admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-31 20:01:11 +00:00
parent c46505cba5
commit 3bcee1a357
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 909 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2013/1xxx/CVE-2013-1930.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1930",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mantisBT",
"product": {
"product_data": [
{
"product_name": "mantisBT",
"version": {
"version_data": [
{
"version_value": "1.2.12 before 1.2.15"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1930",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1930"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1930",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1930"
},
{
"url": "http://www.securityfocus.com/bid/58890",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58890"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/06/4",
"url": "http://www.openwall.com/lists/oss-security/2013/04/06/4"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83796",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83796"
},
{
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=15453",
"url": "https://mantisbt.org/bugs/view.php?id=15453"
}
]
}

80
2013/1xxx/CVE-2013-1931.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1931",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mantisBT",
"product": {
"product_data": [
{
"product_name": "mantisBT",
"version": {
"version_data": [
{
"version_value": "1.2.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1931",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1931"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1931",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1931"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/06/4",
"url": "http://www.openwall.com/lists/oss-security/2013/04/06/4"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58889",
"url": "http://www.securityfocus.com/bid/58889"
},
{
"refsource": "CONFIRM",
"name": "https://mantisbt.org/bugs/view.php?id=15511",
"url": "https://mantisbt.org/bugs/view.php?id=15511"
}
]
}

70
2013/1xxx/CVE-2013-1932.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1932",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mantisBT",
"product": {
"product_data": [
{
"product_name": "mantisBT",
"version": {
"version_data": [
{
"version_value": "1.2.13"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1932",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1932"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1932",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1932"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/06/4",
"url": "http://www.openwall.com/lists/oss-security/2013/04/06/4"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58893",
"url": "http://www.securityfocus.com/bid/58893"
},
{
"refsource": "CONFIRM",
"name": "https://mantisbt.org/bugs/view.php?id=15415",
"url": "https://mantisbt.org/bugs/view.php?id=15415"
}
]
}

70
2013/1xxx/CVE-2013-1934.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1934",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mantisBT",
"product": {
"product_data": [
{
"product_name": "mantisBT",
"version": {
"version_data": [
{
"version_value": "1.2.0rc1 before 1.2.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3120",
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1934",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1934"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1934",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1934"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/09/1",
"url": "http://www.openwall.com/lists/oss-security/2013/04/09/1"
},
{
"refsource": "CONFIRM",
"name": "https://mantisbt.org/bugs/view.php?id=15416",
"url": "https://mantisbt.org/bugs/view.php?id=15416"
}
]
}

50
2013/1xxx/CVE-2013-1945.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1945",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ruby193",
"product": {
"product_data": [
{
"product_name": "ruby193",
"version": {
"version_data": [
{
"version_value": "ruby193-runtime-1-6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ruby193 uses an insecure LD_LIBRARY_PATH setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1945",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1945"
}
]
}

90
2013/1xxx/CVE-2013-1951.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1951",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_value": "before 1.19.5 and 1.20.x before 1.20.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,68 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1951",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1951"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951"
},
{
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201310-21.xml",
"url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/16/12",
"url": "http://www.openwall.com/lists/oss-security/2013/04/16/12"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59077",
"url": "http://www.securityfocus.com/bid/59077"
},
{
"refsource": "CONFIRM",
"name": "https://phabricator.wikimedia.org/T48084",
"url": "https://phabricator.wikimedia.org/T48084"
}
]
}

75
2013/2xxx/CVE-2013-2012.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2012",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "autojump",
"product": {
"product_data": [
{
"product_name": "autojump",
"version": {
"version_data": [
{
"version_value": "before 21.5.8"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2012",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2012"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2012",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2012"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/25/14",
"url": "http://www.openwall.com/lists/oss-security/2013/04/25/14"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83827",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83827"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec",
"url": "https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/wting/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a",
"url": "https://github.com/wting/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a"
}
]
}

80
2013/2xxx/CVE-2013-2024.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2024",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "chicken",
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.9.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OS command injection vulnerability in the \"qs\" procedure from the \"utils\" module in Chicken before 4.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Metacharacters"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2024",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2024"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2024",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2024"
},
{
"url": "http://www.securityfocus.com/bid/59320",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59320"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/29/13",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/13"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064"
},
{
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201612-54",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html",
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html"
}
]
}

62
2019/15xxx/CVE-2019-15710.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15710",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiExtender",
"version": {
"version_data": [
{
"version_value": "FortiExtender 4.1.1 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/psirt/FG-IR-19-273",
"url": "https://fortiguard.com/psirt/FG-IR-19-273"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An OS command injection vulnerability in FortiExtender 4.1.1 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands."
}
]
}
}

67
2019/18xxx/CVE-2019-18396.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017\u201314127."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.twitter.com/c4pt41nnn",
"refsource": "MISC",
"name": "https://www.twitter.com/c4pt41nnn"
},
{
"refsource": "MISC",
"name": "https://medium.com/@c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052",
"url": "https://medium.com/@c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052"
}
]
}
}

58
2019/5xxx/CVE-2019-5049.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5049",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5049",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AMD ATI",
"version": {
"version_data": [
{
"version_value": "AMD ATIDXX64.DLL (25.20.15031.5004 / 25.20.15031.9002) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.0.4 build-12990004) with Windows 10 x64 as guestVM"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds-write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host."
}
]
}

58
2019/5xxx/CVE-2019-5095.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5095",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5095",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Atlassian",
"version": {
"version_data": [
{
"version_value": "Atlassian Jira 7.6.4 Atlassian Jira Tempo Core system plugin 4.10.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "missing authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin."
}
]
}

58
2019/5xxx/CVE-2019-5150.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5150",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5150",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "YouPHPTube",
"version": {
"version_data": [
{
"version_value": "YouPHPTube 7.7 commit b22e81d25b2a570f4867ea5dce5153ba4c76cc2d (Oct 15th 2019)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0940",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0940"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the \"VideoTags\" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability."
}
]
}

58
2019/5xxx/CVE-2019-5151.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5151",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5151",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "YouPHPTube",
"version": {
"version_data": [
{
"version_value": "YouPHPTube 7.7 commit b22e81d25b2a570f4867ea5dce5153ba4c76cc2d (Oct 15th 2019)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability."
}
]
}