admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #108 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-02-28 10:38:56 -05:00 committed by GitHub
commit 4595469520
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
123 changed files with 3397 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/5xxx/CVE-2016-5824.json
View File

@ -92,6 +92,11 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0270"
},
{
"name" : "USN-3897-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3897-1/"
},
{
"name" : "91459",
"refsource" : "BID",

5
2018/10xxx/CVE-2018-10902.json
View File

@ -92,6 +92,11 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "RHSA-2019:0415",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0415"
},
{
"name" : "USN-3776-1",
"refsource" : "UBUNTU",

5
2018/12xxx/CVE-2018-12617.json
View File

@ -57,6 +57,11 @@
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44925/"
},
{
"name" : "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"name" : "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6",
"refsource" : "MISC",

5
2018/16xxx/CVE-2018-16872.json
View File

@ -62,6 +62,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16872",
"refsource" : "CONFIRM",

5
2018/17xxx/CVE-2018-17581.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"name" : "https://github.com/Exiv2/exiv2/issues/460",
"refsource" : "MISC",

10
2018/18xxx/CVE-2018-18356.json
View File

@ -103,6 +103,16 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0374"
},
{
"name" : "USN-3896-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3896-1/"
},
{
"name" : "USN-3897-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3897-1/"
},
{
"name" : "106084",
"refsource" : "BID",

5
2018/18xxx/CVE-2018-18500.json
View File

@ -135,6 +135,11 @@
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3874-1/"
},
{
"name" : "USN-3897-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3897-1/"
},
{
"name" : "106781",
"refsource" : "BID",

5
2018/18xxx/CVE-2018-18501.json
View File

@ -135,6 +135,11 @@
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3874-1/"
},
{
"name" : "USN-3897-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3897-1/"
},
{
"name" : "106781",
"refsource" : "BID",

5
2018/18xxx/CVE-2018-18505.json
View File

@ -140,6 +140,11 @@
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3874-1/"
},
{
"name" : "USN-3897-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3897-1/"
},
{
"name" : "106781",
"refsource" : "BID",

5
2018/19xxx/CVE-2018-19107.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"name" : "https://github.com/Exiv2/exiv2/issues/427",
"refsource" : "MISC",

5
2018/19xxx/CVE-2018-19108.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"name" : "https://github.com/Exiv2/exiv2/issues/426",
"refsource" : "MISC",

5
2018/19xxx/CVE-2018-19535.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"name" : "https://github.com/Exiv2/exiv2/issues/428",
"refsource" : "MISC",

5
2018/19xxx/CVE-2018-19615.json
View File

@ -66,6 +66,11 @@
"name" : "106333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106333"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04"
}
]
}

5
2018/19xxx/CVE-2018-19616.json
View File

@ -66,6 +66,11 @@
"name" : "106333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106333"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04"
}
]
}

183
2018/1xxx/CVE-2018-1775.json
View File

@ -1,8 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-25T00:00:00",
"ID" : "CVE-2018-1775",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "torwize V7000",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "torwize V3500",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "torwize V3700",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "Spectrum Virtualize for Public Cloud",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "Spectrum Virtualize Software",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "SAN Volume Controller",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "FlashSystem V9000",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "torwize V5000",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
},
{
"product_name" : "FlashSystem 9100 Family",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "8.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +142,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "6.500",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "T"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872486",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872486"
},
{
"name" : "ibm-storwize-cve20181775-file-download(148757)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148757"
}
]
}

5
2018/1xxx/CVE-2018-1996.json
View File

@ -87,6 +87,11 @@
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10793421"
},
{
"name" : "107155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107155"
},
{
"name" : "ibm-websphere-cve20181996-info-disc(154650)",
"refsource" : "XF",

5
2018/20xxx/CVE-2018-20097.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1691-1] exiv2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html"
},
{
"name" : "https://github.com/Exiv2/exiv2/issues/590",
"refsource" : "MISC",

51
2018/20xxx/CVE-2018-20244.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2019-01-23T00:00:00",
"ID" : "CVE-2018-20244",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Airflow",
"version" : {
"version_data" : [
{
"version_value" : "Apache Airflow <= 1.10.1"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored XSS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E"
}
]
}

