admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-29 19:00:49 +00:00
parent 76e1019788
commit 5035d9c0b8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 280 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2018/11xxx/CVE-2018-11772.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11772",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-11772",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "VCL",
"version": {
"version_data": [
{
"version_value": "2.1 through 2.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[vcl-dev] 20190729 [CVE-2018-11772] Apache VCL SQL injection attack in privilege management",
"url": "https://lists.apache.org/thread.html/a468c473b4c418307b9866fe4c613630a2efc46bed53438b6af1f55c@%3Cdev.vcl.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech."
}
]
}

58
2018/11xxx/CVE-2018-11773.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11773",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-11773",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "VCL",
"version": {
"version_data": [
{
"version_value": "2.1 through 2.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper form validation in block allocation management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[vcl-dev] 20190729 [CVE-2018-11773] Apache VCL improper form validation in block allocation management",
"url": "https://lists.apache.org/thread.html/db71c4edc21ecb834cf20e3ee23ffac5d37f32e7eb67257a413bf878@%3Cdev.vcl.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech."
}
]
}

58
2018/11xxx/CVE-2018-11774.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11774",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-11774",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "VCL",
"version": {
"version_data": [
{
"version_value": "2.1 through 2.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[vcl-dev] 20190729 [CVE-2018-11774] Apache VCL SQL injection attack in VM management",
"url": "https://lists.apache.org/thread.html/8f90e00910d1ee3d850e56d87c18cb298a126d10955413d296e47c0c@%3Cdev.vcl.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech."
}
]
}

5
2018/14xxx/CVE-2018-14618.json
View File

@ -119,6 +119,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1880",
"url": "https://access.redhat.com/errata/RHSA-2019:1880"
}
]
}

5
2018/15xxx/CVE-2018-15664.json
View File

@ -86,6 +86,11 @@
"refsource": "CONFIRM",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1910",
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
}
]
}

10
2018/16xxx/CVE-2018-16884.json
View File

@ -131,6 +131,16 @@
"refsource": "UBUNTU",
"name": "USN-3981-2",
"url": "https://usn.ubuntu.com/3981-2/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1873",
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1891",
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
}
]
}

5
2018/1xxx/CVE-2018-1312.json
View File

@ -122,6 +122,11 @@
"refsource": "UBUNTU",
"name": "USN-3937-2",
"url": "https://usn.ubuntu.com/3937-2/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1898",
"url": "https://access.redhat.com/errata/RHSA-2019:1898"
}
]
}

5
2018/20xxx/CVE-2018-20815.json
View File

@ -81,6 +81,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1743",
"url": "https://access.redhat.com/errata/RHSA-2019:1743"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1881",
"url": "https://access.redhat.com/errata/RHSA-2019:1881"
}
]
}

10
2019/11xxx/CVE-2019-11085.json
View File

@ -78,6 +78,16 @@
"refsource": "UBUNTU",
"name": "USN-4068-2",
"url": "https://usn.ubuntu.com/4068-2/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1873",
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1891",
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
}
]
},

10
2019/11xxx/CVE-2019-11811.json
View File

@ -86,6 +86,16 @@
"refsource": "BID",
"name": "108410",
"url": "http://www.securityfocus.com/bid/108410"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1873",
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1891",
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
}
]
}

62
2019/13xxx/CVE-2019-13655.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://obsidianterminal.blogspot.com/2019/07/dos-in-imgix-cdns-image-processing.html",
"url": "https://obsidianterminal.blogspot.com/2019/07/dos-in-imgix-cdns-image-processing.html"
}
]
}
}

5
2019/3xxx/CVE-2019-3862.json
View File

@ -118,6 +118,11 @@
"refsource": "BUGTRAQ",
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1884",
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
}
]
},

5
2019/3xxx/CVE-2019-3883.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1779-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00008.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1896",
"url": "https://access.redhat.com/errata/RHSA-2019:1896"
}
]
},

5
2019/6xxx/CVE-2019-6778.json
View File

@ -106,6 +106,11 @@
"refsource": "BUGTRAQ",
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1883",
"url": "https://access.redhat.com/errata/RHSA-2019:1883"
}
]
}