admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-26 16:00:59 +00:00
parent c7b3dd80e0
commit 5d9703234a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
21 changed files with 1462 additions and 351 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2018/11xxx/CVE-2018-11782.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11782",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-11782",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt",
"url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server."
}
]
}

58
2019/0xxx/CVE-2019-0203.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0203",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0203",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt",
"url": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server."
}
]
}

50
2019/10xxx/CVE-2019-10082.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.18 to 2.4.39"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_http2, write beyond array on h2 push"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown."
}
]
}

50
2019/10xxx/CVE-2019-10092.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.0 to 2.4.39"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Limited cross-site scriptingcross-site scripting in mod_proxy"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed."
}
]
}

50
2019/10xxx/CVE-2019-10097.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.32 to 2.4.39"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow and NULL pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients."
}
]
}

123
2019/10xxx/CVE-2019-10882.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"DATE_PUBLIC": "2019-05-17T00:00:00.000Z",
"ID": "CVE-2019-10882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Netskope client buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netskope client",
"version": {
"version_data": [
{
"platform": "x86",
"version_affected": ">=",
"version_name": "Netskope client",
"version_value": "54"
},
{
"platform": "x86",
"version_affected": "<",
"version_name": "Netskope client",
"version_value": "62"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "57.2.0.219"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "60.2.0.214"
}
]
}
}
]
},
"vendor_name": "Netskope"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in \"doHandshakefromServer\" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"name": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"refsource": "MISC",
"name": "https://airbus-seclab.github.io/advisories/netskope.html",
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client.\n"
}
],
"source": {
"discovery": "INTERNAL"
}
}

2
2019/10xxx/CVE-2019-10892.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has \"SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/\" at the beginning."
"value": "An issue was discovered in D-Link DIR-806 devices.There is an stack overflow in fuction hnap_main at /htdocs/cgibin. The function will call sprintf willout check the strings in parameter given by HTTP header and can be controlled by user. And it finally leads to a stack-based buffer overflow via a special HTTP header."
}
]
},

122
2019/12xxx/CVE-2019-12091.json
View File

@ -1,18 +1,128 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"ID": "CVE-2019-12091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Netskope client command injections vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netskope client",
"version": {
"version_data": [
{
"platform": "x86",
"version_affected": ">=",
"version_name": "Netskope client",
"version_value": "57"
},
{
"platform": "x86",
"version_affected": "<",
"version_name": "Netskope client",
"version_value": "62"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "60.2.0.214"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "57.2.0.219"
}
]
}
}
]
},
"vendor_name": "Netskope"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\\SYSTEM privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"name": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"refsource": "MISC",
"name": "https://airbus-seclab.github.io/advisories/netskope.html",
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client."
}
],
"source": {
"discovery": "INTERNAL"
}
}

