admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-07 19:01:33 +00:00
parent e2c58ea7d5
commit 46f79002e8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 287 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2008/7xxx/CVE-2008-7220.json
View File

@ -131,6 +131,16 @@
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3610) Update lib prototype.js: 1.4.0_pre4 due to security vulnerability",
"url": "https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327@%3Cdev.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3610) Update lib prototype.js: 1.4.0_pre4 due to security vulnerability",
"url": "https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366@%3Cissues.zookeeper.apache.org%3E"
}
]
}

63
2010/2xxx/CVE-2010-2472.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2472",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "drupal6",
"product": {
"product_data": [
{
"product_name": "drupal6",
"version": {
"version_data": [
{
"version_value": "6.x before version 6.16"
},
{
"version_value": "5.x before version 5.22"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "module cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-2472",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-2472"
},
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/node/731710",
"url": "https://www.drupal.org/node/731710"
},
{
"refsource": "MLIST",
"name": "MLIST: [oss-security] 20100628 Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001",
"url": "https://www.openwall.com/lists/oss-security/2010/06/28/8"
}
]
}

63
2010/2xxx/CVE-2010-2473.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2473",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "drupal6",
"product": {
"product_data": [
{
"product_name": "drupal6",
"version": {
"version_data": [
{
"version_value": "6.x before version 6.16"
},
{
"version_value": "5.x before version 5.22"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "user session regeneration"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-2473",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-2473"
},
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/node/731710",
"url": "https://www.drupal.org/node/731710"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20100628 Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001",
"url": "https://www.openwall.com/lists/oss-security/2010/06/28/8"
}
]
}

10
2013/4xxx/CVE-2013-4939.json
View File

@ -66,6 +66,16 @@
"name": "http://yuilibrary.com/support/20130515-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E"
}
]
}

5
2018/0xxx/CVE-2018-0503.json
View File

@ -83,6 +83,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3238",
"url": "https://access.redhat.com/errata/RHSA-2019:3238"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3813",
"url": "https://access.redhat.com/errata/RHSA-2019:3813"
}
]
},

5
2018/0xxx/CVE-2018-0504.json
View File

@ -78,6 +78,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3238",
"url": "https://access.redhat.com/errata/RHSA-2019:3238"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3813",
"url": "https://access.redhat.com/errata/RHSA-2019:3813"
}
]
},

5
2018/0xxx/CVE-2018-0505.json
View File

@ -83,6 +83,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3238",
"url": "https://access.redhat.com/errata/RHSA-2019:3238"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3813",
"url": "https://access.redhat.com/errata/RHSA-2019:3813"
}
]
},

5
2019/10xxx/CVE-2019-10150.json
View File

@ -68,6 +68,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3143",
"url": "https://access.redhat.com/errata/RHSA-2019:3143"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3811",
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
}
]
},

5
2019/11xxx/CVE-2019-11249.json
View File

@ -158,6 +158,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3239",
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3811",
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
}
]
},

5
2019/11xxx/CVE-2019-11253.json
View File

@ -194,6 +194,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191031-0006/",
"url": "https://security.netapp.com/advisory/ntap-20191031-0006/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3811",
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
}
]
},

97
2019/11xxx/CVE-2019-11996.json
View File

@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11996",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HPE",
"product": {
"product_data": [
{
"product_name": "Nimble Storage Hybrid Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older"
},
{
"version_value": "5.0.7.0 and older"
},
{
"version_value": "4.5.4.0 and older"
},
{
"version_value": "3.9.1.0 and older"
}
]
}
},
{
"product_name": "Nimble Storage All Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older"
},
{
"version_value": "5.0.7.0 and older"
},
{
"version_value": "4.5.4.0 and older"
},
{
"version_value": "3.9.1.0 and older"
}
]
}
},
{
"product_name": "Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older"
},
{
"version_value": "5.0.7.0 and older"
},
{
"version_value": "4.5.4.0 and older"
},
{
"version_value": "3.9.1.0 and older"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote gain elevated privileges and disclose information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older"
}
]
}

7
2019/3xxx/CVE-2019-3764.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes."
"value": "Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes."
}
]
},
@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
"refsource": "MISC",
"url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en",
"name": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
}
]
}