admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 13:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into cna/Oracle/CPU2019Oct

Browse Source
This commit is contained in:
CVE Team 2019-10-16 13:43:11 -04:00 committed by GitHub
commit 25388485eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
85 changed files with 3600 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/10xxx/CVE-2016-10906.json
View File

@ -56,6 +56,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c278c253f3d992c6994d08aa0efb2b6806ca396f",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c278c253f3d992c6994d08aa0efb2b6806ca396f"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K01993501?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K01993501?utm_source=f5support&utm_medium=RSS"
}
]
}

77
2016/11xxx/CVE-2016-11014.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cybersecurityworks/Disclosed/issues/14",
"refsource": "MISC",
"name": "https://github.com/cybersecurityworks/Disclosed/issues/14"
},
{
"url": "https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html"
},
{
"url": "https://lists.openwall.net/full-disclosure/2016/01/11/5",
"refsource": "MISC",
"name": "https://lists.openwall.net/full-disclosure/2016/01/11/5"
},
{
"url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html",
"refsource": "MISC",
"name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html"
}
]
}
}

77
2016/11xxx/CVE-2016-11015.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.openwall.net/full-disclosure/2016/01/11/4",
"refsource": "MISC",
"name": "https://lists.openwall.net/full-disclosure/2016/01/11/4"
},
{
"url": "https://github.com/cybersecurityworks/Disclosed/issues/13",
"refsource": "MISC",
"name": "https://github.com/cybersecurityworks/Disclosed/issues/13"
},
{
"url": "https://packetstormsecurity.com/files/135215/Netgear-1.0.0.24-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/135215/Netgear-1.0.0.24-Cross-Site-Request-Forgery.html"
},
{
"url": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/",
"refsource": "MISC",
"name": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/"
}
]
}
}

82
2016/11xxx/CVE-2016-11016.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.openwall.net/full-disclosure/2016/01/11/1",
"refsource": "MISC",
"name": "https://lists.openwall.net/full-disclosure/2016/01/11/1"
},
{
"url": "https://github.com/cybersecurityworks/Disclosed/issues/12",
"refsource": "MISC",
"name": "https://github.com/cybersecurityworks/Disclosed/issues/12"
},
{
"url": "https://packetstormsecurity.com/files/135194/Netgear-1.0.0.24-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/135194/Netgear-1.0.0.24-Cross-Site-Scripting.html"
},
{
"url": "http://007software.net/multiple-cross-site-scripting-in-netgear-router-version1-0-0-24/",
"refsource": "MISC",
"name": "http://007software.net/multiple-cross-site-scripting-in-netgear-router-version1-0-0-24/"
},
{
"url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html",
"refsource": "MISC",
"name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html"
}
]
}
}

17
2016/4xxx/CVE-2016-4977.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2016-4977",
"STATE": "PUBLIC"
},
@ -59,6 +59,21 @@
"name": "https://pivotal.io/security/cve-2016-4977",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-4977"
},
{
"refsource": "MLIST",
"name": "[fineract-dev] 20191016 [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0",
"url": "https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0@%3Cdev.fineract.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[fineract-dev] 20191016 Re: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0",
"url": "https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488@%3Cdev.fineract.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191015 Fwd: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/1"
}
]
}

5
2018/11xxx/CVE-2018-11396.json
View File

@ -56,6 +56,11 @@
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=795740",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=795740"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2318",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00043.html"
}
]
}

20
2018/20xxx/CVE-2018-20856.json
View File

@ -116,6 +116,26 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html",
"url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K14673240?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K14673240?utm_source=f5support&utm_medium=RSS"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3076",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3055",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3089",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
}
]
}

12
2019/10xxx/CVE-2019-10092.json
View File

@ -51,12 +51,16 @@
"url":"https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"refsource":"MLIST",
"name":"[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update",
"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html"
"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
"refsource": "BUGTRAQ",
"name": "20191016 [SECURITY] [DSA 4509-3] apache2 security update",
"url": "https://seclists.org/bugtraq/2019/Oct/24"
}
]
},

15
2019/10xxx/CVE-2019-10126.json
View File

@ -138,6 +138,21 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3076",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3055",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3089",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
}
]
},

