admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-29 16:01:03 +00:00
parent 11277530ff
commit 2efe61a55b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
20 changed files with 939 additions and 620 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2015/6xxx/CVE-2015-6806.json
View File

@ -81,6 +81,11 @@
"name": "DSA-3352",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3352"
},
{
"refsource": "UBUNTU",
"name": "USN-3996-1",
"url": "https://usn.ubuntu.com/3996-1/"
}
]
}

5
2019/10xxx/CVE-2019-10919.json
View File

@ -58,6 +58,11 @@
"refsource": "BUGTRAQ",
"name": "20190529 [SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306)",
"url": "https://seclists.org/bugtraq/2019/May/73"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153123/Siemens-LOGO-8-Missing-Authentication.html",
"url": "http://packetstormsecurity.com/files/153123/Siemens-LOGO-8-Missing-Authentication.html"
}
]
},

5
2019/10xxx/CVE-2019-10920.json
View File

@ -58,6 +58,11 @@
"refsource": "BUGTRAQ",
"name": "20190529 [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321)",
"url": "https://seclists.org/bugtraq/2019/May/72"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153122/Siemens-LOGO-8-Hard-Coded-Cryptographic-Key.html",
"url": "http://packetstormsecurity.com/files/153122/Siemens-LOGO-8-Hard-Coded-Cryptographic-Key.html"
}
]
},

5
2019/10xxx/CVE-2019-10921.json
View File

@ -58,6 +58,11 @@
"refsource": "BUGTRAQ",
"name": "20190529 [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)",
"url": "https://seclists.org/bugtraq/2019/May/74"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format.html",
"url": "http://packetstormsecurity.com/files/153124/Siemens-LOGO-8-Recoverable-Password-Format.html"
}
]
},

66
2019/12xxx/CVE-2019-12440.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://kb.sitecore.net/articles/842902",
"refsource": "MISC",
"name": "https://kb.sitecore.net/articles/842902"
},
{
"url": "https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149",
"refsource": "MISC",
"name": "https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149"
},
{
"url": "https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a",
"refsource": "MISC",
"name": "https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a"
}
]
}

18
2019/12xxx/CVE-2019-12441.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12442.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12443.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12444.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12445.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12446.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

226
2019/4xxx/CVE-2019-4137.json
View File

@ -1,117 +1,117 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"title" : "IBM Security Bulletin 880375 (Spectrum Control Standard Edition)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve20194137-xss (158333)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158333"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
},
"BM" : {
"AV" : "N",
"PR" : "N",
"SCORE" : "6.100",
"AC" : "L",
"I" : "L",
"A" : "N",
"C" : "L",
"S" : "C",
"UI" : "R"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Control Standard Edition",
"version" : {
"version_data" : [
{
"version_value" : "5.2.13"
},
{
"version_value" : "5.2.14"
},
{
"version_value" : "5.2.15"
},
{
"version_value" : "5.2.16"
},
{
"version_value" : "5.2.15.2"
},
{
"version_value" : "5.2.17.0"
},
{
"version_value" : "5.2.17.1"
},
{
"version_value" : "5.2.17.2"
},
{
"version_value" : "5.3.0.1"
},
{
"version_value" : "5.3.15.3.2"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333."
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-23T00:00:00",
"ID" : "CVE-2019-4137"
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"title": "IBM Security Bulletin 880375 (Spectrum Control Standard Edition)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve20194137-xss (158333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158333"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
},
"BM": {
"AV": "N",
"PR": "N",
"SCORE": "6.100",
"AC": "L",
"I": "L",
"A": "N",
"C": "L",
"S": "C",
"UI": "R"
}
}
},
"data_type": "CVE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Spectrum Control Standard Edition",
"version": {
"version_data": [
{
"version_value": "5.2.13"
},
{
"version_value": "5.2.14"
},
{
"version_value": "5.2.15"
},
{
"version_value": "5.2.16"
},
{
"version_value": "5.2.15.2"
},
{
"version_value": "5.2.17.0"
},
{
"version_value": "5.2.17.1"
},
{
"version_value": "5.2.17.2"
},
{
"version_value": "5.3.0.1"
},
{
"version_value": "5.3.15.3.2"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-23T00:00:00",
"ID": "CVE-2019-4137"
}
}

228
2019/4xxx/CVE-2019-4138.json
View File

@ -1,117 +1,117 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.2.13"
},
{
"version_value" : "5.2.14"
},
{
"version_value" : "5.2.15"
},
{
"version_value" : "5.2.16"
},
{
"version_value" : "5.2.15.2"
},
{
"version_value" : "5.2.17.0"
},
{
"version_value" : "5.2.17.1"
},
{
"version_value" : "5.2.17.2"
},
{
"version_value" : "5.3.0.1"
},
{
"version_value" : "5.3.15.3.2"
}
]
},
"product_name" : "Spectrum Control Standard Edition"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-05-23T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4138",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.2.13"
},
{
"version_value": "5.2.14"
},
{
"version_value": "5.2.15"
},
{
"version_value": "5.2.16"
},
{
"version_value": "5.2.15.2"
},
{
"version_value": "5.2.17.0"
},
{
"version_value": "5.2.17.1"
},
{
"version_value": "5.2.17.2"
},
{
"version_value": "5.3.0.1"
},
{
"version_value": "5.3.15.3.2"
}
]
},
"product_name": "Spectrum Control Standard Edition"
}
]
}
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"C" : "H",
"A" : "N",
"I" : "N",
"AC" : "H",
"PR" : "N",
"AV" : "N",
"SCORE" : "5.900"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"title" : "IBM Security Bulletin 880375 (Spectrum Control Standard Edition)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve20194138-info-disc (158334)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158334"
}
]
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-05-23T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4138",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"UI": "N",
"C": "H",
"A": "N",
"I": "N",
"AC": "H",
"PR": "N",
"AV": "N",
"SCORE": "5.900"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10880375",
"title": "IBM Security Bulletin 880375 (Spectrum Control Standard Edition)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve20194138-info-disc (158334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158334"
}
]
}
}

