admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-18 23:01:01 +00:00
parent 2a28a24650
commit 3eac0bdc70
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 134 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
2019/11xxx/CVE-2019-11210.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "TIBCO Software Inc.",
"product": {
"product_data": [
{
@ -17,8 +18,7 @@
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "1.2.0"
"version_value": "1.2.0 and below"
}
]
}
@ -28,19 +28,16 @@
"version": {
"version_data": [
{
"affected": "=",
"version_value": "10.4.0"
},
{
"affected": "=",
"version_value": "10.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
}
]
}
@ -52,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component.\n\nThis issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0."
"value": "The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0."
}
]
},
@ -90,11 +87,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories",
"name": "http://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210",
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
]
@ -108,4 +107,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}

19
2019/11xxx/CVE-2019-11211.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "TIBCO Software Inc.",
"product": {
"product_data": [
{
@ -17,8 +18,7 @@
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "1.2.0"
"version_value": "1.2.0 and below"
}
]
}
@ -28,19 +28,16 @@
"version": {
"version_data": [
{
"affected": "=",
"version_value": "10.4.0"
},
{
"affected": "=",
"version_value": "10.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
}
]
}
@ -52,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code.\n\nThis issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0."
"value": "The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0."
}
]
},
@ -90,11 +87,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories",
"name": "http://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211",
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
]
@ -108,4 +107,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}

7
2019/11xxx/CVE-2019-11778.json
View File

@ -16,12 +16,7 @@
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.6.0"
},
{
"version_affected": "<=",
"version_value": "1.6.4"
"version_value": "1.6.0 to 1.6.4"
}
]
}

46
2019/3xxx/CVE-2019-3738.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3738",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3738",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.2.5"
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities"
}
]
}

46
2019/3xxx/CVE-2019-3739.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-09",
"ID": "CVE-2019-3739",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-09",
"ID": "CVE-2019-3739",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.2.5 "
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-310: Cryptographic Issues"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities"
}
]
}

46
2019/3xxx/CVE-2019-3740.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3740",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3740",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.2.5"
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-310: Cryptographic Issues"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174;-Crypto-J-Multiple-Security-Vulnerabilities"
}
]
}

46
2019/3xxx/CVE-2019-3756.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-28",
"ID": "CVE-2019-3756",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-28",
"ID": "CVE-2019-3756",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "RSA Archer",
"product_name": "RSA Archer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.6 P3 (6.6.0.3)"
"version_value": "prior to 6.6 P3 (6.6.0.3)"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-209: Information Exposure Through an Error Message"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities"
}
]
}

46
2019/3xxx/CVE-2019-3758.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-28",
"ID": "CVE-2019-3758",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-28",
"ID": "CVE-2019-3758",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "RSA Archer",
"product_name": "RSA Archer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.6 P2 (6.6.0.2)"
"version_value": "prior to 6.6 P2 (6.6.0.2)"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities",
"name": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities"
}
]
}