56
2019/10xxx/CVE-2019-10436.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Google OAuth Credentials Plugin",
"version": {
"version_data": [
{
"version_value": "0.9 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10437.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10438.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10439.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10439",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(2)",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(2)",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10440.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins NeoLoad Plugin",
"version": {
"version_data": [
{
"version_value": "2.2.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10441.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins iceScrum Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"refsource": "CONFIRM"
}
]
}

61
2019/10xxx/CVE-2019-10442.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins iceScrum Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
]
}

61
2019/10xxx/CVE-2019-10443.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins iceScrum Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1436",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1436",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
]
}

56
2019/10xxx/CVE-2019-10444.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Bumblebee HP ALM Plugin",
"version": {
"version_data": [
{
"version_value": "4.1.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481",
"refsource": "CONFIRM"
}
]
}

61
2019/10xxx/CVE-2019-10445.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Google Kubernetes Engine Plugin",
"version": {
"version_data": [
{
"version_value": "0.7.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1607",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1607",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
]
}

56
2019/10xxx/CVE-2019-10446.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Cadence vManager Plugin",
"version": {
"version_data": [
{
"version_value": "2.7.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1615",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1615",
"refsource": "CONFIRM"
}
]
}

61
2019/10xxx/CVE-2019-10447.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10447",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Sofy.AI Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
]
}

56
2019/10xxx/CVE-2019-10448.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extensive Testing Plugin",
"version": {
"version_data": [
{
"version_value": "1.4.4b and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1432",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1432",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10449.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Fortify on Demand Plugin",
"version": {
"version_data": [
{
"version_value": "4.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1433",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1433",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10450.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins ElasticBox CI Plugin",
"version": {
"version_data": [
{
"version_value": "5.0.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10451.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins SOASTA CloudTest Plugin",
"version": {
"version_data": [
{
"version_value": "2.25 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1439",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1439",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10452.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10452",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins View26 Test-Reporting Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.7 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1440",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1440",
"refsource": "CONFIRM"
}
]
}

61
2019/10xxx/CVE-2019-10453.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10453",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Delphix Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
]
}

56
2019/10xxx/CVE-2019-10454.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Rundeck Plugin",
"version": {
"version_data": [
{
"version_value": "3.6.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10455.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Rundeck Plugin",
"version": {
"version_data": [
{
"version_value": "3.6.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460",
"refsource": "CONFIRM"
}
]
}

56
2019/10xxx/CVE-2019-10456.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Oracle Cloud Infrastructure Compute Classic Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462",
"refsource": "CONFIRM"
}
]
}

61
2019/10xxx/CVE-2019-10457.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10457",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Oracle Cloud Infrastructure Compute Classic Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
]
}

56
2019/10xxx/CVE-2019-10458.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Puppet Enterprise Pipeline",
"version": {
"version_data": [
{
"version_value": "1.3.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-183"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918",
"refsource": "CONFIRM"
}
]
}

87
2019/11xxx/CVE-2019-11281.json
View File

@ -3,16 +3,97 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-15T20:59:25.000Z",
"ID": "CVE-2019-11281",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "RabbitMQ XSS attack"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pivotal",
"product": {
"product_data": [
{
"product_name": "RabbitMQ",
"version": {
"version_data": [
{
"version_value": "prior to v3.7.18"
}
]
}
},
{
"product_name": "RabbitMQ for PCF",
"version": {
"version_data": [
{
"version_value": "1.15.x prior to 1.15.13"
},
{
"version_value": "11.16.x prior to 1.16.6"
},
{
"version_value": "1.17.x prior to 1.17.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting (XSS) - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11281",
"name": "https://pivotal.io/security/cve-2019-11281"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
}

5
2019/11xxx/CVE-2019-11932.json
View File

@ -62,6 +62,11 @@
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-11932",
"url": "https://www.facebook.com/security/advisories/cve-2019-11932"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html"
}
]
}

5
2019/12xxx/CVE-2019-12264.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us"
}
]
}

72
2019/13xxx/CVE-2019-13392.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mindpalette.com/tag/natemail/",
"refsource": "MISC",
"name": "https://mindpalette.com/tag/natemail/"
},
{
"url": "https://twitter.com/mindpalette",
"refsource": "MISC",
"name": "https://twitter.com/mindpalette"
},
{
"refsource": "MISC",
"name": "https://www.doyler.net/security-not-included/natemail-vulnerabilities",
"url": "https://www.doyler.net/security-not-included/natemail-vulnerabilities"
}
]
}
}

