admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-09 02:01:34 +00:00
parent 6173a1bfb6
commit 21537b1576
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
21 changed files with 1515 additions and 1075 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2018/1xxx/CVE-2018-1721.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "H",
"A" : "L",
"I" : "H",
"UI" : "N",
"PR" : "L",
"SCORE" : "8.300"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"S": "U",
"AV": "N",
"AC": "L",
"C": "H",
"A": "L",
"I": "H",
"UI": "N",
"PR": "L",
"SCORE": "8.300"
}
]
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1721"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1074144",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1074144",
"title" : "IBM Security Bulletin 1074144 (Cognos Analytics)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147369",
"refsource" : "XF",
"name" : "ibm-cognos-cve20181721-xxe (147369)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.0"
},
{
"version_value": "11.1"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-05T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-1721"
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1074144",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1074144",
"title": "IBM Security Bulletin 1074144 (Cognos Analytics)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147369",
"refsource": "XF",
"name": "ibm-cognos-cve20181721-xxe (147369)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}

180
2019/4xxx/CVE-2019-4334.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1074144 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/1074144",
"url" : "https://www.ibm.com/support/pages/node/1074144",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20194334-info-disc (161271)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161271",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
"title": "IBM Security Bulletin 1074144 (Cognos Analytics)",
"name": "https://www.ibm.com/support/pages/node/1074144",
"url": "https://www.ibm.com/support/pages/node/1074144",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve20194334-info-disc (161271)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161271",
"refsource": "XF"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4334",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"A" : "N",
"S" : "U",
"AC" : "L",
"AV" : "N",
"PR" : "L",
"SCORE" : "4.300",
"UI" : "N",
"I" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.0"
},
{
"version_value": "11.1"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4334",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-11-05T00:00:00",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"A": "N",
"S": "U",
"AC": "L",
"AV": "N",
"PR": "L",
"SCORE": "4.300",
"UI": "N",
"I": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_type": "CVE"
}

192
2019/4xxx/CVE-2019-4411.json
View File

@ -1,99 +1,99 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1086123",
"name" : "https://www.ibm.com/support/pages/node/1086123",
"title" : "IBM Security Bulletin 1086123 (Cognos Controller)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162658",
"refsource" : "XF",
"name" : "ibm-cognos-cve20194411-info-disc (162658)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"SCORE" : "4.300",
"PR" : "L",
"I" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"A" : "N",
"C" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cognos Controller",
"version" : {
"version_data" : [
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
},
{
"version_value" : "10.4.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1086123",
"name": "https://www.ibm.com/support/pages/node/1086123",
"title": "IBM Security Bulletin 1086123 (Cognos Controller)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162658",
"refsource": "XF",
"name": "ibm-cognos-cve20194411-info-disc (162658)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-11-08T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4411",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"SCORE": "4.300",
"PR": "L",
"I": "N",
"S": "U",
"AV": "N",
"AC": "L",
"A": "N",
"C": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cognos Controller",
"version": {
"version_data": [
{
"version_value": "10.3.1"
},
{
"version_value": "10.3.0"
},
{
"version_value": "10.4.0"
},
{
"version_value": "10.4.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-11-08T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4411",
"ASSIGNER": "psirt@us.ibm.com"
}
}

194
2019/4xxx/CVE-2019-4412.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4412",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-08T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
},
{
"version_value" : "10.4.1"
}
]
},
"product_name" : "Cognos Controller"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "H",
"AV" : "N",
"S" : "U",
"C" : "L",
"A" : "N",
"UI" : "N",
"PR" : "N",
"SCORE" : "3.700",
"I" : "N"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4412",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-08T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.3.1"
},
{
"version_value": "10.3.0"
},
{
"version_value": "10.4.0"
},
{
"version_value": "10.4.1"
}
]
},
"product_name": "Cognos Controller"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/1086123",
"title" : "IBM Security Bulletin 1086123 (Cognos Controller)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1086123"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20194412-info-disc (162659)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162659",
"refsource" : "XF"
}
]
}
}
}
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "H",
"AV": "N",
"S": "U",
"C": "L",
"A": "N",
"UI": "N",
"PR": "N",
"SCORE": "3.700",
"I": "N"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1086123",
"title": "IBM Security Bulletin 1086123 (Cognos Controller)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1086123"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve20194412-info-disc (162659)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162659",
"refsource": "XF"
}
]
}
}

