admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:CVEProject/cvelist

Browse Source
This commit is contained in:
CVE Team 2019-02-21 11:30:41 -05:00
commit 4f7c9b01c6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
27 changed files with 901 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2013/7xxx/CVE-2013-7469.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7469",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://drive.google.com/file/d/1rwYsnuhZZxmSR6Zs8rJlWW3R27XBOSJU/view",
"refsource" : "MISC",
"url" : "https://drive.google.com/file/d/1rwYsnuhZZxmSR6Zs8rJlWW3R27XBOSJU/view"
},
{
"name" : "https://github.com/haiwen/seafile/issues/350",
"refsource" : "MISC",
"url" : "https://github.com/haiwen/seafile/issues/350"
}
]
}

80
2018/15xxx/CVE-2018-15380.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-02-20T16:00:00-0800",
"ID" : "CVE-2018-15380",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "Cisco HyperFlex Software Command Injection Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco HyperFlex HX-Series ",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "3.5(2a)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +37,56 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.8",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-78"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190220 Cisco HyperFlex Software Command Injection Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyperflex-injection"
},
{
"name" : "107095",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107095"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190220-hyperflex-injection",
"defect" : [
[
"CSCvj95606"
]
],
"discovery" : "INTERNAL"
}
}

48
2018/20xxx/CVE-2018-20122.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20122",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.horizonsecurity.it/advisories/?a=12&title=Fastweb+FastGate+router+101b+Remote+code+execution++CVE201820122",
"refsource" : "MISC",
"url" : "http://www.horizonsecurity.it/advisories/?a=12&title=Fastweb+FastGate+router+101b+Remote+code+execution++CVE201820122"
}
]
}

48
2018/20xxx/CVE-2018-20146.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20146",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.liquidware.com/content/pdf/documents/support/Liquidware-ProfileUnity-Release-Notes.pdf",
"refsource" : "MISC",
"url" : "https://www.liquidware.com/content/pdf/documents/support/Liquidware-ProfileUnity-Release-Notes.pdf"
}
]
}

72
2018/6xxx/CVE-2018-6687.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2018-6687",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "GetSusp (a free McAfee tool) update fixes an infinite loop vulnerability (CVE-2018-6687)"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "McAfee GetSusp (GetSusp)",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "Windows",
"version_value" : "3.0.0.461"
}
]
}
}
]
},
"vendor_name" : "McAfee, LLC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +37,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Loop with Unreachable Exit Condition ('Infinite Loop')"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10270",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10270"
}
]
},
"source" : {
"discovery" : "EXTERNAL"
}
}

5
2018/9xxx/CVE-2018-9867.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-08",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-08"
},
{
"name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017",
"refsource" : "CONFIRM",

18
2019/1000xxx/CVE-2019-1000030.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1000030",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-7580. Reason: This candidate is a reservation duplicate of CVE-2019-7580. Notes: All CVE users should reference CVE-2019-7580 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

18
2019/1000xxx/CVE-2019-1000041.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1000041",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-7575, CVE-2019-7577. Reason: This candidate is a reservation duplicate of CVE-2019-7575 and/or CVE-2019-7577. Notes: All CVE users should reference CVE-2019-7575 and/or CVE-2019-7577 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

18
2019/1000xxx/CVE-2019-1000047.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1000047",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7469. Reason: This candidate is a reservation duplicate of CVE-2013-7469. Notes: All CVE users should reference CVE-2013-7469 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

18
2019/1000xxx/CVE-2019-1000048.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1000048",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7469. Reason: This candidate is a reservation duplicate of CVE-2013-7469. Notes: All CVE users should reference CVE-2013-7469 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

18
2019/1000xxx/CVE-2019-1000049.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1000049",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-8363. Reason: This candidate is a reservation duplicate of CVE-2019-8363. Notes: All CVE users should reference CVE-2019-8363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

79
2019/1xxx/CVE-2019-1659.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-02-20T16:00:00-0800",
"ID" : "CVE-2019-1659",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "Cisco Prime Infrastructure Certificate Validation Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Prime Infrastructure ",
"version" : {
"version_data" : [
{
"affected" : ">",
"version_value" : "2.2"
},
{
"affected" : "<",
"version_value" : "3.5"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +41,51 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.4",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190220 Cisco Prime Infrastructure Certificate Validation Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190220-prime-validation",
"defect" : [
[
"CSCvj87015"
]
],
"discovery" : "INTERNAL"
}
}

5
2019/3xxx/CVE-2019-3825.json
View File

@ -66,6 +66,11 @@
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"
},
{
"name" : "USN-3892-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3892-1/"
}
]
}

48
2019/5xxx/CVE-2019-5727.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5727",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.splunk.com/view/SP-CAAAQAF",
"refsource" : "MISC",
"url" : "https://www.splunk.com/view/SP-CAAAQAF"
}
]
}

5
2019/8xxx/CVE-2019-8376.json
View File

@ -61,6 +61,11 @@
"name" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/",
"refsource" : "MISC",
"url" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/"
},
{
"name" : "107085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107085"
}
]
}

5
2019/8xxx/CVE-2019-8377.json
View File

@ -61,6 +61,11 @@
"name" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/",
"refsource" : "MISC",
"url" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/"
},
{
"name" : "107085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107085"
}
]
}

2
2019/8xxx/CVE-2019-8912.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr."
"value" : "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr."
}
]
},

5
2019/8xxx/CVE-2019-8942.json
View File

@ -56,6 +56,11 @@
"name" : "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/",
"refsource" : "MISC",
"url" : "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"
},
{
"name" : "107088",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107088"
}
]
}

5
2019/8xxx/CVE-2019-8943.json
View File

@ -56,6 +56,11 @@
"name" : "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/",
"refsource" : "MISC",
"url" : "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"
},
{
"name" : "107089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107089"
}
]
}

18
2019/8xxx/CVE-2019-8977.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8977",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/8xxx/CVE-2019-8978.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8978",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2019/8xxx/CVE-2019-8979.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/huzr2018/orderby_SQLi",
"refsource" : "MISC",
"url" : "https://github.com/huzr2018/orderby_SQLi"
}
]
}
}

67
2019/8xxx/CVE-2019-8980.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html",
"refsource" : "MISC",
"url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html"
},
{
"name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html",
"refsource" : "MISC",
"url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html"
}
]
}
}

18
2019/8xxx/CVE-2019-8981.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8981",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2019/8xxx/CVE-2019-8982.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8982",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45158",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45158"
}
]
}
}

62
2019/8xxx/CVE-2019-8983.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/",
"refsource" : "MISC",
"url" : "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/"
}
]
}
}

62
2019/8xxx/CVE-2019-8984.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/",
"refsource" : "MISC",
"url" : "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/"
}
]
}
}