5
2018/20xxx/CVE-2018-20760.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190227 [SECURITY] [DLA 1693-1] gpac security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"
},
{
"name" : "https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d",
"refsource" : "MISC",

5
2018/20xxx/CVE-2018-20761.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190227 [SECURITY] [DLA 1693-1] gpac security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"
},
{
"name" : "https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658",
"refsource" : "MISC",

5
2018/20xxx/CVE-2018-20762.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190227 [SECURITY] [DLA 1693-1] gpac security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"
},
{
"name" : "https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658",
"refsource" : "MISC",

5
2018/20xxx/CVE-2018-20763.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190227 [SECURITY] [DLA 1693-1] gpac security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"
},
{
"name" : "https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd",
"refsource" : "MISC",

5
2018/20xxx/CVE-2018-20781.json
View File

@ -71,6 +71,11 @@
"name" : "https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2",
"refsource" : "MISC",
"url" : "https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2"
},
{
"name" : "USN-3894-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3894-1/"
}
]
}

5
2018/20xxx/CVE-2018-20796.json
View File

@ -61,6 +61,11 @@
"name" : "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html",
"refsource" : "MISC",
"url" : "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html"
},
{
"name" : "107160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107160"
}
]
}

62
2018/20xxx/CVE-2018-20797.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceforge.net/p/podofo/tickets/34/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/podofo/tickets/34/"
}
]
}
}

5
2018/7xxx/CVE-2018-7752.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190227 [SECURITY] [DLA 1693-1] gpac security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"
},
{
"name" : "https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4",
"refsource" : "CONFIRM",

5
2019/0xxx/CVE-2019-0102.json
View File

@ -62,6 +62,11 @@
"name" : "107069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107069"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0103.json
View File

@ -62,6 +62,11 @@
"name" : "107074",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107074"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0104.json
View File

@ -62,6 +62,11 @@
"name" : "107109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107109"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0105.json
View File

@ -62,6 +62,11 @@
"name" : "107069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107069"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0106.json
View File

@ -62,6 +62,11 @@
"name" : "107069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107069"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0107.json
View File

@ -62,6 +62,11 @@
"name" : "107069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107069"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0108.json
View File

@ -62,6 +62,11 @@
"name" : "107075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107075"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0109.json
View File

@ -62,6 +62,11 @@
"name" : "107069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107069"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0110.json
View File

@ -62,6 +62,11 @@
"name" : "107071",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107071"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0111.json
View File

@ -62,6 +62,11 @@
"name" : "107067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107067"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

5
2019/0xxx/CVE-2019-0112.json
View File

@ -62,6 +62,11 @@
"name" : "107064",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107064"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
}
]
}

80
2019/1xxx/CVE-2019-1559.json
View File

@ -1,9 +1,40 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "openssl-security@openssl.org",
"DATE_PUBLIC" : "2019-02-26",
"ID" : "CVE-2019-1559",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "0-byte record padding oracle"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenSSL",
"version" : {
"version_data" : [
{
"version_value" : "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
}
]
},
"vendor_name" : "OpenSSL"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
@ -11,7 +42,50 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
]
},
"impact" : [
{
"lang" : "eng",
"url" : "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value" : "Moderate"
}
],
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Padding Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"name" : "https://www.openssl.org/news/secadv/20190226.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"name" : "USN-3899-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3899-1/"
},
{
"name" : "107174",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107174"
}
]
}

5
2019/2xxx/CVE-2019-2422.json
View File

@ -67,6 +67,11 @@
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190118-0001/"
},
{
"name" : "RHSA-2019:0416",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0416"
},
{
"name" : "USN-3875-1",
"refsource" : "UBUNTU",

103
2019/3xxx/CVE-2019-3582.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3582",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3582",
"STATE": "PUBLIC",
"TITLE": "McAfee Endpoint Security updates fix a privilege escalation vulnerability"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Endpoint Security (ENS)",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "10.5.3",
"version_value": "10.5.3 Hotfix 1240838"
},
{
"affected": "<",
"version_name": "10.5.4",
"version_value": "10.5.4 Hotfix 1240838"
},
{
"affected": "<",
"version_name": "10.5.5",
"version_value": "10.5.5 Nov 2018 update"
},
{
"affected": "<",
"version_name": "10.6.1",
"version_value": "10.6.1 Nov 2018 update"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10254",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10254"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

