admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-17 16:00:51 +00:00
parent 2ffe3f440d
commit 4304e1b6fa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 1003 additions and 719 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2018/1xxx/CVE-2018-1845.json
View File

@ -1,96 +1,96 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"C" : "H",
"AC" : "L",
"S" : "U",
"SCORE" : "7.100",
"I" : "N",
"UI" : "N",
"PR" : "L",
"A" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10738917",
"title" : "IBM Security Bulletin 738917 (InfoSphere Information Server)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10738917",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-infosphere-cve20181845-xxe (150905)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150905",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.3"
},
{
"version_value" : "11.5"
},
{
"version_value" : "11.7"
}
]
},
"product_name" : "InfoSphere Information Server"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"C": "H",
"AC": "L",
"S": "U",
"SCORE": "7.100",
"I": "N",
"UI": "N",
"PR": "L",
"A": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1845",
"DATE_PUBLIC" : "2019-04-29T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905."
}
]
}
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10738917",
"title": "IBM Security Bulletin 738917 (InfoSphere Information Server)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10738917",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-infosphere-cve20181845-xxe (150905)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150905",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.3"
},
{
"version_value": "11.5"
},
{
"version_value": "11.7"
}
]
},
"product_name": "InfoSphere Information Server"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-1845",
"DATE_PUBLIC": "2019-04-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905."
}
]
}
}

2
2019/10xxx/CVE-2019-10688.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "VVX products using UCS software version 5.8.0 and earlier with Better Together over Ethernet Connector (BToE) application version 3.8.0 and earlier uses hard-coded credentials to establish a connection between the host application and device."
"value": "VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device."
}
]
},

2
2019/11xxx/CVE-2019-11191.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat."
"value": "** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported."
}
]
},

61
2019/12xxx/CVE-2019-12181.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-1-7_release_notes.htm",
"url": "https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-1-7_release_notes.htm"
},
{
"refsource": "CONFIRM",
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-Potential-elevation-of-privileges-on-Linux-systems",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-Potential-elevation-of-privileges-on-Linux-systems"
}
]
}

172
2019/4xxx/CVE-2019-4103.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10887523",
"title" : "IBM Security Bulletin 887523 (Tivoli Netcool/Impact)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10887523"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158094",
"refsource" : "XF",
"name" : "ibm-netcool-cve20194103-code-exec (158094)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"AV" : "A",
"S" : "U",
"AC" : "L",
"PR" : "L",
"UI" : "N",
"I" : "H",
"SCORE" : "8.000",
"A" : "H"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4103",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-06-14T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.1.0"
}
]
},
"product_name" : "Tivoli Netcool/Impact"
}
]
}
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887523",
"title": "IBM Security Bulletin 887523 (Tivoli Netcool/Impact)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887523"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158094",
"refsource": "XF",
"name": "ibm-netcool-cve20194103-code-exec (158094)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"AV": "A",
"S": "U",
"AC": "L",
"PR": "L",
"UI": "N",
"I": "H",
"SCORE": "8.000",
"A": "H"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4103",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-06-14T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.1.0"
}
]
},
"product_name": "Tivoli Netcool/Impact"
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094."
}
]
},
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094."
}
]
},
"data_type": "CVE"
}

198
2019/4xxx/CVE-2019-4136.json
View File

@ -1,102 +1,102 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title" : "IBM Security Bulletin 886913 (Cognos Controller)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-cognos-cve20194136-xss (158332)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158332",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"AC" : "L",
"C" : "L",
"AV" : "N",
"A" : "N",
"PR" : "L",
"UI" : "R",
"SCORE" : "5.400",
"I" : "L"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.2.1"
},
{
"version_value" : "10.2.0"
},
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
}
]
},
"product_name" : "Cognos Controller"
}
]
},
"vendor_name" : "IBM"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title": "IBM Security Bulletin 886913 (Cognos Controller)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"refsource": "CONFIRM"
},
{
"name": "ibm-cognos-cve20194136-xss (158332)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158332",
"refsource": "XF"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-13T00:00:00",
"ID" : "CVE-2019-4136",
"STATE" : "PUBLIC"
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"AC": "L",
"C": "L",
"AV": "N",
"A": "N",
"PR": "L",
"UI": "R",
"SCORE": "5.400",
"I": "L"
},
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.2.1"
},
{
"version_value": "10.2.0"
},
{
"version_value": "10.3.1"
},
{
"version_value": "10.3.0"
},
{
"version_value": "10.4.0"
}
]
},
"product_name": "Cognos Controller"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-13T00:00:00",
"ID": "CVE-2019-4136",
"STATE": "PUBLIC"
}
}

198
2019/4xxx/CVE-2019-4173.json
View File

@ -1,102 +1,102 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title" : "IBM Security Bulletin 886913 (Cognos Controller)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158878",
"name" : "ibm-cognos-cve20194173-info-disc (158878)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"A" : "N",
"UI" : "N",
"PR" : "L",
"SCORE" : "6.500",
"I" : "N",
"S" : "U",
"AC" : "L",
"C" : "H",
"AV" : "N"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878."
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4173",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Controller",
"version" : {
"version_data" : [
{
"version_value" : "10.2.1"
},
{
"version_value" : "10.2.0"
},
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
}
]
}
}
]
}
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title": "IBM Security Bulletin 886913 (Cognos Controller)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158878",
"name": "ibm-cognos-cve20194173-info-disc (158878)",
"title": "X-Force Vulnerability Report"
}
]
}
}
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"A": "N",
"UI": "N",
"PR": "L",
"SCORE": "6.500",
"I": "N",
"S": "U",
"AC": "L",
"C": "H",
"AV": "N"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878."
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-06-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4173",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cognos Controller",
"version": {
"version_data": [
{
"version_value": "10.2.1"
},
{
"version_value": "10.2.0"
},
{
"version_value": "10.3.1"
},
{
"version_value": "10.3.0"
},
{
"version_value": "10.4.0"
}
]
}
}
]
}
}
]
}
}
}