184
2019/4xxx/CVE-2019-4139.json
View File

@ -1,96 +1,96 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-23T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4139"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.1.0"
},
{
"version_value" : "11.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 883872 (Cognos Analytics)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10883872",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10883872"
},
{
"name" : "ibm-cognos-cve20194139-xss (158335)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158335",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.400",
"AV" : "N",
"PR" : "L",
"AC" : "L",
"A" : "N",
"I" : "L",
"C" : "L",
"UI" : "R",
"S" : "C"
}
}
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-23T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4139"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.0"
},
{
"version_value": "11.1.0"
},
{
"version_value": "11.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 883872 (Cognos Analytics)",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10883872",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10883872"
},
{
"name": "ibm-cognos-cve20194139-xss (158335)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158335",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"SCORE": "5.400",
"AV": "N",
"PR": "L",
"AC": "L",
"A": "N",
"I": "L",
"C": "L",
"UI": "R",
"S": "C"
}
}
}
}

216
2019/4xxx/CVE-2019-4184.json
View File

@ -1,111 +1,111 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Jazz Reporting Service",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4184",
"DATE_PUBLIC" : "2019-05-24T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Jazz Reporting Service",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
}
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"C" : "L",
"S" : "C",
"UI" : "R",
"I" : "L",
"A" : "N",
"SCORE" : "5.400",
"PR" : "L",
"AV" : "N",
"AC" : "L"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 884604 (Jazz Reporting Service)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10884604",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10884604"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158974",
"refsource" : "XF",
"name" : "ibm-jrs-cve20194184-xss (158974)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974.",
"lang" : "eng"
}
]
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4184",
"DATE_PUBLIC": "2019-05-24T00:00:00",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM": {
"C": "L",
"S": "C",
"UI": "R",
"I": "L",
"A": "N",
"SCORE": "5.400",
"PR": "L",
"AV": "N",
"AC": "L"
}
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 884604 (Jazz Reporting Service)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10884604",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10884604"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158974",
"refsource": "XF",
"name": "ibm-jrs-cve20194184-xss (158974)",
"title": "X-Force Vulnerability Report"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974.",
"lang": "eng"
}
]
}
}

178
2019/4xxx/CVE-2019-4256.json
View File

@ -1,93 +1,93 @@
{
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"S" : "U",
"C" : "H",
"A" : "N",
"I" : "N",
"AC" : "H",
"SCORE" : "5.900",
"AV" : "N",
"PR" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 882968 (API Connect)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10882968",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10882968"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159944",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-api-cve20194256-info-disc (159944)"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.0.0.0"
},
{
"version_value" : "5.0.8.6"
}
]
},
"product_name" : "API Connect"
}
]
},
"vendor_name" : "IBM"
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"S": "U",
"C": "H",
"A": "N",
"I": "N",
"AC": "H",
"SCORE": "5.900",
"AV": "N",
"PR": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4256",
"DATE_PUBLIC" : "2019-05-22T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 882968 (API Connect)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10882968",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10882968"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159944",
"title": "X-Force Vulnerability Report",
"name": "ibm-api-cve20194256-info-disc (159944)"
}
]
},
"description": {
"description_data": [
{
"value": "IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.0.0.0"
},
{
"version_value": "5.0.8.6"
}
]
},
"product_name": "API Connect"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4256",
"DATE_PUBLIC": "2019-05-22T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}

172
2019/4xxx/CVE-2019-4264.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4264",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-24T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.2.8"
}
]
},
"product_name" : "QRadar SIEM"
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 885464 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10885464",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10885464"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160072",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20194264-info-disc (160072)"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"S" : "U",
"UI" : "N",
"C" : "H",
"AC" : "H",
"AV" : "N",
"PR" : "N",
"SCORE" : "5.900",
"A" : "N",
"I" : "N"
}
}
},
"data_type" : "CVE",
"data_version" : "4.0"
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4264",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-24T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.2.8"
}
]
},
"product_name": "QRadar SIEM"
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 885464 (QRadar SIEM)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10885464",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10885464"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160072",
"title": "X-Force Vulnerability Report",
"name": "ibm-qradar-cve20194264-info-disc (160072)"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"S": "U",
"UI": "N",
"C": "H",
"AC": "H",
"AV": "N",
"PR": "N",
"SCORE": "5.900",
"A": "N",
"I": "N"
}
}
},
"data_type": "CVE",
"data_version": "4.0"
}

53
2019/7xxx/CVE-2019-7549.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7549",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control,"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/"
}
]
}

48
2019/9xxx/CVE-2019-9177.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9177",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption (issue 2 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
}
]
}

48
2019/9xxx/CVE-2019-9218.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9218",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
}
]
}