admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-25 19:00:51 +00:00
parent b8a5650460
commit 26d4e55a65
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
31 changed files with 1317 additions and 710 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
2015/1xxx/CVE-2015-1007.json
View File

@ -1,17 +1,111 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1007",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1007",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Opto 22",
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "< R9.4008"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "< R9.4008"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "< R9.4g"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "< R9.4g"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
} }
] ]
} }

58
2015/1xxx/CVE-2015-1012.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1012",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1012",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hospira",
"product": {
"product_data": [
{
"product_name": "LifeCare PCA Infusion System",
"version": {
"version_data": [
{
"version_value": "<= 5.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access."
} }
] ]
} }

64
2015/1xxx/CVE-2015-1014.json
View File

@ -1,17 +1,67 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1014",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1014",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "OFS v3.5",
"version": {
"version_data": [
{
"version_value": "< v7.40 of SCADA Expert Vijeo Citect/CitectSCADA"
},
{
"version_value": "< v7.30 of Vijeo Citect/CitectSCADA"
},
{
"version_value": "< v7.20 of Vijeo Citect/CitectSCADA."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL hijacking CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version."
} }
] ]
} }

48
2018/12xxx/CVE-2018-12652.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12652", "ID": "CVE-2018-12652",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +11,52 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.knowcybersec.com/2019/02/CVE-2018-12652-reflected-XSS.html",
"url": "https://www.knowcybersec.com/2019/02/CVE-2018-12652-reflected-XSS.html"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
} }
} }

48
2018/12xxx/CVE-2018-12653.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12653", "ID": "CVE-2018-12653",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +11,52 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the RPT/SSRSDynamicEditReports.aspx ReportId parameter."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.knowcybersec.com/2019/02/CVE-2018-12653-reflected-XSS.html",
"url": "https://www.knowcybersec.com/2019/02/CVE-2018-12653-reflected-XSS.html"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
} }
} }

12
2018/16xxx/CVE-2018-16597.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
} }
] ]
}, },
@ -71,6 +71,16 @@
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862" "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K22691834",
"url": "https://support.f5.com/csp/article/K22691834"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:3202",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
} }
] ]
} }

4
2018/19xxx/CVE-2018-19872.json
View File

@ -36,8 +36,8 @@
}, },
{ {
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important- security-updates/", "name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important- security-updates/" "url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
} }
] ]
}, },

56
2019/10xxx/CVE-2019-10011.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10011",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-10011",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@mdavis332/higher-ed-erp-portal-vulnerability-create-your-own-accounts-d865bd22cdd8",
"refsource": "MISC",
"name": "https://medium.com/@mdavis332/higher-ed-erp-portal-vulnerability-create-your-own-accounts-d865bd22cdd8"
} }
] ]
} }

61
2019/10xxx/CVE-2019-10012.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10012",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-10012",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the Moxie Manager plugin before 2.1.4 in the ICS\\ICS.NET\\ICSFileServer/moxiemanager directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@mdavis332/critical-vulnerability-in-higher-ed-erp-55580f8880c",
"refsource": "MISC",
"name": "https://medium.com/@mdavis332/critical-vulnerability-in-higher-ed-erp-55580f8880c"
},
{
"url": "https://www.sjoerdlangkemper.nl/2016/09/15/uploading-webshells-with-moxiemanager/",
"refsource": "MISC",
"name": "https://www.sjoerdlangkemper.nl/2016/09/15/uploading-webshells-with-moxiemanager/"
} }
] ]
} }

56
2019/10xxx/CVE-2019-10039.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10039",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-10039",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_web_and_sys_account/README.md",
"refsource": "MISC",
"name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_web_and_sys_account/README.md"
} }
] ]
} }

56
2019/10xxx/CVE-2019-10040.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10040",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-10040",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/remote_cmd_exec_0/README.md",
"refsource": "MISC",
"name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/remote_cmd_exec_0/README.md"
} }
] ]
} }

56
2019/10xxx/CVE-2019-10041.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10041",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-10041",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_sys_account/README.md",
"refsource": "MISC",
"name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_sys_account/README.md"
} }
] ]
} }

56
2019/10xxx/CVE-2019-10042.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10042",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-10042",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/reset_router/README.md",
"refsource": "MISC",
"name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/reset_router/README.md"
} }
] ]
} }

18
2019/10xxx/CVE-2019-10043.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

