admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-13 20:01:39 +00:00
parent b9c21bc89e
commit 35d59ed285
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 693 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
2010/4xxx/CVE-2010-4653.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4653",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "poppler",
"product": {
"product_data": [
{
"product_name": "poppler",
"version": {
"version_data": [
{
"version_value": "before 0.16.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4653",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4653"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653"
},
{
"url": "https://access.redhat.com/security/cve/cve-2010-4653",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2010-4653"
},
{
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201310-03.xml",
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/45948",
"url": "http://www.securityfocus.com/bid/45948"
}
]
}

65
2010/4xxx/CVE-2010-4654.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4654",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "poppler",
"product": {
"product_data": [
{
"product_name": "poppler",
"version": {
"version_data": [
{
"version_value": "before 0.16.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4654",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4654"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654"
},
{
"url": "https://access.redhat.com/security/cve/cve-2010-4654",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2010-4654"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201310-03.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201310-03.xml"
}
]
}

58
2013/3xxx/CVE-2013-3516.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3516",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"url": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"name": "https://www.ise.io/soho_service_hacks/"
},
{
"refsource": "MISC",
"name": "https://www.ise.io/research/studies-and-papers/netgear_wnr3500/",
"url": "https://www.ise.io/research/studies-and-papers/netgear_wnr3500/"
}
]
}

62
2019/18xxx/CVE-2019-18793.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the \"fileName\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155175/Parallels-Plesk-Panel-9.5-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/155175/Parallels-Plesk-Panel-9.5-Cross-Site-Scripting.html"
}
]
}
}

77
2019/18xxx/CVE-2019-18837.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/containers/crun/pull/173",
"url": "https://github.com/containers/crun/pull/173"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/containers/crun/releases/tag/0.10.5",
"url": "https://github.com/containers/crun/releases/tag/0.10.5"
},
{
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITB2UNEGHXZUR3ATYHWPSK5LJB36N7AP/",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITB2UNEGHXZUR3ATYHWPSK5LJB36N7AP/"
},
{
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTA5SJUAKQUK6HRY2CZVJUIZP5BO3EOG/",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTA5SJUAKQUK6HRY2CZVJUIZP5BO3EOG/"
}
]
}
}

82
2019/18xxx/CVE-2019-18844.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc",
"url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
},
{
"refsource": "MISC",
"name": "https://github.com/projectacrn/acrn-hypervisor/issues/3252",
"url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
},
{
"refsource": "MISC",
"name": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa",
"url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
},
{
"refsource": "MISC",
"name": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p",
"url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
},
{
"refsource": "MISC",
"name": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535",
"url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
}
]
}
}

67
2019/18xxx/CVE-2019-18883.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LavaLite/cms/",
"refsource": "MISC",
"name": "https://github.com/LavaLite/cms/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155241/LavaLite-CMS-5.7-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/155241/LavaLite-CMS-5.7-Cross-Site-Scripting.html"
}
]
}
}

67
2019/18xxx/CVE-2019-18884.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://codecanyon.net/item/rise-ultimate-project-manager/15455641",
"refsource": "MISC",
"name": "https://codecanyon.net/item/rise-ultimate-project-manager/15455641"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155242/RISE-Ultimate-Project-Manager-2.3-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/155242/RISE-Ultimate-Project-Manager-2.3-Cross-Site-Request-Forgery.html"
}
]
}
}

58
2019/2xxx/CVE-2019-2210.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2210",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-2210",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2019-11-01",
"url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-139148442"
}
]
}

58
2019/9xxx/CVE-2019-9466.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9466",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9466",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2019-11-01",
"url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Broadcom Wi-Fi driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-130375182"
}
]
}

58
2019/9xxx/CVE-2019-9467.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9467",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9467",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2019-11-01",
"url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910"
}
]
}