88
2019/3xxx/CVE-2019-3598.json
View File

@ -1,18 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3598",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3598",
"STATE": "PUBLIC",
"TITLE": "McAfee Agent update fixes a vulnerability in handling UDP requests"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent (MA)",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "5.x",
"version_value": "5.6.0 HF1"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Access with Incorrect Length Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10272",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10272"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

88
2019/3xxx/CVE-2019-3599.json
View File

@ -1,18 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3599",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3599",
"STATE": "PUBLIC",
"TITLE": "McAfee Agent update fixes an Information Disclosure vulnerability"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent (MA)",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "5.x",
"version_value": "5.6.0 HF1"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10271",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10271"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2019/3xxx/CVE-2019-3924.json
View File

@ -57,6 +57,11 @@
"name" : "https://www.tenable.com/security/research/tra-2019-07",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name" : "107177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107177"
}
]
}

79
2019/4xxx/CVE-2019-4061.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"ID" : "CVE-2019-4061",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BigFix Platform",
"version" : {
"version_data" : [
{
"version_value" : "9.2"
},
{
"version_value" : "9.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10870242",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10870242"
},
{
"name" : "ibm-bigfix-cve20194061-info-disc(156869)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156869"
}
]
}

56
2019/5xxx/CVE-2019-5491.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security-alert@netapp.com",
"DATE_PUBLIC" : "2019-02-27T00:00:00",
"ID" : "CVE-2019-5491",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Clustered Data ONTAP",
"version" : {
"version_data" : [
{
"version_value" : "Versions 9.0 and higher"
}
]
}
}
]
},
"vendor_name" : "NetApp"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security.netapp.com/advisory/ntap-20190227-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190227-0001/"
},
{
"name" : "107183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107183"
}
]
}

51
2019/5xxx/CVE-2019-5665.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2019-02-22T00:00:00",
"ID" : "CVE-2019-5665",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "code execution, denial of service, escalation of privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
}
]
}

51
2019/5xxx/CVE-2019-5666.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2019-02-22T00:00:00",
"ID" : "CVE-2019-5666",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service or escalation of privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
}
]
}

51
2019/5xxx/CVE-2019-5667.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2019-02-22T00:00:00",
"ID" : "CVE-2019-5667",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "code execution, denial of service or escalation of privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
}
]
}

51
2019/5xxx/CVE-2019-5668.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2019-02-22T00:00:00",
"ID" : "CVE-2019-5668",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service or escalation of privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
}
]
}

51
2019/5xxx/CVE-2019-5669.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2019-02-22T00:00:00",
"ID" : "CVE-2019-5669",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer, which may lead to denial of service or escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service or escalation of privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
}
]
}

51
2019/5xxx/CVE-2019-5670.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2019-02-22T00:00:00",
"ID" : "CVE-2019-5670",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service, escalation of privileges, code execution or information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service, escalation of privileges, code execution or information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
}
]
}

51
2019/5xxx/CVE-2019-5671.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2019-02-22T00:00:00",
"ID" : "CVE-2019-5671",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772",
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4772"
}
]
}

5
2019/5xxx/CVE-2019-5736.json
View File

@ -157,6 +157,11 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"name" : "RHSA-2019:0408",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"name" : "106976",
"refsource" : "BID",

5
2019/6xxx/CVE-2019-6133.json
View File

@ -82,6 +82,11 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"name" : "RHSA-2019:0420",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"name" : "106537",
"refsource" : "BID",

5
2019/6xxx/CVE-2019-6256.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"name" : "https://github.com/rgaufman/live555/issues/19",
"refsource" : "MISC",

5
2019/6xxx/CVE-2019-6485.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"refsource" : "MISC",
"url" : "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"name" : "https://support.citrix.com/article/CTX240139",
"refsource" : "MISC",