174
2019/3xxx/CVE-2019-3395.json
View File

@ -1,92 +1,88 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@atlassian.com", "ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-03-20T10:00:00", "DATE_PUBLIC": "2019-03-20T10:00:00",
"ID": "CVE-2019-3395", "ID": "CVE-2019-3395",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Confluence Server", "product_name": "Confluence Server",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "6.6.7", "version_value": "6.6.7",
"version_affected": "<" "version_affected": "<"
}, },
{
"version_value": "6.7.0",
{ "version_affected": ">="
"version_value": "6.7.0", },
"version_affected": ">=" {
}, "version_value": "6.7.3",
{ "version_affected": "<="
"version_value": "6.7.3", },
"version_affected": "<=" {
}, "version_value": "6.8.0",
"version_affected": ">="
},
{ {
"version_value": "6.8.0", "version_value": "6.8.5",
"version_affected": ">=" "version_affected": "<"
}, },
{ {
"version_value": "6.8.5", "version_value": "6.9.0",
"version_affected": "<" "version_affected": ">="
}, },
{
"version_value": "6.9.3",
{ "version_affected": "<"
"version_value": "6.9.0", }
"version_affected": ">=" ]
}, }
{ }
"version_value": "6.9.3", ]
"version_affected": "<" },
} "vendor_name": "Atlassian"
] }
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references": { "data_type": "CVE",
"reference_data": [ "data_version": "4.0",
{ "description": {
"url": "https://jira.atlassian.com/browse/CONFSERVER-57971" "description_data": [
} {
] "lang": "eng",
} "value": "The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-57971",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-57971"
}
]
}
} }

174
2019/3xxx/CVE-2019-3396.json
View File

@ -1,92 +1,88 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@atlassian.com", "ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-03-20T10:00:00", "DATE_PUBLIC": "2019-03-20T10:00:00",
"ID": "CVE-2019-3396", "ID": "CVE-2019-3396",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Confluence Server", "product_name": "Confluence Server",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "6.6.12", "version_value": "6.6.12",
"version_affected": "<" "version_affected": "<"
}, },
{
"version_value": "6.7.0",
{ "version_affected": ">="
"version_value": "6.7.0", },
"version_affected": ">=" {
}, "version_value": "6.12.3",
{ "version_affected": "<"
"version_value": "6.12.3", },
"version_affected": "<" {
}, "version_value": "6.13.0",
"version_affected": ">"
},
{ {
"version_value": "6.13.0", "version_value": "6.13.3",
"version_affected": ">" "version_affected": "<"
}, },
{ {
"version_value": "6.13.3", "version_value": "6.14.0",
"version_affected": "<" "version_affected": ">"
}, },
{
"version_value": "6.14.2",
{ "version_affected": "<"
"version_value": "6.14.0", }
"version_affected": ">" ]
}, }
{ }
"version_value": "6.14.2", ]
"version_affected": "<" },
} "vendor_name": "Atlassian"
] }
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Template Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references": { "data_type": "CVE",
"reference_data": [ "data_version": "4.0",
{ "description": {
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974" "description_data": [
} {
] "lang": "eng",
} "value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Template Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-57974"
}
]
}
} }

11
2019/3xxx/CVE-2019-3835.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3835", "ID": "CVE-2019-3835",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -49,7 +50,9 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=700585" "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700585",
"refsource": "MISC",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=700585"
} }
] ]
}, },
@ -57,7 +60,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." "value": "It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER."
} }
] ]
}, },
@ -71,4 +74,4 @@
] ]
] ]
} }
} }

9
2019/3xxx/CVE-2019-3838.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3838", "ID": "CVE-2019-3838",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -49,7 +50,9 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=700576" "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700576",
"refsource": "MISC",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=700576"
} }
] ]
}, },
@ -71,4 +74,4 @@
] ]
] ]
} }
} }

9
2019/3xxx/CVE-2019-3856.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3856", "ID": "CVE-2019-3856",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -52,7 +53,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.libssh2.org/CVE-2019-3856.html" "url": "https://www.libssh2.org/CVE-2019-3856.html",
"refsource": "MISC",
"name": "https://www.libssh2.org/CVE-2019-3856.html"
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856",
@ -79,4 +82,4 @@
] ]
] ]
} }
} }

9
2019/3xxx/CVE-2019-3857.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3857", "ID": "CVE-2019-3857",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -57,7 +58,9 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"url": "https://www.libssh2.org/CVE-2019-3857.html" "url": "https://www.libssh2.org/CVE-2019-3857.html",
"refsource": "MISC",
"name": "https://www.libssh2.org/CVE-2019-3857.html"
} }
] ]
}, },
@ -79,4 +82,4 @@
] ]
] ]
} }
} }

