admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-29 19:01:29 +00:00
parent 6d81adf673
commit 32573ad07b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 1906 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2010/4xxx/CVE-2010-4237.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-4237",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mercurial",
"product": {
"product_data": [
{
"product_name": "mercurial",
"version": {
"version_data": [
{
"version_value": "1.6.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4237",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4237"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841"
},
{
"refsource": "CONFIRM",
"name": "https://bz.mercurial-scm.org/show_bug.cgi?id=2407",
"url": "https://bz.mercurial-scm.org/show_bug.cgi?id=2407"
}
]
}

53
2011/0xxx/CVE-2011-0428.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0428",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"refsource": "CONFIRM",
"name": "https://ikiwiki.info/security/#index38h2",
"url": "https://ikiwiki.info/security/#index38h2"
}
]
}

5
2015/0xxx/CVE-2015-0008.json
View File

@ -86,6 +86,11 @@
"name": "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/",
"refsource": "MISC",
"url": "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html"
}
]
}

5
2015/0xxx/CVE-2015-0009.json
View File

@ -71,6 +71,11 @@
"name": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155007/Microsoft-Windows-Server-2012-Group-Policy-Security-Feature-Bypass.html",
"url": "http://packetstormsecurity.com/files/155007/Microsoft-Windows-Server-2012-Group-Policy-Security-Feature-Bypass.html"
}
]
}

50
2016/4xxx/CVE-2016-4289.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4289",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GMER",
"product": {
"product_data": [
{
"product_name": "GMER",
"version": {
"version_data": [
{
"version_value": "2.1.19357"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0127/",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0127/"
}
]
}

5
2018/0xxx/CVE-2018-0503.json
View File

@ -78,6 +78,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3142",
"url": "https://access.redhat.com/errata/RHSA-2019:3142"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3238",
"url": "https://access.redhat.com/errata/RHSA-2019:3238"
}
]
},

5
2018/0xxx/CVE-2018-0504.json
View File

@ -73,6 +73,11 @@
"name": "DSA-4301",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4301"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3238",
"url": "https://access.redhat.com/errata/RHSA-2019:3238"
}
]
},

5
2018/0xxx/CVE-2018-0505.json
View File

@ -78,6 +78,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3142",
"url": "https://access.redhat.com/errata/RHSA-2019:3142"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3238",
"url": "https://access.redhat.com/errata/RHSA-2019:3238"
}
]
},

48
2018/10xxx/CVE-2018-10727.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10727",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Fabrik/fabrik/issues/2033",
"refsource": "MISC",
"name": "https://github.com/Fabrik/fabrik/issues/2033"
}
]
}

5
2018/10xxx/CVE-2018-10902.json
View File

@ -146,6 +146,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:0641",
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3217",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
}
]
}

10
2018/11xxx/CVE-2018-11768.json
View File

@ -68,6 +68,16 @@
"refsource": "MLIST",
"name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption",
"url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr",
"url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr",
"url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E"
}
]
},

5
2018/15xxx/CVE-2018-15686.json
View File

@ -111,6 +111,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2091",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3222",
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
}
]
},

5
2018/16xxx/CVE-2018-16866.json
View File

@ -129,6 +129,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2091",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3222",
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
}
]
}

5
2018/19xxx/CVE-2018-19788.json
View File

@ -91,6 +91,11 @@
"refsource": "GENTOO",
"name": "GLSA-201908-14",
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3232",
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
}
]
}

5
2018/20xxx/CVE-2018-20856.json
View File

@ -141,6 +141,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3217",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
}
]
}

5
2019/1010xxx/CVE-2019-1010238.json
View File

@ -106,6 +106,11 @@
"refsource": "REDHAT",
"name": "RHBA-2019:2824",
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3234",
"url": "https://access.redhat.com/errata/RHSA-2019:3234"
}
]
}

10
2019/10xxx/CVE-2019-10743.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "github.com/mholt/archiver/cmd/arc",
"product_name": "archiver",
"version": {
"version_data": [
{
"version_value": "versions 3.0.0 and later"
"version_value": "All versions"
}
]
}
@ -56,8 +56,8 @@
},
{
"refsource": "MISC",
"name": "https://github.com/mholt/archiver/pull/169,",
"url": "https://github.com/mholt/archiver/pull/169,"
"name": "https://github.com/mholt/archiver/pull/169",
"url": "https://github.com/mholt/archiver/pull/169"
}
]
},
@ -65,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip). The package is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder."
"value": "All versions of archiver allow attacker to perform a Zip Slip attack via the \"unarchive\" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a \"../../file.exe\" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily."
}
]
}

