admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-08 13:01:00 +00:00
parent 56f83144be
commit 53966893a2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
34 changed files with 1234 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/5xxx/CVE-2017-5715.json
View File

@ -492,6 +492,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2017/5xxx/CVE-2017-5753.json
View File

@ -377,6 +377,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2017/5xxx/CVE-2017-5754.json
View File

@ -372,6 +372,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2018/12xxx/CVE-2018-12126.json
View File

@ -123,6 +123,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
}, },

5
2018/12xxx/CVE-2018-12127.json
View File

@ -123,6 +123,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
}, },

5
2018/12xxx/CVE-2018-12130.json
View File

@ -123,6 +123,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
}, },

67
2018/21xxx/CVE-2018-21020.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/pull/7084",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/pull/7084"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

67
2018/21xxx/CVE-2018-21021.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/pull/7086",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/pull/7086"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

67
2018/21xxx/CVE-2018-21022.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/pull/7087",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/pull/7087"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

72
2018/21xxx/CVE-2018-21023.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/pull/7083",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/pull/7083"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/pull/7271",
"url": "https://github.com/centreon/centreon/pull/7271"
}
]
}
}

67
2018/21xxx/CVE-2018-21025.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/issues/7082",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/issues/7082"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

5
2018/3xxx/CVE-2018-3615.json
View File

@ -132,6 +132,11 @@
"name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", "name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault" "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2018/3xxx/CVE-2018-3620.json
View File

@ -307,6 +307,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2018/3xxx/CVE-2018-3639.json
View File

@ -757,6 +757,11 @@
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"url": "https://seclists.org/bugtraq/2019/Jun/36" "url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2018/3xxx/CVE-2018-3640.json
View File

@ -157,6 +157,11 @@
"name": "https://security.netapp.com/advisory/ntap-20180521-0001/", "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/" "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2018/3xxx/CVE-2018-3646.json
View File

@ -322,6 +322,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
} }

5
2019/11xxx/CVE-2019-11091.json
View File

@ -123,6 +123,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
} }
] ]
}, },

72
2019/13xxx/CVE-2019-13336.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.reddit.com/r/AskNetsec/comments/c9p22m/company_threatening_to_sue_me_if_i_publicly/",
"url": "https://www.reddit.com/r/AskNetsec/comments/c9p22m/company_threatening_to_sue_me_if_i_publicly/"
},
{
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=SkTKt1nV57I",
"url": "https://www.youtube.com/watch?v=SkTKt1nV57I"
},
{
"refsource": "MISC",
"name": "http://noahclements.com/Improper-Input-Validation-on-dbell-Smart-Doorbell-Can-Lead-To-Attackers-Remotely-Unlocking-Door/",
"url": "http://noahclements.com/Improper-Input-Validation-on-dbell-Smart-Doorbell-Can-Lead-To-Attackers-Remotely-Unlocking-Door/"
}
]
}
}

67
2019/14xxx/CVE-2019-14656.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://cerebusforensics.com/yealink/exploit.html",
"refsource": "MISC",
"name": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"refsource": "MISC",
"name": "https://sway.office.com/3pCb559LYVuT0eig",
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
]
}
}

67
2019/14xxx/CVE-2019-14657.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://cerebusforensics.com/yealink/exploit.html",
"refsource": "MISC",
"name": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"refsource": "MISC",
"name": "https://sway.office.com/3pCb559LYVuT0eig",
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
]
}
}

67
2019/16xxx/CVE-2019-16416.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HRworks 3.36.9 allows XSS via the purpose of a travel-expense report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.hrworks.de",
"refsource": "MISC",
"name": "https://www.hrworks.de"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/svennergr/501409fbdb0ef4a8b0f07a26a2815fbb",
"url": "https://gist.github.com/svennergr/501409fbdb0ef4a8b0f07a26a2815fbb"
}
]
}
}

67
2019/16xxx/CVE-2019-16417.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.hrworks.de/kategorie/news/flow/",
"refsource": "MISC",
"name": "https://www.hrworks.de/kategorie/news/flow/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/svennergr/204038bda1849ebce9af32eea9e55038",
"url": "https://gist.github.com/svennergr/204038bda1849ebce9af32eea9e55038"
}
]
}
}

62
2019/16xxx/CVE-2019-16929.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://auth0.com/docs/security/bulletins/cve-2019-16929",
"url": "https://auth0.com/docs/security/bulletins/cve-2019-16929"
}
]
}
}

67
2019/17xxx/CVE-2019-17104.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/issues/7097",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/issues/7097"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

67
2019/17xxx/CVE-2019-17106.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/issues/7098",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/issues/7098"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

67
2019/17xxx/CVE-2019-17107.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/pull/7099",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/pull/7099"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

67
2019/17xxx/CVE-2019-17108.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/centreon/centreon/pull/7101",
"refsource": "MISC",
"name": "https://github.com/centreon/centreon/pull/7101"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
]
}
}

67
2019/17xxx/CVE-2019-17271.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa",
"refsource": "MISC",
"name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html"
}
]
}
}

72
2019/17xxx/CVE-2019-17352.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jfinal/jfinal/issues/171",
"refsource": "MISC",
"name": "https://github.com/jfinal/jfinal/issues/171"
},
{
"url": "https://gitee.com/jfinal/cos/commit/5eb23d6e384abaad19faa7600d14c9a2f525946a",
"refsource": "MISC",
"name": "https://gitee.com/jfinal/cos/commit/5eb23d6e384abaad19faa7600d14c9a2f525946a"
},
{
"url": "https://gitee.com/jfinal/cos/commit/8d26eec61f0d072a68bf7393cf3a8544a1112130",
"refsource": "MISC",
"name": "https://gitee.com/jfinal/cos/commit/8d26eec61f0d072a68bf7393cf3a8544a1112130"
}
]
}
}

5
2019/1xxx/CVE-2019-1125.json
View File

@ -251,6 +251,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:2899", "name": "RHSA-2019:2899",
"url": "https://access.redhat.com/errata/RHSA-2019:2899" "url": "https://access.redhat.com/errata/RHSA-2019:2899"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2975",
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
} }
] ]
} }

5
2019/5xxx/CVE-2019-5953.json
View File

@ -21,6 +21,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-201908-19", "name": "GLSA-201908-19",
"url": "https://security.gentoo.org/glsa/201908-19" "url": "https://security.gentoo.org/glsa/201908-19"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2979",
"url": "https://access.redhat.com/errata/RHSA-2019:2979"
} }
] ]
}, },

5
2019/6xxx/CVE-2019-6133.json
View File

@ -171,6 +171,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:2699", "name": "RHSA-2019:2699",
"url": "https://access.redhat.com/errata/RHSA-2019:2699" "url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2978",
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
} }
] ]
} }

5
2019/9xxx/CVE-2019-9506.json
View File

@ -157,6 +157,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4147-1", "name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/" "url": "https://usn.ubuntu.com/4147-1/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2975",
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
} }
] ]
}, },

5
2019/9xxx/CVE-2019-9636.json
View File

@ -256,6 +256,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-2b1f72899a", "name": "FEDORA-2019-2b1f72899a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2980",
"url": "https://access.redhat.com/errata/RHSA-2019:2980"
} }
] ]
} }