5
2019/13xxx/CVE-2019-13616.json
View File

@ -106,6 +106,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/14xxx/CVE-2019-14823.json
View File

@ -54,6 +54,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823",
"refsource": "CONFIRM"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3067",
"url": "https://access.redhat.com/errata/RHSA-2019:3067"
}
]
},

5
2019/14xxx/CVE-2019-14838.json
View File

@ -53,6 +53,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3083",
"url": "https://access.redhat.com/errata/RHSA-2019:3083"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3082",
"url": "https://access.redhat.com/errata/RHSA-2019:3082"
}
]
},

62
2019/15xxx/CVE-2019-15893.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.sonatype.com/hc/en-us/articles/360035055794",
"url": "https://support.sonatype.com/hc/en-us/articles/360035055794"
}
]
}
}

5
2019/16xxx/CVE-2019-16378.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-e1f0417a24",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-24b3f84f6e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E/"
}
]
}

87
2019/16xxx/CVE-2019-16520.json Normal file
View File

@ -0,0 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers"
},
{
"url": "https://semperplugins.com/all-in-one-seo-pack-changelog/",
"refsource": "MISC",
"name": "https://semperplugins.com/all-in-one-seo-pack-changelog/"
},
{
"url": "https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888",
"refsource": "MISC",
"name": "https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888"
},
{
"refsource": "MISC",
"name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack",
"url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 [SBA-ADV-20190913-04] CVE-2019-16520: WordPress Plugin - All in One SEO Pack <= 3.2.6 - Stored XSS",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/5"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9915",
"url": "https://wpvulndb.com/vulnerabilities/9915"
}
]
}
}

67
2019/16xxx/CVE-2019-16521.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/broken-link-checker/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/broken-link-checker/#developers"
},
{
"refsource": "MISC",
"name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker",
"url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker"
}
]
}
}

67
2019/16xxx/CVE-2019-16522.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/eu-cookie-law/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/eu-cookie-law/#developers"
},
{
"refsource": "MISC",
"name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_Law",
"url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_Law"
}
]
}
}

67
2019/16xxx/CVE-2019-16523.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/events-manager/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/events-manager/#developers"
},
{
"refsource": "MISC",
"name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager",
"url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager"
}
]
}
}

5
2019/16xxx/CVE-2019-16709.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/ImageMagick/ImageMagick/issues/1531",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1531"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2317",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html"
}
]
}

10
2019/16xxx/CVE-2019-16866.json
View File

@ -66,6 +66,16 @@
"refsource": "UBUNTU",
"name": "USN-4149-1",
"url": "https://usn.ubuntu.com/4149-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4544",
"url": "https://www.debian.org/security/2019/dsa-4544"
},
{
"refsource": "BUGTRAQ",
"name": "20191016 [SECURITY] [DSA 4544-1] unbound security update",
"url": "https://seclists.org/bugtraq/2019/Oct/23"
}
]
}

10
2019/16xxx/CVE-2019-16884.json
View File

@ -61,6 +61,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-bd4843561c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-3fc86a518b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-96946c39dd",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/"
}
]
}

5
2019/17xxx/CVE-2019-17113.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2306",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00035.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2319",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00044.html"
}
]
}

62
2019/17xxx/CVE-2019-17355.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pastebin.com/GgpFz3ZW",
"refsource": "MISC",
"name": "https://pastebin.com/GgpFz3ZW"
}
]
}
}

67
2019/17xxx/CVE-2019-17356.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bit.ly/2kfL7xE",
"refsource": "MISC",
"name": "https://bit.ly/2kfL7xE"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/yUFxs2J7",
"url": "https://pastebin.com/yUFxs2J7"
}
]
}
}

62
2019/17xxx/CVE-2019-17394.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pastebin.com/h8v0qxZH",
"refsource": "MISC",
"name": "https://pastebin.com/h8v0qxZH"
}
]
}
}

62
2019/17xxx/CVE-2019-17395.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pastebin.com/8dvs5RcJ",
"refsource": "MISC",
"name": "https://pastebin.com/8dvs5RcJ"
}
]
}
}

62
2019/17xxx/CVE-2019-17396.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pastebin.com/9VBiRpAR",
"refsource": "MISC",
"name": "https://pastebin.com/9VBiRpAR"
}
]
}
}

