 firmware - Part of HPE Synergy Custom SPP 2018.11.20190205"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local or Remote Unauthorized Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03916en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03916en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege."
}
]
}

15
2019/11xxx/CVE-2019-11358.json
View File

@ -166,6 +166,21 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
]
}

7
2019/11xxx/CVE-2019-11510.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker can upload a malicious file to write to arbitrary files, because of Insecure Permissions."
"value": "In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
}
]
},
@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
},
{
"refsource": "BID",
"name": "108073",
"url": "http://www.securityfocus.com/bid/108073"
}
]
},

5
2019/2xxx/CVE-2019-2602.json
View File

@ -71,6 +71,11 @@
"refsource": "REDHAT",
"name": "RHBA-2019:0959",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
}
]
}

5
2019/2xxx/CVE-2019-2684.json
View File

@ -71,6 +71,11 @@
"refsource": "REDHAT",
"name": "RHBA-2019:0959",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
}
]
}

5
2019/2xxx/CVE-2019-2698.json
View File

@ -62,6 +62,11 @@
"refsource": "REDHAT",
"name": "RHBA-2019:0959",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
}
]
}

58
2019/5xxx/CVE-2019-5018.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5018",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5018",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Sqlite3",
"version": {
"version_data": [
{
"version_value": "SQLite 3.26.0, 3.27.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability."
}
]
}

5
2019/5xxx/CVE-2019-5021.json
View File

@ -53,6 +53,11 @@
"refsource": "BID",
"name": "108288",
"url": "http://www.securityfocus.com/bid/108288"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190510-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190510-0001/"
}
]
},

58
2019/5xxx/CVE-2019-5494.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5494",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5494",
"ASSIGNER": "security-alert@netapp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NetApp",
"product": {
"product_data": [
{
"product_name": "OnCommand Unified Manager 7-Mode",
"version": {
"version_data": [
{
"version_value": "Versions prior to 5.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190509-0006/",
"url": "https://security.netapp.com/advisory/ntap-20190509-0006/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Oncommand Unified Manager in 7-mode prior to version 5.2.3 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors."
}
]
}

5
2019/7xxx/CVE-2019-7442.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/",
"url": "https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html",
"url": "http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html"
}
]
}

5
2019/7xxx/CVE-2019-7652.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/",
"url": "https://blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152804/TheHive-Project-Cortex-2.1.3-Server-Side-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/152804/TheHive-Project-Cortex-2.1.3-Server-Side-Request-Forgery.html"
}
]
}

15
2019/8xxx/CVE-2019-8331.json
View File

@ -86,6 +86,21 @@
"refsource": "BUGTRAQ",
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
]
}