admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-12-23 20:01:07 +00:00
parent 1347303278
commit 2e9bb8a787
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 180 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2019/18xxx/CVE-2019-18236.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18236",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "WECON PLC Editor",
"version": {
"version_data": [
{
"version_value": "Version 1.3.5_20190129"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-353-03",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-353-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application."
}
]
}
}

6
2019/5xxx/CVE-2019-5144.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Kakadu",
"product_name": "Kakadu Software",
"version": {
"version_data": [
{
"version_value": "Safari Version 13.0.2 (15608.2.30.1.1) Webkit GIT 497221ef6a94f0603c1e8c4207094fc50e8ccf2a"
"version_value": "SDK 7.10.2 - Windows"
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A freed memory access vulnerability exists in the SVG Marker Element feature of Apple Safari's WebKit version 13.0.2. A specially crafted HTML web page can cause a use after free, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web page needs to be opened in the browser."
"value": "An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability."
}
]
}

71
2019/5xxx/CVE-2019-5539.json
View File

@ -1,17 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5539",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5539",
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_value": "15.x prior to 15.5.1"
}
]
}
},
{
"product_name": "Horizon View Agent",
"version": {
"version_data": [
{
"version_value": "7.10.x prior to 7.10.1"
},
{
"version_value": "7.5.x prior 7.5.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL hijacking vulnerability via Cortado Thinprint"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed."
}
]
}

58
2019/6xxx/CVE-2019-6147.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6147",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6147",
"ASSIGNER": "psirt@forcepoint.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Forcepoint",
"product": {
"product_data": [
{
"product_name": "NGFW Security Management Center",
"version": {
"version_data": [
{
"version_value": "Any version lower than 6.5.12 or 6.7.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rare internal database corruption can lead to incorrect IPSec configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.forcepoint.com/KBArticle?id=000017918",
"url": "https://support.forcepoint.com/KBArticle?id=000017918"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable."
}
]
}