62
2019/17xxx/CVE-2019-17398.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pastebin.com/5ZDDCqgL",
"refsource": "MISC",
"name": "https://pastebin.com/5ZDDCqgL"
}
]
}
}

2
2019/17xxx/CVE-2019-17449.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack."
"value": "** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges."
}
]
},

62
2019/17xxx/CVE-2019-17601.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/154819/MiniShare-1.4.1-CONNECT-Remote-Buffer-Overflow.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/154819/MiniShare-1.4.1-CONNECT-Remote-Buffer-Overflow.html"
}
]
}
}

62
2019/17xxx/CVE-2019-17602.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html",
"refsource": "MISC",
"name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html"
}
]
}
}

62
2019/17xxx/CVE-2019-17612.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Ers4tz/vuln/blob/master/74cms_5.2.8_SQLI.md",
"refsource": "MISC",
"name": "https://github.com/Ers4tz/vuln/blob/master/74cms_5.2.8_SQLI.md"
}
]
}
}

62
2019/17xxx/CVE-2019-17613.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md",
"refsource": "MISC",
"name": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md"
}
]
}
}

72
2019/17xxx/CVE-2019-17624.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/47507",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/47507"
},
{
"url": "https://www.x.org/releases/individual/xserver/",
"refsource": "MISC",
"name": "https://www.x.org/releases/individual/xserver/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html",
"url": "http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html"
}
]
}
}

62
2019/17xxx/CVE-2019-17625.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ramboxapp/community-edition/issues/2418",
"refsource": "MISC",
"name": "https://github.com/ramboxapp/community-edition/issues/2418"
}
]
}
}

67
2019/17xxx/CVE-2019-17626.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color=\"' followed by arbitrary Python code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code",
"refsource": "MISC",
"name": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"
},
{
"url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md",
"refsource": "MISC",
"name": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"
}
]
}
}

62
2019/17xxx/CVE-2019-17627.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This affects the Yale ZEN-R lock and unspecified other locks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PwnMonkeyLab/YaleDoorlockVulnerability/blob/master/HowToDo.md",
"refsource": "MISC",
"name": "https://github.com/PwnMonkeyLab/YaleDoorlockVulnerability/blob/master/HowToDo.md"
}
]
}
}

67
2019/17xxx/CVE-2019-17629.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the \"file manager > upload images\" screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://forum.cmsmadesimple.org/viewforum.php?f=1",
"refsource": "MISC",
"name": "https://forum.cmsmadesimple.org/viewforum.php?f=1"
},
{
"url": "http://dev.cmsmadesimple.org/bug/view/12146",
"refsource": "MISC",
"name": "http://dev.cmsmadesimple.org/bug/view/12146"
}
]
}
}

67
2019/17xxx/CVE-2019-17630.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the \"News > Add Article\" screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://forum.cmsmadesimple.org/viewforum.php?f=1",
"refsource": "MISC",
"name": "https://forum.cmsmadesimple.org/viewforum.php?f=1"
},
{
"url": "http://dev.cmsmadesimple.org/bug/view/12149",
"refsource": "MISC",
"name": "http://dev.cmsmadesimple.org/bug/view/12149"
}
]
}
}

62
2019/17xxx/CVE-2019-17660.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/kbgsft/vuln-limesurvey/wiki/Reflected-XSS-in-LimeSurvey-3.19.1-by-xcuter",
"refsource": "MISC",
"name": "https://github.com/kbgsft/vuln-limesurvey/wiki/Reflected-XSS-in-LimeSurvey-3.19.1-by-xcuter"
}
]
}
}

15
2019/3xxx/CVE-2019-3846.json
View File

@ -158,6 +158,21 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2741",
"url": "https://access.redhat.com/errata/RHSA-2019:2741"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3076",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3055",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3089",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
}
]
},

101
2019/4xxx/CVE-2019-4031.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4031",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-4031",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-10-09T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"AC": "L",
"AV": "L",
"A": "H",
"I": "H",
"UI": "N",
"C": "H",
"S": "U",
"SCORE": "8.400"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Workload Scheduler Distributed",
"version": {
"version_data": [
{
"version_value": "9.2"
},
{
"version_value": "9.3"
},
{
"version_value": "9.4"
},
{
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1076775",
"title": "IBM Security Bulletin 1076775 (Workload Scheduler Distributed)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1076775"
},
{
"refsource": "XF",
"name": "ibm-tivoli-cve20194031-priv-escalation (155997)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155997",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.",
"lang": "eng"
}
]
},
"data_version": "4.0"
}

