admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-18 16:01:10 +00:00
parent f3add869fa
commit 2d9e15d681
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 487 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2019/10xxx/CVE-2019-10792.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Snyk",
"product": {
"product_data": [
{
"product_name": "bodymen",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b",
"url": "https://github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-BODYMEN-548897",
"url": "https://snyk.io/vuln/SNYK-JS-BODYMEN-548897"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload."
}
]
}

55
2019/10xxx/CVE-2019-10793.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Snyk",
"product": {
"product_data": [
{
"product_name": "dot-object",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 2.1.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/rhalff/dot-object/commit/f76cff5fe6d01d30ce110d8f454db2e5bd28a7de",
"url": "https://github.com/rhalff/dot-object/commit/f76cff5fe6d01d30ce110d8f454db2e5bd28a7de"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-DOTOBJECT-548905",
"url": "https://snyk.io/vuln/SNYK-JS-DOTOBJECT-548905"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload."
}
]
}

50
2019/10xxx/CVE-2019-10794.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Snyk",
"product": {
"product_data": [
{
"product_name": "component-flatten",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://snyk.io/vuln/SNYK-JS-COMPONENTFLATTEN-548907",
"url": "https://snyk.io/vuln/SNYK-JS-COMPONENTFLATTEN-548907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload."
}
]
}

55
2019/10xxx/CVE-2019-10795.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Snyk",
"product": {
"product_data": [
{
"product_name": "undefsafe",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 2.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-UNDEFSAFE-548940",
"url": "https://snyk.io/vuln/SNYK-JS-UNDEFSAFE-548940"
},
{
"refsource": "MISC",
"name": "https://github.com/remy/undefsafe/commit/f272681b3a50e2c4cbb6a8533795e1453382c822",
"url": "https://github.com/remy/undefsafe/commit/f272681b3a50e2c4cbb6a8533795e1453382c822"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload."
}
]
}

74
2019/15xxx/CVE-2019-15875.json Normal file
View File

@ -0,0 +1,74 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15875",
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "12.1-STABLE before r354734"
},
{
"version_value": "12.1-RELEASE before 12.1-RELEASE-p2"
},
{
"version_value": "12.0-RELEASE before 12.0-RELEASE-p13"
},
{
"version_value": "11.3-STABLE before r354735"
},
{
"version_value": "11.3-RELEASE before 11.3-RELEASE-p6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel information exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack."
}
]
}
}

5
2019/16xxx/CVE-2019-16865.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-19a161d540",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/"
},
{
"refsource": "UBUNTU",
"name": "USN-4272-1",
"url": "https://usn.ubuntu.com/4272-1/"
}
]
}

5
2019/17xxx/CVE-2019-17626.json
View File

@ -96,6 +96,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0160",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4273-1",
"url": "https://usn.ubuntu.com/4273-1/"
}
]
}

65
2019/18xxx/CVE-2019-18352.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/de-de/advisories/vde-2019-020",
"refsource": "MISC",
"name": "https://cert.vde.com/de-de/advisories/vde-2019-020"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

5
2019/19xxx/CVE-2019-19911.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4272-1",
"url": "https://usn.ubuntu.com/4272-1/"
}
]
}

64
2019/5xxx/CVE-2019-5613.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5613",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5613",
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "12.0 before 12.0-RELEASE-p13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for unusual conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated."
}
]
}

5
2020/5xxx/CVE-2020-5310.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df444e464e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/"
},
{
"refsource": "UBUNTU",
"name": "USN-4272-1",
"url": "https://usn.ubuntu.com/4272-1/"
}
]
}

5
2020/5xxx/CVE-2020-5311.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df444e464e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/"
},
{
"refsource": "UBUNTU",
"name": "USN-4272-1",
"url": "https://usn.ubuntu.com/4272-1/"
}
]
}

5
2020/5xxx/CVE-2020-5312.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df444e464e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/"
},
{
"refsource": "UBUNTU",
"name": "USN-4272-1",
"url": "https://usn.ubuntu.com/4272-1/"
}
]
}

5
2020/5xxx/CVE-2020-5313.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df444e464e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/"
},
{
"refsource": "UBUNTU",
"name": "USN-4272-1",
"url": "https://usn.ubuntu.com/4272-1/"
}
]
}

62
2020/7xxx/CVE-2020-7450.json
View File

@ -4,14 +4,70 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "12.1-STABLE before r357213"
},
{
"version_value": "12.1-RELEASE before 12.1-RELEASE-p2"
},
{
"version_value": "12.0-RELEASE before 12.0-RELEASE-p13"
},
{
"version_value": "11.3-STABLE before r357214"
},
{
"version_value": "11.3-RELEASE before 11.3-RELEASE-p6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:01.libfetch.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:01.libfetch.asc"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution."
}
]
}