9
2019/3xxx/CVE-2019-3860.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3860", "ID": "CVE-2019-3860",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -44,7 +45,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.libssh2.org/CVE-2019-3860.html" "url": "https://www.libssh2.org/CVE-2019-3860.html",
"refsource": "MISC",
"name": "https://www.libssh2.org/CVE-2019-3860.html"
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860",
@ -71,4 +74,4 @@
] ]
] ]
} }
} }

9
2019/3xxx/CVE-2019-3861.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3861", "ID": "CVE-2019-3861",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -44,7 +45,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.libssh2.org/CVE-2019-3861.html" "url": "https://www.libssh2.org/CVE-2019-3861.html",
"refsource": "MISC",
"name": "https://www.libssh2.org/CVE-2019-3861.html"
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861",
@ -71,4 +74,4 @@
] ]
] ]
} }
} }

5
2019/3xxx/CVE-2019-3874.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3874", "ID": "CVE-2019-3874",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -68,4 +69,4 @@
] ]
] ]
} }
} }

7
2019/3xxx/CVE-2019-3879.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3879", "ID": "CVE-2019-3879",
"ASSIGNER": "psampaio@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -54,7 +55,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests." "value": "It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests."
} }
] ]
}, },
@ -68,4 +69,4 @@
] ]
] ]
} }
} }

200
2019/4xxx/CVE-2019-4046.json
View File

@ -1,102 +1,102 @@
{ {
"data_format" : "MITRE", "data_format": "MITRE",
"data_version" : "4.0", "data_version": "4.0",
"impact" : { "impact": {
"cvssv3" : { "cvssv3": {
"BM" : { "BM": {
"AC" : "H", "AC": "H",
"PR" : "N", "PR": "N",
"A" : "H", "A": "H",
"I" : "N", "I": "N",
"C" : "N", "C": "N",
"UI" : "N", "UI": "N",
"SCORE" : "5.900", "SCORE": "5.900",
"S" : "U", "S": "U",
"AV" : "N" "AV": "N"
}, },
"TM" : { "TM": {
"RC" : "C", "RC": "C",
"E" : "U", "E": "U",
"RL" : "O" "RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
},
{
"version_value" : "Liberty"
}
]
},
"product_name" : "WebSphere Application Server"
}
]
}
} }
] }
} },
}, "problemtype": {
"description" : { "problemtype_data": [
"description_data" : [ {
{ "description": [
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.", {
"lang" : "eng" "value": "Denial of Service",
} "lang": "eng"
] }
}, ]
"CVE_data_meta" : { }
"ID" : "CVE-2019-4046", ]
"ASSIGNER" : "psirt@us.ibm.com", },
"STATE" : "PUBLIC", "affects": {
"DATE_PUBLIC" : "2019-03-21T00:00:00" "vendor": {
}, "vendor_data": [
"data_type" : "CVE", {
"references" : { "vendor_name": "IBM",
"reference_data" : [ "product": {
{ "product_data": [
"title" : "IBM Security Bulletin 869570 (WebSphere Application Server)", {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10869570", "version": {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10869570", "version_data": [
"refsource" : "CONFIRM" {
}, "version_value": "7.0"
{ },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156242", "version_value": "8.0"
"name" : "ibm-websphere-cve20194046-dos (156242)", },
"title" : "X-Force Vulnerability Report" {
} "version_value": "8.5"
] },
} {
} "version_value": "9.0"
},
{
"version_value": "Liberty"
}
]
},
"product_name": "WebSphere Application Server"
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4046",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-03-21T00:00:00"
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 869570 (WebSphere Application Server)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10869570",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869570",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156242",
"name": "ibm-websphere-cve20194046-dos (156242)",
"title": "X-Force Vulnerability Report"
}
]
}
}

118
2019/7xxx/CVE-2019-7608.json
View File

@ -1,63 +1,67 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "bressers@elastic.co", "ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7608", "ID": "CVE-2019-7608",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "Elastic", "vendor_name": "Elastic",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Kibana", "product_name": "Kibana",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "before 5.6.15 and 6.6.1" "version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
"lang": "eng", }
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation" ]
} }
] ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
{ "refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" "name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
}, },
{ {
"url": "https://www.elastic.co/community/security" "url": "https://www.elastic.co/community/security",
} "refsource": "MISC",
] "name": "https://www.elastic.co/community/security"
}, }
"description": { ]
"description_data": [ },
{ "description": {
"lang": "eng", "description_data": [
"value": "Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users." {
} "lang": "eng",
] "value": "Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
} }
} ]
}
}