200
2019/4xxx/CVE-2019-4174.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4174",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-06-13T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Controller",
"version" : {
"version_data" : [
{
"version_value" : "10.2.1"
},
{
"version_value" : "10.2.0"
},
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4174",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-13T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cognos Controller",
"version": {
"version_data": [
{
"version_value": "10.2.1"
},
{
"version_value": "10.2.0"
},
{
"version_value": "10.3.1"
},
{
"version_value": "10.3.0"
},
{
"version_value": "10.4.0"
}
]
}
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"A" : "N",
"SCORE" : "4.000",
"I" : "N",
"UI" : "N",
"PR" : "N",
"AC" : "L",
"S" : "U",
"AV" : "L",
"C" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title" : "IBM Security Bulletin 886913 (Cognos Controller)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158879",
"refsource" : "XF",
"name" : "ibm-cognos-cve20194174-info-disc (158879)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"A": "N",
"SCORE": "4.000",
"I": "N",
"UI": "N",
"PR": "N",
"AC": "L",
"S": "U",
"AV": "L",
"C": "L"
}
}
},
"references": {
"reference_data": [
{
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title": "IBM Security Bulletin 886913 (Cognos Controller)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158879",
"refsource": "XF",
"name": "ibm-cognos-cve20194174-info-disc (158879)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"data_format": "MITRE"
}

200
2019/4xxx/CVE-2019-4176.json
View File

@ -1,102 +1,102 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"C" : "L",
"AC" : "L",
"S" : "U",
"SCORE" : "5.300",
"I" : "N",
"UI" : "N",
"PR" : "N",
"A" : "N"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title" : "IBM Security Bulletin 886913 (Cognos Controller)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158881",
"name" : "ibm-cognos-cve20194176-info-disc (158881)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.2.1"
},
{
"version_value" : "10.2.0"
},
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
}
]
},
"product_name" : "Cognos Controller"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AV": "N",
"C": "L",
"AC": "L",
"S": "U",
"SCORE": "5.300",
"I": "N",
"UI": "N",
"PR": "N",
"A": "N"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4176"
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.",
"lang" : "eng"
}
]
}
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title": "IBM Security Bulletin 886913 (Cognos Controller)",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10886913"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158881",
"name": "ibm-cognos-cve20194176-info-disc (158881)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.2.1"
},
{
"version_value": "10.2.0"
},
{
"version_value": "10.3.1"
},
{
"version_value": "10.3.0"
},
{
"version_value": "10.4.0"
}
]
},
"product_name": "Cognos Controller"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-06-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2019-4176"
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.",
"lang": "eng"
}
]
}
}

196
2019/4xxx/CVE-2019-4177.json
View File

@ -1,102 +1,102 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title" : "IBM Security Bulletin 886913 (Cognos Controller)",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10886913"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158882",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20194177-info-disc (158882)"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"PR" : "N",
"I" : "N",
"SCORE" : "4.000",
"A" : "N",
"C" : "L",
"AV" : "L",
"S" : "U",
"AC" : "L"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.2.1"
},
{
"version_value" : "10.2.0"
},
{
"version_value" : "10.3.1"
},
{
"version_value" : "10.3.0"
},
{
"version_value" : "10.4.0"
}
]
},
"product_name" : "Cognos Controller"
}
]
},
"vendor_name" : "IBM"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10886913",
"title": "IBM Security Bulletin 886913 (Cognos Controller)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10886913"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158882",
"title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve20194177-info-disc (158882)"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"UI": "N",
"PR": "N",
"I": "N",
"SCORE": "4.000",
"A": "N",
"C": "L",
"AV": "L",
"S": "U",
"AC": "L"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.2.1"
},
{
"version_value": "10.2.0"
},
{
"version_value": "10.3.1"
},
{
"version_value": "10.3.0"
},
{
"version_value": "10.4.0"
}
]
},
"product_name": "Cognos Controller"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-06-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4177",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882."
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-06-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4177",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882."
}
]
}
}

61
2019/6xxx/CVE-2019-6323.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6323",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6323",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
"version": {
"version_data": [
{
"version_value": "before 20190419"
},
{
"version_value": "before 20190426"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06356322",
"url": "https://support.hp.com/us-en/document/c06356322"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page."
}
]
}

61
2019/6xxx/CVE-2019-6324.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6324",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6324",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
"version": {
"version_data": [
{
"version_value": "before 20190419"
},
{
"version_value": "before 20190426"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06356322",
"url": "https://support.hp.com/us-en/document/c06356322"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page"
}
]
}

61
2019/6xxx/CVE-2019-6325.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6325",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6325",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
"version": {
"version_data": [
{
"version_value": "before 20190419"
},
{
"version_value": "before 20190426"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06356322",
"url": "https://support.hp.com/us-en/document/c06356322"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery."
}
]
}

61
2019/6xxx/CVE-2019-6326.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6326",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6326",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
"version": {
"version_data": [
{
"version_value": "before 20190419"
},
{
"version_value": "before 20190426"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06356322",
"url": "https://support.hp.com/us-en/document/c06356322"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow."
}
]
}

61
2019/6xxx/CVE-2019-6327.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6327",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6327",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
"version": {
"version_data": [
{
"version_value": "before 20190419"
},
{
"version_value": "before 20190426"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06356322",
"url": "https://support.hp.com/us-en/document/c06356322"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow."
}
]
}