184
2019/4xxx/CVE-2019-4450.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"C" : "L",
"AC" : "L",
"AV" : "N",
"S" : "C",
"PR" : "N",
"SCORE" : "6.100",
"UI" : "R",
"I" : "L"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "i",
"version" : {
"version_data" : [
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
},
{
"version_value" : "7.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-10-31T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4450"
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1100085",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1100085",
"title" : "IBM Security Bulletin 1100085 (i)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163492",
"name" : "ibm-i-cve20194450-xss (163492)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"C": "L",
"AC": "L",
"AV": "N",
"S": "C",
"PR": "N",
"SCORE": "6.100",
"UI": "R",
"I": "L"
},
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
}
}
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
},
{
"version_value": "7.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-10-31T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4450"
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1100085",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1100085",
"title": "IBM Security Bulletin 1100085 (i)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163492",
"name": "ibm-i-cve20194450-xss (163492)",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE"
}

180
2019/4xxx/CVE-2019-4454.json
View File

@ -1,93 +1,93 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1103499 (QRadar)",
"name" : "https://www.ibm.com/support/pages/node/1103499",
"url" : "https://www.ibm.com/support/pages/node/1103499",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163618",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194454-xss (163618)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4454",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-06T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
},
"product_name" : "QRadar"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"SCORE" : "5.400",
"PR" : "L",
"UI" : "R",
"A" : "N",
"C" : "L",
"S" : "C",
"AC" : "L",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1103499 (QRadar)",
"name": "https://www.ibm.com/support/pages/node/1103499",
"url": "https://www.ibm.com/support/pages/node/1103499",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163618",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-qradar-cve20194454-xss (163618)"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4454",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-11-06T00:00:00",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.3.0"
},
{
"version_value": "7.3.2Patch4"
}
]
},
"product_name": "QRadar"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"I": "L",
"SCORE": "5.400",
"PR": "L",
"UI": "R",
"A": "N",
"C": "L",
"S": "C",
"AC": "L",
"AV": "N"
},
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
}
}
}
}

180
2019/4xxx/CVE-2019-4470.json
View File

@ -1,93 +1,93 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1103517",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1103517",
"title" : "IBM Security Bulletin 1103517 (QRadar)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194470-xss (163779)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163779",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"C" : "L",
"A" : "N",
"AC" : "L",
"AV" : "N",
"S" : "C",
"I" : "L",
"PR" : "L",
"SCORE" : "5.400",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4470",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-06T00:00:00"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar",
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1103517",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1103517",
"title": "IBM Security Bulletin 1103517 (QRadar)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-qradar-cve20194470-xss (163779)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163779",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
},
"BM": {
"C": "L",
"A": "N",
"AC": "L",
"AV": "N",
"S": "C",
"I": "L",
"PR": "L",
"SCORE": "5.400",
"UI": "R"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4470",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-06T00:00:00"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar",
"version": {
"version_data": [
{
"version_value": "7.3.0"
},
{
"version_value": "7.3.2Patch4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

180
2019/4xxx/CVE-2019-4509.json
View File

@ -1,93 +1,93 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1103931",
"title" : "IBM Security Bulletin 1103931 (QRadar)",
"name" : "https://www.ibm.com/support/pages/node/1103931"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164430",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194509-info-disc (164430)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"PR" : "L",
"SCORE" : "4.300",
"I" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"C" : "L",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4509"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
},
"product_name" : "QRadar"
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1103931",
"title": "IBM Security Bulletin 1103931 (QRadar)",
"name": "https://www.ibm.com/support/pages/node/1103931"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164430",
"title": "X-Force Vulnerability Report",
"name": "ibm-qradar-cve20194509-info-disc (164430)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"PR": "L",
"SCORE": "4.300",
"I": "N",
"S": "U",
"AV": "N",
"AC": "L",
"C": "L",
"A": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4509"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.3.0"
},
{
"version_value": "7.3.2Patch4"
}
]
},
"product_name": "QRadar"
}
]
}
}
]
}
}
}