119
2019/7xxx/CVE-2019-7609.json
View File

@ -1,64 +1,67 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "bressers@elastic.co", "ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7609", "ID": "CVE-2019-7609",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "Elastic", "vendor_name": "Elastic",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Kibana", "product_name": "Kibana",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "before 5.6.15 and 6.6.1" "version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"
"lang": "eng", }
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" ]
} }
] ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
{ "refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" "name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
}, },
{ {
"url": "https://www.elastic.co/community/security" "url": "https://www.elastic.co/community/security",
} "refsource": "MISC",
] "name": "https://www.elastic.co/community/security"
}, }
"description": { ]
"description_data": [ },
{ "description": {
"lang": "eng", "description_data": [
"value": "Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system." {
} "lang": "eng",
] "value": "Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system."
} }
} ]
}
}

118
2019/7xxx/CVE-2019-7610.json
View File

@ -1,63 +1,67 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "bressers@elastic.co", "ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7610", "ID": "CVE-2019-7610",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "Elastic", "vendor_name": "Elastic",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Kibana", "product_name": "Kibana",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "before 5.6.15 and 6.6.1" "version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"
"lang": "eng", }
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" ]
} }
] ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
{ "refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" "name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
}, },
{ {
"url": "https://www.elastic.co/community/security" "url": "https://www.elastic.co/community/security",
} "refsource": "MISC",
] "name": "https://www.elastic.co/community/security"
}, }
"description": { ]
"description_data": [ },
{ "description": {
"lang": "eng", "description_data": [
"value": "Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system." {
} "lang": "eng",
] "value": "Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system."
} }
} ]
}
}

118
2019/7xxx/CVE-2019-7611.json
View File

@ -1,63 +1,67 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "bressers@elastic.co", "ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7611", "ID": "CVE-2019-7611",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "Elastic", "vendor_name": "Elastic",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Elasticsearch", "product_name": "Elasticsearch",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "before 5.6.15 and 6.6.1" "version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-284: Improper Access Control"
"lang": "eng", }
"value": "CWE-284: Improper Access Control" ]
} }
] ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
{ "refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" "name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
}, },
{ {
"url": "https://www.elastic.co/community/security" "url": "https://www.elastic.co/community/security",
} "refsource": "MISC",
] "name": "https://www.elastic.co/community/security"
}, }
"description": { ]
"description_data": [ },
{ "description": {
"lang": "eng", "description_data": [
"value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index." {
} "lang": "eng",
] "value": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index."
} }
} ]
}
}

119
2019/7xxx/CVE-2019-7612.json
View File

@ -1,64 +1,67 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "bressers@elastic.co", "ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7612", "ID": "CVE-2019-7612",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "Elastic", "vendor_name": "Elastic",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Logstash", "product_name": "Logstash",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "before 5.6.15 and 6.6.1" "version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-209: Information Exposure Through an Error Message"
"lang": "eng", }
"value": "CWE-209: Information Exposure Through an Error Message" ]
} }
] ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
{ "refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077" "name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
}, },
{ {
"url": "https://www.elastic.co/community/security" "url": "https://www.elastic.co/community/security",
} "refsource": "MISC",
] "name": "https://www.elastic.co/community/security"
}, }
"description": { ]
"description_data": [ },
{ "description": {
"lang": "eng", "description_data": [
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message." {
} "lang": "eng",
] "value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
} }
} ]
}
}

118
2019/7xxx/CVE-2019-7613.json
View File

@ -1,63 +1,67 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "bressers@elastic.co", "ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7613", "ID": "CVE-2019-7613",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "Elastic", "vendor_name": "Elastic",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Logstash", "product_name": "Logstash",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "before 5.6.16 and 6.6.2" "version_value": "before 5.6.16 and 6.6.2"
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-778: Insufficient Logging"
"lang": "eng", }
"value": "CWE-778: Insufficient Logging" ]
} }
] ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://www.elastic.co/community/security",
{ "refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180" "name": "https://www.elastic.co/community/security"
}, },
{ {
"url": "https://www.elastic.co/community/security" "url": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180",
} "refsource": "MISC",
] "name": "https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180"
}, }
"description": { ]
"description_data": [ },
{ "description": {
"lang": "eng", "description_data": [
"value": "Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event." {
} "lang": "eng",
] "value": "Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event."
} }
} ]
}
}