admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-18 19:00:53 +00:00
parent 86ee893c8b
commit 58c7f212d3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 349 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/20xxx/CVE-2018-20843.json
View File

@ -116,6 +116,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-139fcda84d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K51011533",
"url": "https://support.f5.com/csp/article/K51011533"
}
]
}

59
2019/1010xxx/CVE-2019-1010112.json
View File

@ -1,17 +1,64 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OECMS",
"product": {
"product_data": [
{
"product_name": "OECMS",
"version": {
"version_data": [
{
"version_value": "v4.3.R60321"
},
{
"version_value": "v4.3 later [fixed: v4.3]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LiodAir/images/blob/master/csrf.md",
"refsource": "MISC",
"name": "https://github.com/LiodAir/images/blob/master/csrf.md"
}
]
}

56
2019/1010xxx/CVE-2019-1010246.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailCleaner",
"version": {
"version_data": [
{
"version_value": "before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]"
}
]
}
}
]
},
"vendor_name": "MailCleaner"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated MySQL database password information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9",
"refsource": "MISC",
"name": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
]
}

66
2019/1010xxx/CVE-2019-1010279.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Suricata",
"version": {
"version_data": [
{
"version_value": "prior to version 4.1.3 [fixed: 4.1.3]"
}
]
}
}
]
},
"vendor_name": "Open Information Security Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service - TCP/HTTP detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://redmine.openinfosecfoundation.org/issues/2770",
"refsource": "MISC",
"name": "https://redmine.openinfosecfoundation.org/issues/2770"
},
{
"url": "https://github.com/OISF/suricata/pull/3625",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/pull/3625"
},
{
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
}
]
}

2
2019/13xxx/CVE-2019-13115.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855."
"value": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855."
}
]
},

62
2019/13xxx/CVE-2019-13959.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/394",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/394"
}
]
}
}

67
2019/13xxx/CVE-2019-13960.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337",
"refsource": "MISC",
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/337"
},
{
"url": "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf",
"refsource": "MISC",
"name": "https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf"
}
]
}
}

58
2019/8xxx/CVE-2019-8286.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8286",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-8286",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kaspersky",
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security",
"version": {
"version_data": [
{
"version_value": "up to 2019"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"
}
]
}