admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-31 21:01:12 +00:00
parent 3bcee1a357
commit 42de01d933
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
23 changed files with 1160 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2010/2xxx/CVE-2010-2548.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2548",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IcedTea",
"product": {
"product_data": [
{
"product_name": "IcedTea6",
"version": {
"version_data": [
{
"version_value": "1.7.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-2548",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-2548"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2548",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2548"
},
{
"refsource": "CONFIRM",
"name": "http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/",
"url": "http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/"
}
]
}

65
2010/2xxx/CVE-2010-2783.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2783",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IcedTea",
"product": {
"product_data": [
{
"product_name": "IcedTea6",
"version": {
"version_data": [
{
"version_value": "1.7.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-2783",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-2783"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2783",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2783"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"refsource": "CONFIRM",
"name": "http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/",
"url": "http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/"
}
]
}

85
2012/6xxx/CVE-2012-6122.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6122",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "chicken",
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "4.8.0.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6122",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6122"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-6122",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-6122"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"refsource": "MISC",
"name": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/05/08/3",
"url": "http://www.openwall.com/lists/oss-security/2013/05/08/3"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/05/09/1",
"url": "http://www.openwall.com/lists/oss-security/2013/05/09/1"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html",
"url": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html"
}
]
}

60
2012/6xxx/CVE-2012-6123.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6123",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "chicken",
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.8.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct \"poisoned NUL byte attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6123",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6123"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-6123",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-6123"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
}
]
}

65
2012/6xxx/CVE-2012-6124.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6124",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "chicken",
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.8.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states \"This function wasn't used for security purposes (and is advertised as being unsuitable).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type-Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6124",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6124"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-6124",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-6124"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html"
}
]
}

70
2012/6xxx/CVE-2012-6125.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6125",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "chicken",
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.8.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6125",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6125"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-6125",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-6125"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html"
}
]
}

85
2013/2xxx/CVE-2013-2075.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2075",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "chicken",
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "through 4.8.0.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/05/11/3",
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/3"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2075",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2075"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59758",
"url": "http://www.securityfocus.com/bid/59758"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188"
},
{
"refsource": "CONFIRM",
"name": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html",
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html"
},
{
"refsource": "CONFIRM",
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7"
},
{
"refsource": "CONFIRM",
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091"
},
{
"refsource": "CONFIRM",
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=766056cd5f26b1d529405705449cb534609c113f",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=766056cd5f26b1d529405705449cb534609c113f"
}
]
}

58
2018/3xxx/CVE-2018-3983.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3983",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-3983",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Atlantis Word Processor",
"version": {
"version_data": [
{
"version_value": "Atlantis Word Processor 3.0.2.3 Atlantis Word Processor 3.0.2.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unchecked error condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability."
}
]
}

58
2018/4xxx/CVE-2018-4002.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4002",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4002",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0671",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0671"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability."
}
]
}

58
2018/4xxx/CVE-2018-4031.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4031",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4031",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper control of generation of code"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0703",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0703"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability."
}
]
}

58
2018/4xxx/CVE-2018-4064.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4064",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4064",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Sierra Wireless",
"version": {
"version_data": [
{
"version_value": "Sierra Wireless AirLink ES450 FW 4.9.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unverified password change"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0749",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0749"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

10
2019/11xxx/CVE-2019-11043.json
View File

@ -141,6 +141,16 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191031-0003/",
"url": "https://security.netapp.com/advisory/ntap-20191031-0003/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3286",
"url": "https://access.redhat.com/errata/RHSA-2019:3286"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3287",
"url": "https://access.redhat.com/errata/RHSA-2019:3287"
}
]
},

10
2019/12xxx/CVE-2019-12384.json
View File

@ -221,6 +221,16 @@
"refsource": "MLIST",
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3292",
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
}
]
}

5
2019/12xxx/CVE-2019-12814.json
View File

@ -286,6 +286,11 @@
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3292",
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
}
]
}

62
2019/13xxx/CVE-2019-13508.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeTDS through 1.1.11 has a Buffer Overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4173-1/",
"url": "https://usn.ubuntu.com/4173-1/"
}
]
}
}

62
2019/13xxx/CVE-2019-13547.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13547",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHORIZATION CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication."
}
]
}
}

62
2019/13xxx/CVE-2019-13551.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13551",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advantech WISE-PaaS/RMM",
"version": {
"version_data": [
{
"version_value": "Versions 3.3.29 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator."
}
]
}
}

5
2019/14xxx/CVE-2019-14379.json
View File

@ -276,6 +276,11 @@
"refsource": "MLIST",
"name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
"url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3292",
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
}
]
}

67
2019/16xxx/CVE-2019-16295.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154990/CWP-0.9.8.885-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/154990/CWP-0.9.8.885-Cross-Site-Scripting.html"
},
{
"refsource": "CONFIRM",
"name": "https://centos-webpanel.com/changelog-cwp7",
"url": "https://centos-webpanel.com/changelog-cwp7"
}
]
}
}

58
2019/5xxx/CVE-2019-5010.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5010",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5010",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Python",
"version": {
"version_data": [
{
"version_value": "Python.org CPython 2.7.11 Python.org CPython 3.6.6 Python.org CPython 3.5.2 Python.org CPython 3 master at 480833808e918a1dcebbbcfd07d5a8de3c5c2a66"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability."
}
]
}

58
2019/5xxx/CVE-2019-5023.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5023",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5023",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "PaX",
"version": {
"version_data": [
{
"version_value": "PaX pax-linux-4.9.24-test7.patch (latest version available to the public) grsecurity grsecurity-3.1-4.9.24-201704252333.patch (latest official version available to the public) v4.9.74-unofficial_grsec (latest unofficial version available to the public)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper release of memory before removing last reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0784",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0784"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability."
}
]
}

58
2019/5xxx/CVE-2019-5030.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5030",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5030",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Antenna House",
"version": {
"version_data": [
{
"version_value": "Antenna House Rainbow PDF Office Server Document Converter v7.0 Pro MR1 for Linux64 (7,0,2019,0220)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0792",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0792"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution."
}
]
}

58
2019/5xxx/CVE-2019-5043.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5043",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5043",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nest Labs",
"version": {
"version_data": [
{
"version_value": "Nest Labs Nest Cam IQ Indoor version 4620002"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0810",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0810"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability."
}
]
}