55
2019/10xxx/CVE-2019-10749.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "sequelize",
"version": {
"version_data": [
{
"version_value": "All versions prior to version\u00a03.35.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222",
"url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222"
},
{
"refsource": "MISC",
"name": "https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68",
"url": "https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect."
}
]
}

17
2019/11xxx/CVE-2019-11021.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution."
"value": "** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: \"While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.\""
}
]
},
@ -61,6 +61,21 @@
"refsource": "MISC",
"name": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/",
"url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/"
},
{
"refsource": "MISC",
"name": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021",
"url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021"
},
{
"refsource": "MISC",
"name": "https://vuldb.com/?id.144129",
"url": "https://vuldb.com/?id.144129"
},
{
"refsource": "MISC",
"name": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html",
"url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html"
}
]
}

5
2019/11xxx/CVE-2019-11810.json
View File

@ -151,6 +151,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2837",
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3217",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
}
]
}

5
2019/12xxx/CVE-2019-12290.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de",
"url": "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de"
},
{
"refsource": "UBUNTU",
"name": "USN-4168-1",
"url": "https://usn.ubuntu.com/4168-1/"
}
]
}

67
2019/13xxx/CVE-2019-13066.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sahipro.com/downloads-archive/",
"refsource": "MISC",
"name": "https://sahipro.com/downloads-archive/"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/154985/Sahi-Pro-8.x-Cross-Site-Scripting.html",
"url": "https://packetstormsecurity.com/files/154985/Sahi-Pro-8.x-Cross-Site-Scripting.html"
}
]
}
}

5
2019/14xxx/CVE-2019-14287.json
View File

@ -151,6 +151,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3209",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3219",
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
}
]
}

5
2019/14xxx/CVE-2019-14823.json
View File

@ -74,6 +74,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-24a0a2f24e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3225",
"url": "https://access.redhat.com/errata/RHSA-2019:3225"
}
]
},

62
2019/15xxx/CVE-2019-15678.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15678",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kaspersky",
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity."
}
]
}
}

62
2019/15xxx/CVE-2019-15679.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15679",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kaspersky",
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
}
]
}
}

62
2019/15xxx/CVE-2019-15680.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15680",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kaspersky",
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity."
}
]
}
}

62
2019/15xxx/CVE-2019-15681.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15681",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kaspersky",
"product": {
"product_data": [
{
"product_name": "LibVNC",
"version": {
"version_data": [
{
"version_value": "0.9.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665: Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a",
"url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a."
}
]
}
}

62
2019/15xxx/CVE-2019-15683.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15683",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kaspersky",
"product": {
"product_data": [
{
"product_name": "TurboVNC",
"version": {
"version_data": [
{
"version_value": "commit prior to cea98166008301e614e0d36776bf9435a536136e"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e",
"url": "https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e."
}
]
}
}

5
2019/15xxx/CVE-2019-15903.json
View File

@ -161,6 +161,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3210",
"url": "https://access.redhat.com/errata/RHSA-2019:3210"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3237",
"url": "https://access.redhat.com/errata/RHSA-2019:3237"
}
]
}

5
2019/15xxx/CVE-2019-15929.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31",
"url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html",
"url": "http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html"
}
]
}

67
2019/16xxx/CVE-2019-16647.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://forum.maxthon.com/index.php?/topic/24472-unquoted-search-path-and-potential-abuses/",
"url": "http://forum.maxthon.com/index.php?/topic/24472-unquoted-search-path-and-potential-abuses/"
},
{
"refsource": "MISC",
"name": "https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647",
"url": "https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647"
}
]
}
}

5
2019/16xxx/CVE-2019-16662.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"name": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/",
"url": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html"
}
]
}

5
2019/18xxx/CVE-2019-18224.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420"
},
{
"refsource": "UBUNTU",
"name": "USN-4168-1",
"url": "https://usn.ubuntu.com/4168-1/"
}
]
}

