admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-12-13 13:01:08 +00:00
parent 59831af1c1
commit 14bfaffa84
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 581 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2014/0xxx/CVE-2014-0175.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0175",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mcollective",
"version": {
"version_data": [
{
"version_value": "2.6.0"
}
]
}
}
]
},
"vendor_name": "mcollective"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mcollective has a default password set at install"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "password set at install"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0175",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-0175"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0175",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0175"
}
]
}

55
2014/0xxx/CVE-2014-0197.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0197",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CFME",
"version": {
"version_data": [
{
"version_value": "through 2014-04-30"
}
]
}
}
]
},
"vendor_name": "CFME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CFME: CSRF protection vulnerability via permissive check of the referrer header"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF protection vulnerability in referrer header"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0197",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0197"
}
]
}

60
2014/0xxx/CVE-2014-0212.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0212",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qpid-cpp",
"version": {
"version_data": [
{
"version_value": "through 2014-03-06"
}
]
}
}
]
},
"vendor_name": "qpid-cpp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACL policy loading enables a denial of service by consuming all available file descriptors"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0212",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-0212"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0212",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0212"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0212",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0212"
}
]
}

55
2014/0xxx/CVE-2014-0241.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0241",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rubygem-hammer_cli_foreman",
"version": {
"version_data": [
{
"version_value": "through 2014-05-20"
}
]
}
}
]
},
"vendor_name": "rubygem-hammer_cli_foreman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "/etc/hammer/cli.modules.d/foreman.yml is world-readable"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0241"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0241",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0241"
}
]
}

67
2019/13xxx/CVE-2019-13347.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled (\"Reactivate inactive users\"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option \"User Update Method\" have the \"Update from SAML Attributes\" value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-sso-confluence?hosting=server&tab=overview",
"refsource": "MISC",
"name": "https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-sso-confluence?hosting=server&tab=overview"
},
{
"refsource": "MISC",
"name": "https://wiki.resolution.de/doc/saml-sso/latest/all/security-advisories/2019-07-11-users-are-always-re-enabled-during-login-when-updated",
"url": "https://wiki.resolution.de/doc/saml-sso/latest/all/security-advisories/2019-07-11-users-are-always-re-enabled-during-login-when-updated"
}
]
}
}

82
2019/18xxx/CVE-2019-18801.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"name": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"url": "https://groups.google.com/forum/#!forum/envoy-users",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!forum/envoy-users"
},
{
"url": "https://blog.envoyproxy.io",
"refsource": "MISC",
"name": "https://blog.envoyproxy.io"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4222",
"url": "https://access.redhat.com/errata/RHSA-2019:4222"
}
]
}
}

77
2019/18xxx/CVE-2019-18802.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"name": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"url": "https://groups.google.com/forum/#!forum/envoy-users",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!forum/envoy-users"
},
{
"url": "https://blog.envoyproxy.io",
"refsource": "MISC",
"name": "https://blog.envoyproxy.io"
},
{
"refsource": "MISC",
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
}
]
}
}

77
2019/18xxx/CVE-2019-18838.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated \"Invalid request\" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"name": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"url": "https://groups.google.com/forum/#!forum/envoy-users",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!forum/envoy-users"
},
{
"url": "https://blog.envoyproxy.io",
"refsource": "MISC",
"name": "https://blog.envoyproxy.io"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
}
]
}
}

61
2019/19xxx/CVE-2019-19501.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.veracrypt.fr/en/Release%20Notes.html",
"refsource": "MISC",
"name": "https://www.veracrypt.fr/en/Release%20Notes.html"
},
{
"refsource": "MISC",
"name": "https://www.veracrypt.fr/code/VeraCrypt/commit/?id=07bb27e3b94ee26128d5c7f800cdcf3232ff281a",
"url": "https://www.veracrypt.fr/code/VeraCrypt/commit/?id=07bb27e3b94ee26128d5c7f800cdcf3232ff281a"
}
]
}

5
2019/19xxx/CVE-2019-19604.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-4581",
"url": "https://www.debian.org/security/2019/dsa-4581"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191213 Multiple vulnerabilities fixed in Git",
"url": "http://www.openwall.com/lists/oss-security/2019/12/13/1"
}
]
}