admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-26 15:00:54 +00:00
parent 2a1e937a84
commit 58ed0a15ea
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
36 changed files with 1961 additions and 388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2013/7xxx/CVE-2013-7285.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
"url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E"
}
]
}

5
2016/5xxx/CVE-2016-5388.json
View File

@ -151,6 +151,11 @@
"refsource": "MLIST",
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
"url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E"
}
]
}

5
2018/1xxx/CVE-2018-1270.json
View File

@ -107,6 +107,11 @@
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
"url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E"
}
]
}

5
2018/20xxx/CVE-2018-20815.json
View File

@ -106,6 +106,11 @@
"refsource": "BUGTRAQ",
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"refsource": "DEBIAN",
"name": "DSA-4506",
"url": "https://www.debian.org/security/2019/dsa-4506"
}
]
}

62
2018/20xxx/CVE-2018-20991.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2018-0003.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2018-0003.html"
}
]
}
}

67
2018/20xxx/CVE-2018-20999.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2018-0012.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2018-0012.html"
},
{
"refsource": "MISC",
"name": "https://github.com/brycx/orion/issues/46",
"url": "https://github.com/brycx/orion/issues/46"
}
]
}
}

67
2018/21xxx/CVE-2018-21000.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2018-0013.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2018-0013.html"
},
{
"refsource": "MISC",
"name": "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36",
"url": "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36"
}
]
}
}

5
2019/13xxx/CVE-2019-13164.json
View File

@ -76,6 +76,11 @@
"refsource": "BUGTRAQ",
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"refsource": "DEBIAN",
"name": "DSA-4506",
"url": "https://www.debian.org/security/2019/dsa-4506"
}
]
}

81
2019/14xxx/CVE-2019-14300.json Normal file
View File

@ -0,0 +1,81 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ricoh-usa.com/en/support-and-download",
"refsource": "MISC",
"name": "https://www.ricoh-usa.com/en/support-and-download"
},
{
"url": "https://www.ricoh.com/info/2019/0823_1/",
"refsource": "MISC",
"name": "https://www.ricoh.com/info/2019/0823_1/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
}

81
2019/14xxx/CVE-2019-14305.json Normal file
View File

@ -0,0 +1,81 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ricoh-usa.com/en/support-and-download",
"refsource": "MISC",
"name": "https://www.ricoh-usa.com/en/support-and-download"
},
{
"url": "https://www.ricoh.com/info/2019/0823_1/",
"refsource": "MISC",
"name": "https://www.ricoh.com/info/2019/0823_1/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

81
2019/14xxx/CVE-2019-14307.json Normal file
View File

@ -0,0 +1,81 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ricoh-usa.com/en/support-and-download",
"refsource": "MISC",
"name": "https://www.ricoh-usa.com/en/support-and-download"
},
{
"url": "https://www.ricoh.com/info/2019/0823_1/",
"refsource": "MISC",
"name": "https://www.ricoh.com/info/2019/0823_1/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

5
2019/14xxx/CVE-2019-14378.json
View File

@ -71,6 +71,11 @@
"refsource": "BUGTRAQ",
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"refsource": "DEBIAN",
"name": "DSA-4506",
"url": "https://www.debian.org/security/2019/dsa-4506"
}
]
}

62
2019/15xxx/CVE-2019-15550.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0008.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2019-0008.html"
}
]
}
}

67
2019/15xxx/CVE-2019-15551.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html"
},
{
"refsource": "MISC",
"name": "https://github.com/servo/rust-smallvec/issues/148",
"url": "https://github.com/servo/rust-smallvec/issues/148"
}
]
}
}

67
2019/15xxx/CVE-2019-15552.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0010.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2019-0010.html"
},
{
"refsource": "MISC",
"name": "https://github.com/sile/libflate/issues/35",
"url": "https://github.com/sile/libflate/issues/35"
}
]
}
}

67
2019/15xxx/CVE-2019-15553.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0011.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2019-0011.html"
},
{
"refsource": "MISC",
"name": "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490",
"url": "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"
}
]
}
}

67
2019/15xxx/CVE-2019-15554.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0012.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2019-0012.html"
},
{
"refsource": "MISC",
"name": "https://github.com/servo/rust-smallvec/issues/149",
"url": "https://github.com/servo/rust-smallvec/issues/149"
}
]
}
}