5
2019/6xxx/CVE-2019-6333.json
View File

@ -44,6 +44,11 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333",
"url": "https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333"
},
{
"refsource": "CONFIRM",
"name": "https://support.hp.com/us-en/document/c06463166",

58
2019/6xxx/CVE-2019-6334.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6334",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6334",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP Color LaserJet CM4540 MFP,HP Color LaserJet Managed flow MFP M880zm,HP Color LaserJet Enterprise flow MFP M880z,HP Color LaserJet Enterprise M552,HP Color LaserJet Managed M553,HP Color LaserJet Enterprise M553,HP Color LaserJet Managed M651,HP Color LaserJet Enterprise M651,HP Color LaserJet Enterprise M652,HP Color LaserJet Enterprise M653,HP Color LaserJet Enterprise M750,HP Color LaserJet Managed E75245,HP Color LaserJet Enterprise M751,HP Color LaserJet Enterprise M855,HP Color LaserJet Enterprise Flow MFP M577,HP Color LaserJet Enterprise MFP M577,HP Color LaserJet Enterprise Flow MFP M680,HP Color LaserJet Enterprise MFP M680,HP Color LaserJet Enterprise flow MFP M681,HP Color LaserJet Enterprise MFP M681,HP Color LaserJet Enterprise flow MFP M682,HP Color LaserJet Enterprise MFP M682,HP Color LaserJet Enterprises CP5525,HP Color LaserJet Managed E55040dw,HP Color LaserJet Managed E65050/60,HP Color LaserJet Managed flow MFP E77822/25/30,HP Color LaserJet Managed flow MFP E57540,HP Color LaserJet Managed MFP E57540,HP Color LaserJet Managed flow MFP E67550/60,HP Color LaserJet Managed MFP E67550/60,HP Color LaserJet Managed MFP E77422/28,HP Color LaserJet Managed MFP E77822/25/30,HP Color LaserJet Managed flow MFP E87640/50/60,HP Color LaserJet Managed MFP E87640/50/60,HP Color LaserJet Managed Flow MFP M577,HP Color LaserJet Managed MFP M577,HP Color LaserJet Managed Flow MFP M680,HP Color LaserJet Managed MFP M680,HP LaserJet Enterprise 500 Color M551HP LaserJet Enterprise color flow MFP M575,HP LaserJet Enterprise 500 color MFP M575,HP LaserJet Enterprise Flow MFP M525,HP LaserJet Enterprise 500 MFP M525f,HP LaserJet Enterprise 600 M601,HP LaserJet Enterprise 600 M602,HP LaserJet Enterprise 600 M603,HP Color LaserJet Managed MFP M775,HP LaserJet Enterprise 700 color MFP M775,HP LaserJet Enterprise 700 M712,HP LaserJet Managed flow MFP M630,HP LaserJet Enterprise flow MFP M630,HP LaserJet Managed flow MFP M830,HP LaserJet Enterprise flow MFP M830,HP LaserJet Enterprise M4555 MFP,HP LaserJet Managed M506,HP LaserJet Enterprise M506,HP LaserJet Managed E50145,HP LaserJet Enterprise M507,HP LaserJet Enterprise M604,HP LaserJet Managed M605,HP LaserJet Enterprise M605,HP LaserJet Enterprise M606,HP LaserJet Enterprise M607,HP LaserJet Enterprise M608,HP LaserJet Enterprise M609,HP LaserJet Enterprise M806,HP LaserJet Enterprise Flow MFP M527z,HP LaserJet Enterprise MFP M527,HP LaserJet Managed MFP E52645,HP LaserJet Enterprise MFP M528,HP LaserJet Managed MFP M630,HP LaserJet Enterprise MFP M630,HP LaserJet Enterprise flow MFP M631,HP LaserJet Enterprise MFP M631,HP LaserJet Enterprise flow MFP M632,HP LaserJet Enterprise MFP M632,HP LaserJet Enterprise flow MFP M633,HP LaserJet Enterprise MFP M633,HP LaserJet Managed MFP M725,HP LaserJet Enterprise MFP M725,HP LaserJet Managed color flow MFP M575,HP LaserJet Managed 500 color MFP M575,HP LaserJet Managed Flow MFP M525,HP LaserJet Managed 500 MFP M525,HP LaserJet Managed E50045,HP LaserJet Managed E60055/65/75,HP LaserJet Managed flow MFP E52545c,HP LaserJet Managed MFP E52545,HP LaserJet Managed flow MFP E62555/65/75,HP LaserJet Managed MFP E62555/65,HP LaserJet Managed MFP E72425/30,HP LaserJet Managed flow MFP E72525/30/35,HP LaserJet Managed MFP E72525/30/35,HP LaserJet Managed flow MFP E82540/50/60,HP LaserJet Managed MFP E82540/50/60,HP LaserJet Managed Flow MFP M527z,HP LaserJet Managed MFP M527,HP OfficeJet Managed Color flow MFP X585,HP OfficeJet Enterprise Color flow MFP X585,HP OfficeJet Managed Color MFP X585,HP OfficeJet Enterprise Color MFP X585,HP OfficeJet Enterprise Color X555,HP PageWide Color 755,HP PageWide Color MFP 774,HP PageWide Color MFP 779,HP PageWide Enterprise Color 556,HP PageWide Enterprise Color 765,HP PageWide Enterprise Color Flow MFP 785,HP PageWide Enterprise Color flow MFP 586z,HP PageWide Enterprise Color MFP 586,HP PageWide Enterprise Color Flow MFP 780f,HP PageWide Enterprise Color MFP 780,HP PageWide Managed Color E55650,HP PageWide Managed Color E75160,HP PageWide Managed Color flow MFP E77660z,HP PageWide Managed Color flow MFP E58650z,HP PageWide Managed Color MFP E58650dn,HP PageWide Managed Color Flow MFP E77650/60z,HP PageWide Managed Color MFP E77650,HP PageWide Managed Color MFP P77440,HP PageWide Managed Color MFP P77940/50/60,HP PageWide Managed Color P75250,HP Scanjet Enterprise 8500 fn1 Document Capture Workstation,HP Digital Sender flow 8500 fn2 Document Capture Workstation,HP ScanJet Enterprise flow N9120 fn2 Document Scanner",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution of arbitrary code"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06447795",
"url": "https://support.hp.com/us-en/document/c06447795"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code."
}
]
}