180
2019/4xxx/CVE-2019-4556.json
View File

@ -1,93 +1,93 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1102443",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1102443",
"title" : "IBM Security Bulletin 1102443 (Qradar Advisor)"
},
{
"name" : "ibm-qradar-cve20194556-input-validation (166205)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166205",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"AC" : "L",
"S" : "U",
"A" : "N",
"C" : "N",
"I" : "L",
"UI" : "N",
"PR" : "L",
"SCORE" : "4.300"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-11-01T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4556",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Qradar Advisor",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "2.4.0"
}
]
}
}
]
}
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1102443",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1102443",
"title": "IBM Security Bulletin 1102443 (Qradar Advisor)"
},
{
"name": "ibm-qradar-cve20194556-input-validation (166205)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166205",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"value": "IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AV": "N",
"AC": "L",
"S": "U",
"A": "N",
"C": "N",
"I": "L",
"UI": "N",
"PR": "L",
"SCORE": "4.300"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-11-01T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4556",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Qradar Advisor",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "2.4.0"
}
]
}
}
]
}
}
]
}
}
}

180
2019/4xxx/CVE-2019-4581.json
View File

@ -1,93 +1,93 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1103373",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1103373 (QRadar)",
"name" : "https://www.ibm.com/support/pages/node/1103373"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167239",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194581-xss (167239)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4581",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar",
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.3.2Patch4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"S" : "C",
"AC" : "L",
"AV" : "N",
"A" : "N",
"C" : "L",
"I" : "L",
"UI" : "R",
"PR" : "N",
"SCORE" : "6.100"
}
}
},
"data_type" : "CVE"
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1103373",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1103373 (QRadar)",
"name": "https://www.ibm.com/support/pages/node/1103373"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167239",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-qradar-cve20194581-xss (167239)"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4581",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-11-05T00:00:00",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar",
"version": {
"version_data": [
{
"version_value": "7.3.0"
},
{
"version_value": "7.3.2Patch4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
},
"BM": {
"S": "C",
"AC": "L",
"AV": "N",
"A": "N",
"C": "L",
"I": "L",
"UI": "R",
"PR": "N",
"SCORE": "6.100"
}
}
},
"data_type": "CVE"
}

180
2019/4xxx/CVE-2019-4645.json
View File

@ -1,93 +1,93 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1074144",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1074144 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/1074144"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/170881",
"refsource" : "XF",
"name" : "ibm-cognos-cve20194645-xss (170881)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"C" : "L",
"A" : "N",
"S" : "C",
"AC" : "L",
"AV" : "N",
"I" : "L",
"PR" : "N",
"SCORE" : "6.100",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881."
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4645",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-05T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"data_version" : "4.0"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1074144",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1074144 (Cognos Analytics)",
"name": "https://www.ibm.com/support/pages/node/1074144"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170881",
"refsource": "XF",
"name": "ibm-cognos-cve20194645-xss (170881)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
},
"BM": {
"C": "L",
"A": "N",
"S": "C",
"AC": "L",
"AV": "N",
"I": "L",
"PR": "N",
"SCORE": "6.100",
"UI": "R"
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881."
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4645",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-11-05T00:00:00",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.0"
},
{
"version_value": "11.1"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0"
}

58
2019/5xxx/CVE-2019-5689.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5689",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5689",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.20.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution, denial of service, or information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure."
}
]
}

58
2019/5xxx/CVE-2019-5690.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5690",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5690",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service or escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges."
}
]
}

58
2019/5xxx/CVE-2019-5691.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5691",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5691",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service or escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges."
}
]
}

58
2019/5xxx/CVE-2019-5692.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5692",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5692",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service or escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service."
}
]
}

58
2019/5xxx/CVE-2019-5693.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5693",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5693",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service."
}
]
}

58
2019/5xxx/CVE-2019-5694.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5694",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5694",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service or information disclosure through code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access."
}
]
}

58
2019/5xxx/CVE-2019-5696.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5696",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5696",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA VGPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service."
}
]
}

58
2019/5xxx/CVE-2019-5697.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5697",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5697",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA VGPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service or information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service."
}
]
}

58
2019/5xxx/CVE-2019-5698.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5698",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5698",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA VGPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service."
}
]
}

58
2019/5xxx/CVE-2019-5701.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5701",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5701",
"ASSIGNER": "psirt@nvidia.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "NVIDIA GeForce Experience",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.20.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service, information disclosure, or escalation of privileges through code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution."
}
]
}