56
2019/6xxx/CVE-2019-6592.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2019-02-26T00:00:00",
"ID" : "CVE-2019-6592",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : {
"version_data" : [
{
"version_value" : "14.1.0-14.1.0.1"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K54167061",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K54167061"
},
{
"name" : "107176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107176"
}
]
}

51
2019/6xxx/CVE-2019-6593.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2019-02-26T00:00:00",
"ID" : "CVE-2019-6593",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : {
"version_data" : [
{
"version_value" : "11.5.1-11.5.4, 11.6.1, 12.1.0"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information leakage"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K10065173",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K10065173"
}
]
}

51
2019/6xxx/CVE-2019-6594.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2019-02-26T00:00:00",
"ID" : "CVE-2019-6594",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : {
"version_data" : [
{
"version_value" : "11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, 14.0.0-14.0.0.2"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K91026261",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K91026261"
}
]
}

56
2019/6xxx/CVE-2019-6595.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2019-02-26T00:00:00",
"ID" : "CVE-2019-6595",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (APM)",
"version" : {
"version_data" : [
{
"version_value" : "11.5.x,11.6.x"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K31424926",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K31424926"
},
{
"name" : "107173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107173"
}
]
}

5
2019/6xxx/CVE-2019-6799.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190227 [SECURITY] [DLA 1692-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2019-1/",
"refsource" : "CONFIRM",

81
2019/7xxx/CVE-2019-7006.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "securityalerts@avaya.com",
"DATE_PUBLIC" : "2019-02-26T07:00:00.000Z",
"ID" : "CVE-2019-7006",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "Avaya one-X Communicator Weak Encryption"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +36,58 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://downloads.avaya.com/css/P8/documents/101055601",
"refsource" : "CONFIRM",
"url" : "https://downloads.avaya.com/css/P8/documents/101055601"
},
{
"name" : "https://downloads.avaya.com/css/P8/documents/101055661",
"refsource" : "CONFIRM",
"url" : "https://downloads.avaya.com/css/P8/documents/101055661"
},
{
"name" : "107175",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107175"
}
]
},
"source" : {
"advisory" : "ASA-2019-046"
}
}

5
2019/7xxx/CVE-2019-7314.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"name" : "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html",
"refsource" : "MISC",

58
2019/7xxx/CVE-2019-7392.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vuln@ca.com",
"ID" : "CVE-2019-7392",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +34,37 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html",
"refsource" : "MISC",
"url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name" : "107040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107040"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}

2
2019/8xxx/CVE-2019-8383.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file."
"value" : "An issue was discovered in AdvanceCOMP before 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file."
}
]
},

48
2019/8xxx/CVE-2019-8410.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8410",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/holychang/maccms8/blob/master/xss2",
"refsource" : "MISC",
"url" : "https://github.com/holychang/maccms8/blob/master/xss2"
}
]
}

5
2019/8xxx/CVE-2019-8939.json
View File

@ -56,6 +56,11 @@
"name" : "https://github.com/Tautulli/Tautulli-Issues/issues/161",
"refsource" : "MISC",
"url" : "https://github.com/Tautulli/Tautulli-Issues/issues/161"
},
{
"name" : "107171",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107171"
}
]
}

5
2019/9xxx/CVE-2019-9020.json
View File

@ -61,6 +61,11 @@
"name" : "https://bugs.php.net/bug.php?id=77249",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=77249"
},
{
"name" : "107156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107156"
}
]
}

10
2019/9xxx/CVE-2019-9021.json
View File

@ -56,6 +56,16 @@
"name" : "https://bugs.php.net/bug.php?id=77247",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=77247"
},
{
"name" : "106747",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106747"
},
{
"name" : "107156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107156"
}
]
}

5
2019/9xxx/CVE-2019-9023.json
View File

@ -86,6 +86,11 @@
"name" : "https://bugs.php.net/bug.php?id=77418",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=77418"
},
{
"name" : "107156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107156"
}
]
}