81
2019/6xxx/CVE-2019-6472.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-08-28T21:08:44.000Z",
"ID": "CVE-2019-6472",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kea",
"version": {
"version_data": [
{
"version_name": "Kea",
"version_value": "1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,57 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions Affected: 1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6472",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6472"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
}
}

81
2019/6xxx/CVE-2019-6473.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-08-28T21:08:49.000Z",
"ID": "CVE-2019-6473",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kea",
"version": {
"version_data": [
{
"version_name": "Kea",
"version_value": "1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,57 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions Affected: 1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker who is able to deliberately exploit this vulnerability can cause the kea-dhcp4 server to stop executing, resulting in denial of service to clients. Only the DHCPv4 service is affected by this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6473",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6473"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
}
}

81
2019/6xxx/CVE-2019-6474.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-08-28T21:08:56.000Z",
"ID": "CVE-2019-6474",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kea",
"version": {
"version_data": [
{
"version_name": "Kea",
"version_value": "1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,57 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions Affected: 1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Only Kea servers which use memfile storage for leases are affected by this vulnerability. An attacker can exploit the missing check to deliberately create a situation where the server will not restart properly should it stop for any reason."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6474",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6474"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0"
}
],
"source": {
"discovery": "INTERNAL"
}
}

5
2019/7xxx/CVE-2019-7572.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7573.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7574.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7575.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7576.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7577.json
View File

@ -106,6 +106,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7578.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7635.json
View File

@ -121,6 +121,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7636.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

5
2019/7xxx/CVE-2019-7637.json
View File

@ -106,6 +106,11 @@
"refsource": "UBUNTU",
"name": "USN-4156-1",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4156-2",
"url": "https://usn.ubuntu.com/4156-2/"
}
]
}

15
2019/9xxx/CVE-2019-9506.json
View File

@ -172,6 +172,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2308",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3076",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3055",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3089",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
}
]
},