admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-28 10:04:50 -05:00
parent 4b514e4063
commit 4b0694cfad
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 205 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
2018/10xxx/CVE-2018-10910.json
View File

@ -1,71 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-10910",
"ASSIGNER": "psampaio@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Bluez Project",
"product": {
"product_data": [
{
"product_name": "bluez",
"version": {
"version_data": [
{
"version_value": "before 5.51"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-10910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "bluez",
"version" : {
"version_data" : [
{
"version_value" : "before 5.51"
}
]
}
}
]
},
"vendor_name" : "The Bluez Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.5/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-863"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.5/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910"
}
]
}
}

137
2019/3xxx/CVE-2019-3815.json
View File

@ -1,71 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3815",
"ASSIGNER": "psampaio@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The systemd Project",
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value": "v219-62.2 and newer"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2019-3815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "systemd",
"version" : {
"version_data" : [
{
"version_value" : "v219-62.2 and newer"
}
]
}
}
]
},
"vendor_name" : "The systemd Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815"
}
]
}
}

67
2019/6xxx/CVE-2019-6986.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project",
"refsource" : "MISC",
"url" : "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project"
},
{
"name" : "https://github.com/vivo-project/Vitro/pull/111",
"refsource" : "MISC",
"url" : "https://github.com/vivo-project/Vitro/pull/111"
}
]
}
}