admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-05 15:01:20 +00:00
parent d836f1c812
commit 4c487bcc06
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 315 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
2013/6xxx/CVE-2013-6460.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6460",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ruby",
"product": {
"product_data": [
{
"product_name": "Nokogiri gem",
"version": {
"version_data": [
{
"version_value": "1.5.x"
},
{
"version_value": "1.6.x"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "while parsing XML documents"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6460",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-6460",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-6460"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/64513",
"url": "http://www.securityfocus.com/bid/64513"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
}
]
}

78
2013/6xxx/CVE-2013-6461.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6461",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ruby",
"product": {
"product_data": [
{
"product_name": "Nokogiri gem",
"version": {
"version_data": [
{
"version_value": "1.5.x"
},
{
"version_value": "1.6.x"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "while parsing XML entities"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6461",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-6461",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-6461"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/64513",
"url": "http://www.securityfocus.com/bid/64513"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
}
]
}

2
2019/12xxx/CVE-2019-12314.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd URI."
"value": "Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI."
}
]
},

92
2019/17xxx/CVE-2019-17212.json Normal file
View File

@ -0,0 +1,92 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L301",
"refsource": "MISC",
"name": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L301"
},
{
"url": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L660",
"refsource": "MISC",
"name": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L660"
},
{
"url": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L331",
"refsource": "MISC",
"name": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L331"
},
{
"url": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L257",
"refsource": "MISC",
"name": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L257"
},
{
"url": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L310",
"refsource": "MISC",
"name": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L310"
},
{
"url": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L313",
"refsource": "MISC",
"name": "https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L313"
},
{
"refsource": "MISC",
"name": "https://github.com/ARMmbed/mbed-os/issues/11803",
"url": "https://github.com/ARMmbed/mbed-os/issues/11803"
}
]
}
}

67
2019/17xxx/CVE-2019-17598.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.playframework.com/security/vulnerability",
"refsource": "MISC",
"name": "https://www.playframework.com/security/vulnerability"
},
{
"refsource": "CONFIRM",
"name": "https://www.playframework.com/security/vulnerability/CVE-2019-17598-PlayWSHttpConnectAuthorizationHeaders",
"url": "https://www.playframework.com/security/vulnerability/CVE-2019-17598-PlayWSHttpConnectAuthorizationHeaders"
}
]
}
}