"-Synchronized-Data."

This commit is contained in:
CVE Team 2019-05-09 16:00:50 +00:00
parent 0769790582
commit 2fd0509e54
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 475 additions and 246 deletions

View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12804",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jsummers/imageworsener/issues/30",
"refsource": "MISC",
"name": "https://github.com/jsummers/imageworsener/issues/30"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12805",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/664",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/664"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12806",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/660",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/660"
}
]
}

View File

@ -61,6 +61,16 @@
"refsource": "EXPLOIT-DB",
"name": "46377",
"url": "https://www.exploit-db.com/exploits/46377/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/B0UG/a750c2c204825453e6faf898ea6d09f6",
"url": "https://gist.github.com/B0UG/a750c2c204825453e6faf898ea6d09f6"
},
{
"refsource": "MISC",
"name": "https://vulners.com/exploitdb/EDB-ID:46377",
"url": "https://vulners.com/exploitdb/EDB-ID:46377"
}
]
}

View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691529",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1691529"
},
{
"url": "https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d",
"refsource": "MISC",
"name": "https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d"
},
{
"url": "https://github.com/golang/go/issues/30965",
"refsource": "MISC",
"name": "https://github.com/golang/go/issues/30965"
}
]
}
}

View File

@ -62,6 +62,11 @@
"name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
},
{
"refsource": "BID",
"name": "108279",
"url": "http://www.securityfocus.com/bid/108279"
}
]
}

View File

@ -67,6 +67,11 @@
"name": "https://www.facebook.com/security/advisories/cve-2019-3565",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3565"
},
{
"refsource": "BID",
"name": "108280",
"url": "http://www.securityfocus.com/bid/108280"
}
]
}

View File

@ -1,123 +1,123 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-05-07T00:00:00",
"ID" : "CVE-2019-4071"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"PR" : "H",
"UI" : "R",
"AV" : "N",
"S" : "U",
"C" : "H",
"A" : "H",
"SCORE" : "6.800",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 872900 (Spectrum Control Standard Edition)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10872900",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10872900"
},
{
"name" : "ibm-tivoli-cve20194071-csv-injection (157063)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157063",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-07T00:00:00",
"ID": "CVE-2019-4071"
},
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Control Standard Edition",
"version" : {
"version_data" : [
{
"version_value" : "5.2.1"
},
{
"version_value" : "5.2.8"
},
{
"version_value" : "5.2.11"
},
{
"version_value" : "5.2.12"
},
{
"version_value" : "5.2.13"
},
{
"version_value" : "5.2.14"
},
{
"version_value" : "5.2.15"
},
{
"version_value" : "5.2.16"
},
{
"version_value" : "5.2.10.1"
},
{
"version_value" : "5.2.15.2"
},
{
"version_value" : "5.2.17.0"
},
{
"version_value" : "5.2.17.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}
}
]
},
"description": {
"description_data": [
{
"value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"PR": "H",
"UI": "R",
"AV": "N",
"S": "U",
"C": "H",
"A": "H",
"SCORE": "6.800",
"AC": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 872900 (Spectrum Control Standard Edition)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872900",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10872900"
},
{
"name": "ibm-tivoli-cve20194071-csv-injection (157063)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157063",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Control Standard Edition",
"version": {
"version_data": [
{
"version_value": "5.2.1"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.11"
},
{
"version_value": "5.2.12"
},
{
"version_value": "5.2.13"
},
{
"version_value": "5.2.14"
},
{
"version_value": "5.2.15"
},
{
"version_value": "5.2.16"
},
{
"version_value": "5.2.10.1"
},
{
"version_value": "5.2.15.2"
},
{
"version_value": "5.2.17.0"
},
{
"version_value": "5.2.17.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

View File

@ -1,123 +1,123 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064."
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"S" : "U",
"AV" : "N",
"SCORE" : "4.700",
"A" : "L",
"C" : "L",
"PR" : "H",
"UI" : "N",
"I" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10873036",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10873036",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 873036 (Spectrum Control Standard Edition)"
},
{
"name" : "ibm-tivoli-cve20194072-session-fixation (157064)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Control Standard Edition",
"version" : {
"version_data" : [
{
"version_value" : "5.2.1"
},
{
"version_value" : "5.2.8"
},
{
"version_value" : "5.2.11"
},
{
"version_value" : "5.2.12"
},
{
"version_value" : "5.2.13"
},
{
"version_value" : "5.2.14"
},
{
"version_value" : "5.2.15"
},
{
"version_value" : "5.2.16"
},
{
"version_value" : "5.2.10.1"
},
{
"version_value" : "5.2.15.2"
},
{
"version_value" : "5.2.17.0"
},
{
"version_value" : "5.2.17.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-05-07T00:00:00",
"ID" : "CVE-2019-4072"
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064."
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"S": "U",
"AV": "N",
"SCORE": "4.700",
"A": "L",
"C": "L",
"PR": "H",
"UI": "N",
"I": "L"
}
}
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10873036",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 873036 (Spectrum Control Standard Edition)"
},
{
"name": "ibm-tivoli-cve20194072-session-fixation (157064)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Control Standard Edition",
"version": {
"version_data": [
{
"version_value": "5.2.1"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.11"
},
{
"version_value": "5.2.12"
},
{
"version_value": "5.2.13"
},
{
"version_value": "5.2.14"
},
{
"version_value": "5.2.15"
},
{
"version_value": "5.2.16"
},
{
"version_value": "5.2.10.1"
},
{
"version_value": "5.2.15.2"
},
{
"version_value": "5.2.17.0"
},
{
"version_value": "5.2.17.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-07T00:00:00",
"ID": "CVE-2019-4072"
}
}