5
2019/9xxx/CVE-2019-9024.json
View File

@ -56,6 +56,11 @@
"name" : "https://bugs.php.net/bug.php?id=77380",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=77380"
},
{
"name" : "107156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107156"
}
]
}

5
2019/9xxx/CVE-2019-9143.json
View File

@ -61,6 +61,11 @@
"name" : "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/",
"refsource" : "MISC",
"url" : "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/"
},
{
"name" : "107161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107161"
}
]
}

5
2019/9xxx/CVE-2019-9144.json
View File

@ -61,6 +61,11 @@
"name" : "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/",
"refsource" : "MISC",
"url" : "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/"
},
{
"name" : "107161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107161"
}
]
}

5
2019/9xxx/CVE-2019-9162.json
View File

@ -76,6 +76,11 @@
"name" : "https://github.com/torvalds/linux/commit/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc"
},
{
"name" : "107159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107159"
}
]
}

5
2019/9xxx/CVE-2019-9169.json
View File

@ -71,6 +71,11 @@
"name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9",
"refsource" : "MISC",
"url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9"
},
{
"name" : "107160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107160"
}
]
}

62
2019/9xxx/CVE-2019-9184.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.j2store.org/blog/general/security-update-for-j2store.html",
"refsource" : "MISC",
"url" : "https://www.j2store.org/blog/general/security-update-for-j2store.html"
}
]
}
}

18
2019/9xxx/CVE-2019-9185.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9185",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9186.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9186",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9187.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9187",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9188.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9188",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9189.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9189",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9190.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9190",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2019/9xxx/CVE-2019-9191.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it",
"refsource" : "MISC",
"url" : "https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it"
}
]
}
}

62
2019/9xxx/CVE-2019-9192.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24269",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24269"
}
]
}
}

18
2019/9xxx/CVE-2019-9193.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9193",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2019/9xxx/CVE-2019-9194.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "elFinder before 2.1.48 has a command injection vulnerability in the PHP connector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Studio-42/elFinder/blob/master/README.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/Studio-42/elFinder/blob/master/README.md"
},
{
"name" : "https://github.com/Studio-42/elFinder/compare/6884c4f...0740028",
"refsource" : "CONFIRM",
"url" : "https://github.com/Studio-42/elFinder/compare/6884c4f...0740028"
},
{
"name" : "https://github.com/Studio-42/elFinder/releases/tag/2.1.48",
"refsource" : "CONFIRM",
"url" : "https://github.com/Studio-42/elFinder/releases/tag/2.1.48"
}
]
}
}

67
2019/9xxx/CVE-2019-9195.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files in an archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mimblewimble/grin/pull/2624",
"refsource" : "MISC",
"url" : "https://github.com/mimblewimble/grin/pull/2624"
},
{
"name" : "https://github.com/mimblewimble/grin/releases/tag/v1.0.2",
"refsource" : "MISC",
"url" : "https://github.com/mimblewimble/grin/releases/tag/v1.0.2"
}
]
}
}

18
2019/9xxx/CVE-2019-9196.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9196",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9197.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9197",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9198.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9198",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2019/9xxx/CVE-2019-9199.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/",
"refsource" : "MISC",
"url" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/"
},
{
"name" : "https://sourceforge.net/p/podofo/tickets/40/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/podofo/tickets/40/"
}
]
}
}

72
2019/9xxx/CVE-2019-9200.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/728",
"refsource" : "MISC",
"url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/728"
},
{
"name" : "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/",
"refsource" : "MISC",
"url" : "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/"
},
{
"name" : "107172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107172"
}
]
}
}

62
2019/9xxx/CVE-2019-9201.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561",
"refsource" : "MISC",
"url" : "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561"
}
]
}
}

18
2019/9xxx/CVE-2019-9202.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9202",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9203.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9203",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9204.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9204",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9205.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9205",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9206.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9206",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9207.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9207",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2019/9xxx/CVE-2019-9208.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464",
"refsource" : "MISC",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2",
"refsource" : "MISC",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2019-07.html",
"refsource" : "MISC",
"url" : "https://www.wireshark.org/security/wnpa-sec-2019-07.html"
}
]
}
}

Some files were not shown because too many files have changed in this diff Show More