admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-13 17:01:39 +00:00
parent 223659d4b2
commit 46c6b05ded
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 330 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2012/4xxx/CVE-2012-4385.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4385",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "letodms",
"product": {
"product_data": [
{
"product_name": "letodms",
"version": {
"version_data": [
{
"version_value": "3.3.6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "letodms 3.3.6 has CSRF via change password"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/31/19",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/19"
},
{
"refsource": "DEBIAN",
"name": "Debian",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4385"
},
{
"refsource": "MISC",
"name": "https://vulmon.com/exploitdetails?qidtp=EDB&qid=20759",
"url": "https://vulmon.com/exploitdetails?qidtp=EDB&qid=20759"
}
]
}

55
2014/8xxx/CVE-2014-8167.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8167",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vdsm and vdsclient",
"version": {
"version_data": [
{
"version_value": "through 2014-11-18"
}
]
}
}
]
},
"vendor_name": "vdsm and vdsclient"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "does not validate certficate hostname from another vdsm"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/cve-2014-8167",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-8167"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8167"
}
]
}

62
2019/16xxx/CVE-2019-16948.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/",
"url": "https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/"
}
]
}
}

5
2019/17xxx/CVE-2019-17498.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2483",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
}
]
}

2
2019/18xxx/CVE-2019-18800.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 16 bytes of udid in a binary format, which is located at approximately offset 0x40 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS."
"value": "Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS."
}
]
},

58
2019/5xxx/CVE-2019-5289.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5289",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5289",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node."
}
]
}

58
2019/5xxx/CVE-2019-5293.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5293",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5293",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, NetEngine16EX, SRG1300, SRG2300, SRG3300",
"version": {
"version_data": [
{
"version_value": "AR120-S V200R005C20, V200R006C10, AR1200 V200R005C20, V200R006C10, AR1200-S V200R005C20, V200R006C10, AR150 V200R005C20, V200R006C10, AR150-S V200R005C20, V200R006C10, AR160 V200R005C20, V200R006C10, AR200 V200R005C20, V200R006C10, AR200-S V200R005C20, V200R006C10, AR2200 V200R005C20, V200R006C10, AR2200-S V200R005C20, V200R006C10, AR3200 V200R005C20, V200R006C10, AR3600 V200R006C10, NetEngine16EX V200R005C20, V200R006C10, SRG1300 V200R005C20, V200R006C10, SRG2300 V200R005C20, V200R006C10, SRG3300 V200R005C20, V200R006C10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-memory-en",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-memory-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal."
}
]
}

58
2019/5xxx/CVE-2019-5294.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5294",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5294",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,NetEngine16EX,SRG1300,SRG2300,SRG3300",
"version": {
"version_data": [
{
"version_value": "AR120-S V200R005C20, V200R006C10, V200R007C00, AR1200 V200R005C20, V200R006C10, V200R007C00, AR1200-S V200R005C20, V200R006C10, V200R007C00, AR150 V200R005C20, V200R006C10, V200R007C00, AR150-S V200R005C20, V200R006C10, V200R007C00, AR160 V200R005C20, V200R006C10, V200R007C00, AR200 V200R005C20, V200R006C10, V200R007C00, AR200-S V200R005C20, V200R006C10, V200R007C00, AR2200 V200R005C20, V200R006C10, V200R007C00, AR2200-S V200R005C20, V200R006C10, V200R007C00, AR3200 V200R005C20, V200R006C10, AR3600 V200R006C10, V200R007C00, NetEngine16EX V200R005C20, V200R006C10, V200R007C00, SRG1300 V200R005C20, V200R006C10, V200R007C00, SRG2300 V200R005C20, V200R006C10, V200R007C00, SRG3300 V200R005C20, V200R006C10, V200R007C00"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-Of-Bound Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-en",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal."
}
]
}