72
2019/15xxx/CVE-2019-15563.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OHDSI/WebAPI/pull/1101",
"refsource": "MISC",
"name": "https://github.com/OHDSI/WebAPI/pull/1101"
},
{
"url": "https://github.com/OHDSI/WebAPI/releases/tag/v2.7.2",
"refsource": "MISC",
"name": "https://github.com/OHDSI/WebAPI/releases/tag/v2.7.2"
},
{
"url": "https://github.com/OHDSI/WebAPI/milestone/28?closed=1",
"refsource": "MISC",
"name": "https://github.com/OHDSI/WebAPI/milestone/28?closed=1"
}
]
}
}

62
2019/15xxx/CVE-2019-15564.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CompassionCH/compassion-switzerland/pull/897",
"refsource": "MISC",
"name": "https://github.com/CompassionCH/compassion-switzerland/pull/897"
}
]
}
}

62
2019/15xxx/CVE-2019-15565.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/danidomen/icommktconnector/pull/1",
"refsource": "MISC",
"name": "https://github.com/danidomen/icommktconnector/pull/1"
}
]
}
}

67
2019/15xxx/CVE-2019-15566.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7",
"refsource": "MISC",
"name": "https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7"
},
{
"url": "https://github.com/Alfresco/alfresco-android-app/pull/547",
"refsource": "MISC",
"name": "https://github.com/Alfresco/alfresco-android-app/pull/547"
}
]
}
}

62
2019/15xxx/CVE-2019-15567.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/openforis/arena/pull/170",
"refsource": "MISC",
"name": "https://github.com/openforis/arena/pull/170"
}
]
}
}

62
2019/15xxx/CVE-2019-15568.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/chanzuckerberg/idseq-web/pull/2372",
"refsource": "MISC",
"name": "https://github.com/chanzuckerberg/idseq-web/pull/2372"
}
]
}
}

62
2019/15xxx/CVE-2019-15569.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hmcts/ccd-data-store-api/pull/394",
"refsource": "MISC",
"name": "https://github.com/hmcts/ccd-data-store-api/pull/394"
}
]
}
}

62
2019/15xxx/CVE-2019-15570.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bedita/bedita/pull/1608",
"refsource": "MISC",
"name": "https://github.com/bedita/bedita/pull/1608"
}
]
}
}

62
2019/15xxx/CVE-2019-15571.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/clonos/control-pane/pull/20",
"refsource": "MISC",
"name": "https://github.com/clonos/control-pane/pull/20"
}
]
}
}

62
2019/15xxx/CVE-2019-15572.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/marcomoa/gesior-aac/pull/8",
"refsource": "MISC",
"name": "https://github.com/marcomoa/gesior-aac/pull/8"
}
]
}
}

62
2019/15xxx/CVE-2019-15573.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/marcomoa/gesior-aac/pull/9",
"refsource": "MISC",
"name": "https://github.com/marcomoa/gesior-aac/pull/9"
}
]
}
}

62
2019/15xxx/CVE-2019-15574.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/marcomoa/gesior-aac/pull/11",
"refsource": "MISC",
"name": "https://github.com/marcomoa/gesior-aac/pull/11"
}
]
}
}

194
2019/4xxx/CVE-2019-4169.json
View File

@ -1,100 +1,100 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4169",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-16T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"C" : "H",
"AV" : "A",
"SCORE" : "8.100",
"I" : "H",
"AC" : "L",
"A" : "N",
"PR" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10881209",
"title" : "IBM Security Bulletin 881209 (P9 OpenPOWER)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10881209",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158702",
"name" : "ibm-bmc-cve20194169-info-disc (158702)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "P9 OpenPOWER",
"version" : {
"version_data" : [
{
"version_value" : "OP920"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "OP910"
}
]
},
"product_name" : "P9 OpenPower"
}
]
},
"vendor_name" : "IBM"
"value": "IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.",
"lang": "eng"
}
]
}
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4169",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-16T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"UI": "N",
"C": "H",
"AV": "A",
"SCORE": "8.100",
"I": "H",
"AC": "L",
"A": "N",
"PR": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"references": {
"reference_data": [
{
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10881209",
"title": "IBM Security Bulletin 881209 (P9 OpenPOWER)",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10881209",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158702",
"name": "ibm-bmc-cve20194169-info-disc (158702)",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P9 OpenPOWER",
"version": {
"version_data": [
{
"version_value": "OP920"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "OP910"
}
]
},
"product_name": "P9 OpenPower"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