62
2019/18xxx/CVE-2019-18608.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cl0udz/vulnerabilities/blob/master/cezerin-manipulate_order_information/README.md",
"refsource": "MISC",
"name": "https://github.com/cl0udz/vulnerabilities/blob/master/cezerin-manipulate_order_information/README.md"
}
]
}
}

67
2019/18xxx/CVE-2019-18611.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T234862",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T234862"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
}
]
}
}

67
2019/18xxx/CVE-2019-18612.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T104807",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T104807"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a"
}
]
}
}

67
2019/18xxx/CVE-2019-18624.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@YoKoKho/illegal-rendered-at-download-feature-in-opera-mini-that-lead-to-extension-manipulation-with-rtlo-685bf2d77d51",
"refsource": "MISC",
"name": "https://medium.com/@YoKoKho/illegal-rendered-at-download-feature-in-opera-mini-that-lead-to-extension-manipulation-with-rtlo-685bf2d77d51"
},
{
"url": "http://firstsight.me/2019/10/illegal-rendered-at-download-feature-in-several-apps-including-opera-mini-that-lead-to-extension-manipulation-with-rtlo/",
"refsource": "MISC",
"name": "http://firstsight.me/2019/10/illegal-rendered-at-download-feature-in-several-apps-including-opera-mini-that-lead-to-extension-manipulation-with-rtlo/"
}
]
}
}

5
2019/1xxx/CVE-2019-1125.json
View File

@ -266,6 +266,11 @@
"refsource": "REDHAT",
"name": "RHBA-2019:2824",
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3220",
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
}
]
}

5
2019/3xxx/CVE-2019-3900.json
View File

@ -138,6 +138,11 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3220",
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
}
]
},

64
2019/6xxx/CVE-2019-6841.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6841",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6841",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol."
}
]
}

64
2019/6xxx/CVE-2019-6842.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6842",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6842",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol."
}
]
}

64
2019/6xxx/CVE-2019-6843.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6843",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6843",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol."
}
]
}

64
2019/6xxx/CVE-2019-6844.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6844",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6844",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol."
}
]
}

64
2019/6xxx/CVE-2019-6845.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6845",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6845",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol."
}
]
}

64
2019/6xxx/CVE-2019-6846.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6846",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6846",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
}
]
}

64
2019/6xxx/CVE-2019-6847.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6847",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6847",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol."
}
]
}

64
2019/6xxx/CVE-2019-6848.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6848",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6848",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."
}
]
}

64
2019/6xxx/CVE-2019-6849.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6849",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6849",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module."
}
]
}

64
2019/6xxx/CVE-2019-6850.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6850",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6850",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module."
}
]
}

64
2019/6xxx/CVE-2019-6851.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6851",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6851",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538: File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol."
}
]
}

64
2019/8xxx/CVE-2019-8287.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8287",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-8287",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Kaspersky",
"product": {
"product_data": [
{
"product_name": "TightVNC",
"version": {
"version_data": [
{
"version_value": "1.3.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity."
}
]
}

25
2019/9xxx/CVE-2019-9506.json
View File

@ -192,6 +192,31 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3187",
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3165",
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3217",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3220",
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3231",
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3218",
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
}
]
},

53
2019/9xxx/CVE-2019-9757.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9757",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9757",
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9757"
},
{
"refsource": "MISC",
"name": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce",
"url": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce"
}
]
}

53
2019/9xxx/CVE-2019-9758.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9758",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce",
"url": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce"
},
{
"refsource": "MISC",
"name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9758",
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9758"
}
]
}

12
2019/9xxx/CVE-2019-9763.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Openfind Mail2000 v6 Webmail. XSS can occur via an '<object data=\"data:text/html' substring in an e-mail message (The vendor subsequently patched this)."
"value": "An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data=\"data:text/html' substring in an e-mail message (The vendor subsequently patched this)."
}
]
},
@ -56,6 +56,16 @@
"url": "https://gist.github.com/keniver/1f6092242ee79a8456a86bb7624bc171",
"refsource": "MISC",
"name": "https://gist.github.com/keniver/1f6092242ee79a8456a86bb7624bc171"
},
{
"refsource": "CONFIRM",
"name": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf",
"url": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf",
"url": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf"
}
]
}

67
2019/9xxx/CVE-2019-9926.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9926",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-9926",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce/",
"url": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce/"
},
{
"refsource": "MISC",
"name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9926",
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9926"
}
]
}