admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-01 21:00:51 +00:00
parent ca27821f11
commit 165791596e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
39 changed files with 924 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/10xxx/CVE-2016-10741.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2017/13xxx/CVE-2017-13305.json
View File

@ -87,6 +87,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2017/5xxx/CVE-2017-5753.json
View File

@ -357,6 +357,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

195
2017/8xxx/CVE-2017-8023.json
View File

@ -1,98 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-03-26T04:00:00.000Z",
"ID": "CVE-2017-8023",
"STATE": "PUBLIC",
"TITLE": "EMC Networker Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Networker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.2.X"
},
{
"version_affected": "=",
"version_value": "9.0.X"
},
{
"version_affected": "<",
"version_value": "9.1.15"
},
{
"version_affected": "<",
"version_value": "9.2.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2019/Mar/50"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-03-26T04:00:00.000Z",
"ID": "CVE-2017-8023",
"STATE": "PUBLIC",
"TITLE": "EMC Networker Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Networker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.2.X"
},
{
"version_affected": "=",
"version_value": "9.0.X"
},
{
"version_affected": "<",
"version_value": "9.1.15"
},
{
"version_affected": "<",
"version_value": "9.2.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Mar/50",
"name": "https://seclists.org/fulldisclosure/2019/Mar/50"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

10
2018/10xxx/CVE-2018-10237.json
View File

@ -116,6 +116,16 @@
"name": "RHSA-2018:2743",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2743"
},
{
"refsource": "MLIST",
"name": "[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project",
"url": "https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc@%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project",
"url": "https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495@%3Ccommon-dev.hadoop.apache.org%3E"
}
]
}

5
2018/12xxx/CVE-2018-12896.json
View File

@ -111,6 +111,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/13xxx/CVE-2018-13053.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/16xxx/CVE-2018-16862.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/16xxx/CVE-2018-16884.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

53
2018/17xxx/CVE-2018-17563.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17563",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://grandstream.com/support/firmware",
"refsource": "MISC",
"name": "http://grandstream.com/support/firmware"
},
{
"url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/",
"refsource": "MISC",
"name": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/"
}
]
}

53
2018/17xxx/CVE-2018-17564.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17564",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://grandstream.com/support/firmware",
"refsource": "MISC",
"name": "http://grandstream.com/support/firmware"
},
{
"url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/",
"refsource": "MISC",
"name": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/"
}
]
}

53
2018/17xxx/CVE-2018-17565.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17565",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://grandstream.com/support/firmware",
"refsource": "MISC",
"name": "http://grandstream.com/support/firmware"
},
{
"url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/",
"refsource": "MISC",
"name": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/"
}
]
}

5
2018/17xxx/CVE-2018-17972.json
View File

@ -131,6 +131,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

48
2018/17xxx/CVE-2018-17989.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17989",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when \"/cgi-bin/New_GUI/Acl.asp\" is requested."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/",
"refsource": "MISC",
"name": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/"
}
]
}

48
2018/17xxx/CVE-2018-17990.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17990",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/",
"refsource": "MISC",
"name": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/"
}
]
}

5
2018/18xxx/CVE-2018-18281.json
View File

@ -146,6 +146,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/18xxx/CVE-2018-18690.json
View File

@ -121,6 +121,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/18xxx/CVE-2018-18710.json
View File

@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

53
2018/19xxx/CVE-2018-19113.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19113",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has \"BUILTIN\\Users:(I)(F)\" permissions for the \"%PROGRAMFILES(X86)%\\proNestor\\Outlook add-in for Pronestor\\PronestorHealthMonitor.exe\" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.pronestor.com",
"refsource": "MISC",
"name": "https://www.pronestor.com"
},
{
"url": "https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28",
"refsource": "MISC",
"name": "https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28"
}
]
}

5
2018/19xxx/CVE-2018-19824.json
View File

@ -91,6 +91,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K98155950",
"url": "https://support.f5.com/csp/article/K98155950"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/19xxx/CVE-2018-19985.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/20xxx/CVE-2018-20169.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/20xxx/CVE-2018-20511.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/3xxx/CVE-2018-3639.json
View File