204
2019/4xxx/CVE-2019-4447.json
View File

@ -1,105 +1,105 @@
{
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-21T00:00:00",
"ID" : "CVE-2019-4447",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"value" : "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-21T00:00:00",
"ID": "CVE-2019-4447",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DB2 High Performance Unload load for LUW",
"version" : {
"version_data" : [
{
"version_value" : "6.1"
},
{
"version_value" : "6.1.0.1"
},
{
"version_value" : "6.1.0.1IF1"
},
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.1.0.2IF1"
},
{
"version_value" : "6.1.0.1IF2"
}
]
}
}
]
}
"value": "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.",
"lang": "eng"
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"title" : "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)"
},
{
"refsource" : "XF",
"name" : "ibm-db2-cve20194447-priv-escalation (163488)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163488"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"SCORE" : "8.400",
"I" : "H",
"AC" : "L",
"A" : "H",
"PR" : "N",
"UI" : "N",
"S" : "U",
"AV" : "L",
"C" : "H"
}
}
}
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "DB2 High Performance Unload load for LUW",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.1IF1"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1.0.2IF1"
},
{
"version_value": "6.1.0.1IF2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"title": "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)"
},
{
"refsource": "XF",
"name": "ibm-db2-cve20194447-priv-escalation (163488)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163488"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"SCORE": "8.400",
"I": "H",
"AC": "L",
"A": "H",
"PR": "N",
"UI": "N",
"S": "U",
"AV": "L",
"C": "H"
}
}
}
}

204
2019/4xxx/CVE-2019-4448.json
View File

@ -1,105 +1,105 @@
{
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-08-21T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4448",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-08-21T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4448",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "DB2 High Performance Unload load for LUW",
"version" : {
"version_data" : [
{
"version_value" : "6.1"
},
{
"version_value" : "6.1.0.1"
},
{
"version_value" : "6.1.0.1IF1"
},
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.1.0.2IF1"
},
{
"version_value" : "6.1.0.1IF2"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489."
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"S" : "U",
"AV" : "L",
"C" : "H",
"AC" : "L",
"A" : "H",
"PR" : "N",
"SCORE" : "8.400",
"I" : "H"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"title" : "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)"
},
{
"refsource" : "XF",
"name" : "ibm-db2-cve20194448-priv-escalation (163489)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163489",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "DB2 High Performance Unload load for LUW",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.1IF1"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1.0.2IF1"
},
{
"version_value": "6.1.0.1IF2"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "N",
"S": "U",
"AV": "L",
"C": "H",
"AC": "L",
"A": "H",
"PR": "N",
"SCORE": "8.400",
"I": "H"
}
}
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964592",
"title": "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)"
},
{
"refsource": "XF",
"name": "ibm-db2-cve20194448-priv-escalation (163489)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163489",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE"
}

174
2019/4xxx/CVE-2019-4513.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "L",
"PR" : "N",
"SCORE" : "8.200",
"I" : "N",
"S" : "U",
"UI" : "N",
"C" : "H",
"AV" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10996716",
"title" : "IBM Security Bulletin 996716 (Security Access Manager for Enterprise Single Sign-On)",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10996716"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164555",
"refsource" : "XF",
"name" : "ibm-sam-cve20194513-xxe (164555)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager for Enterprise Single Sign-On",
"version" : {
"version_data" : [
{
"version_value" : "8.2.2"
}
]
}
}
]
}
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "L",
"PR": "N",
"SCORE": "8.200",
"I": "N",
"S": "U",
"UI": "N",
"C": "H",
"AV": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10996716",
"title": "IBM Security Bulletin 996716 (Security Access Manager for Enterprise Single Sign-On)",
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10996716"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164555",
"refsource": "XF",
"name": "ibm-sam-cve20194513-xxe (164555)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Access Manager for Enterprise Single Sign-On",
"version": {
"version_data": [
{
"version_value": "8.2.2"
}
]
}
}
]
}
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4513",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-21T00:00:00"
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4513",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-21T00:00:00"
}
}

5
2019/9xxx/CVE-2019-9512.json
View File

@ -173,6 +173,11 @@
"refsource": "BUGTRAQ",
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"refsource": "DEBIAN",
"name": "DSA-4508",
"url": "https://www.debian.org/security/2019/dsa-4508"
}
]
},

5
2019/9xxx/CVE-2019-9514.json
View File

@ -173,6 +173,11 @@
"refsource": "BUGTRAQ",
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"refsource": "DEBIAN",
"name": "DSA-4508",
"url": "https://www.debian.org/security/2019/dsa-4508"
}
]
},

5
2019/9xxx/CVE-2019-9515.json
View File

@ -143,6 +143,11 @@
"refsource": "BUGTRAQ",
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"refsource": "DEBIAN",
"name": "DSA-4508",
"url": "https://www.debian.org/security/2019/dsa-4508"
}
]
},