@ -722,6 +722,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

61
2018/3xxx/CVE-2018-3979.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3979",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-3979",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nouveau",
"product": {
"product_data": [
{
"product_name": "Nouveau",
"version": {
"version_data": [
{
"version_value": "Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64)"
},
{
"version_value": "Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload)."
}
]
}

5
2018/5xxx/CVE-2018-5848.json
View File

@ -82,6 +82,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2018/5xxx/CVE-2018-5953.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

2
2018/7xxx/CVE-2018-7447.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable."
"value": "** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts."
}
]
},

5
2019/3xxx/CVE-2019-3701.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

86
2019/3xxx/CVE-2019-3792.json
View File

@ -1 +1,85 @@
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-03-26T00:18:10.000Z","ID":"CVE-2019-3792","STATE":"PUBLIC","TITLE":"Concourse 5.0.0 SQL Injection vulnerability"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Concourse","version":{"version_data":[{"affected":"<","version_name":"All","version_value":"v5.0.1"}]}}]},"vendor_name":"Pivotal"}]}},"description":{"description_data":[{"lang":"eng","value":"Pivotal Concourse versions prior to 5.0.1, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89: SQL Injection"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3792","name":"https://pivotal.io/security/cve-2019-3792"}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","version":"3.0"}}}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-03-26T00:18:10.000Z",
"ID": "CVE-2019-3792",
"STATE": "PUBLIC",
"TITLE": "Concourse 5.0.0 SQL Injection vulnerability"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Concourse",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "v5.0.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Concourse versions prior to 5.0.1, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3792",
"name": "https://pivotal.io/security/cve-2019-3792"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
}

5
2019/3xxx/CVE-2019-3819.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

68
2019/5xxx/CVE-2019-5514.json
View File

@ -1,17 +1,71 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5514",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5514",
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "VMware Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated APIs Security vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html",
"url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"
},
{
"refsource": "BID",
"name": "107637",
"url": "http://www.securityfocus.com/bid/107637"
},
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines."
}
]
}

81
2019/5xxx/CVE-2019-5518.json
View File

@ -1,17 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5518",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5518",
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "VMware ESXi, Workstation, Fusion",
"version": {
"version_data": [
{
"version_value": "ESXi 6.7 before ESXi670-201903001"
},
{
"version_value": "ESXi 6.5 before ESXi650-201903001"
},
{
"version_value": "ESXi 6.0 before ESXi600-201903001"
},
{
"version_value": "Workstation 15.x before 15.0.4"
},
{
"version_value": "Workstation 14.x before 14.1.7"
},
{
"version_value": "Fusion 11.x before 11.0.3"
},
{
"version_value": "Fusion 10.x before 10.1.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read/write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html",
"url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host."
}
]
}

81
2019/5xxx/CVE-2019-5519.json
View File

@ -1,17 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5519",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5519",
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "VMware ESXi, Workstation, Fusion",
"version": {
"version_data": [
{
"version_value": "ESXi 6.7 before ESXi670-201903001"
},
{
"version_value": "ESXi 6.5 before ESXi650-201903001"
},
{
"version_value": "ESXi 6.0 before ESXi600-201903001"
},
{
"version_value": "Workstation 15.x before 15.0.4"
},
{
"version_value": "Workstation 14.x before 14.1.7"
},
{
"version_value": "Fusion 11.x before 11.0.3"
},
{
"version_value": "Fusion 10.x before 10.1.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use (TOCTOU) vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html",
"url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host."
}
]
}

5
2019/6xxx/CVE-2019-6974.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2019/7xxx/CVE-2019-7221.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2019/7xxx/CVE-2019-7222.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

53
2019/9xxx/CVE-2019-9193.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9193",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/",
"refsource": "MISC",
"name": "https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/"
},
{
"url": "https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5",
"refsource": "MISC",
"name": "https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5"
}
]
}

5
2019/9xxx/CVE-2019-9213.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1085",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}