243
2019/13xxx/CVE-2019-13523.json Normal file
View File

@ -0,0 +1,243 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13523",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Performance IP Cameras",
"version": {
"version_data": [
{
"version_value": "HBD3PR2"
},
{
"version_value": "H4D3PRV3"
},
{
"version_value": "HED3PR3"
},
{
"version_value": "H4D3PRV2"
},
{
"version_value": "HBD3PR1"
},
{
"version_value": "H4W8PR2"
},
{
"version_value": "HBW8PR2"
},
{
"version_value": "H2W2PC1M"
},
{
"version_value": "H2W4PER3"
},
{
"version_value": "H2W2PER3"
},
{
"version_value": "HEW2PER3"
},
{
"version_value": "HEW4PER3B"
},
{
"version_value": "HBW2PER1"
},
{
"version_value": "HEW4PER2"
},
{
"version_value": "HEW4PER2B"
},
{
"version_value": "HEW2PER2"
},
{
"version_value": "H4W2PER2"
},
{
"version_value": "HBW2PER2"
},
{
"version_value": "H4W2PER3"
},
{
"version_value": "HPW2P1"
}
]
}
},
{
"product_name": "Performance NVRs",
"version": {
"version_data": [
{
"version_value": "HEN08104"
},
{
"version_value": "HEN08144"
},
{
"version_value": "HEN081124"
},
{
"version_value": "HEN16104"
},
{
"version_value": "HEN16144"
},
{
"version_value": "HEN16184"
},
{
"version_value": "HEN16204"
},
{
"version_value": "HEN162244"
},
{
"version_value": "HEN16284"
},
{
"version_value": "HEN16304"
},
{
"version_value": "HEN16384"
},
{
"version_value": "HEN32104"
},
{
"version_value": "HEN321124"
},
{
"version_value": "HEN32204"
},
{
"version_value": "HEN32284"
},
{
"version_value": "HEN322164"
},
{
"version_value": "HEN32304"
},
{
"version_value": "HEN32384"
},
{
"version_value": "HEN323164"
},
{
"version_value": "HEN64204"
},
{
"version_value": "HEN64304"
},
{
"version_value": "HEN643164"
},
{
"version_value": "HEN643324"
},
{
"version_value": "HEN643484"
},
{
"version_value": "HEN04103"
},
{
"version_value": "HEN04113"
},
{
"version_value": "HEN04123"
},
{
"version_value": "HEN08103"
},
{
"version_value": "HEN08113"
},
{
"version_value": "HEN08123"
},
{
"version_value": "HEN08143"
},
{
"version_value": "HEN16103"
},
{
"version_value": "HEN16123"
},
{
"version_value": "HEN16143"
},
{
"version_value": "HEN16163"
},
{
"version_value": "HEN04103L"
},
{
"version_value": "HEN08103L"
},
{
"version_value": "HEN16103L"
},
{
"version_value": "HEN32103L"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
}
]
}
}

7
2019/14xxx/CVE-2019-14277.json
View File

@ -68,7 +68,12 @@
"name": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/"
},
{
"refsource": "MISC",
"refsource": "CONFIRM",
"name": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE",
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE"
},
{
"refsource": "CONFIRM",
"name": "https://community.axway.com/s/article/SecureTransport-Security-Notice",
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice"
}

72
2019/16xxx/CVE-2019-16409.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/symbiote/silverstripe-versionedfiles",
"refsource": "MISC",
"name": "https://github.com/symbiote/silverstripe-versionedfiles"
},
{
"url": "https://github.com/silverstripe/silverstripe-framework",
"refsource": "MISC",
"name": "https://github.com/silverstripe/silverstripe-framework"
},
{
"refsource": "CONFIRM",
"name": "https://www.silverstripe.org/download/security-releases/cve-2019-16409",
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409"
}
]
}
}

67
2019/16xxx/CVE-2019-16524.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wordpress.org/plugins/easy-fancybox/#developers",
"url": "https://wordpress.org/plugins/easy-fancybox/#developers"
},
{
"refsource": "MISC",
"name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS",
"url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS"
}
]
}
}

72
2019/16xxx/CVE-2019-16532.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.yzmcms.com/",
"refsource": "MISC",
"name": "http://www.yzmcms.com/"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-db.com/exploits/47422"
},
{
"refsource": "MISC",
"name": "https://github.com/yzmcms/yzmcms/issues/28",
"url": "https://github.com/yzmcms/yzmcms/issues/28"
}
]
}
}

62
2019/16xxx/CVE-2019-16755.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component sso.session.restore.cookies stores data using java serialization method. The vulnerability can be triggered by using an ivalid cookie that contains an embedded system command within a DWP API call, as demonstrated by the /dwp/rest/v2/administrator URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA21O000000gnYQSAY&type=Solution",
"url": "https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA21O000000gnYQSAY&type=Solution"
}
]
}
}

67
2019/16xxx/CVE-2019-16869.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/netty/netty/issues/9571",
"refsource": "MISC",
"name": "https://github.com/netty/netty/issues/9571"
},
{
"url": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final",
"refsource": "MISC",
"name": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final"
}
]
}
}

62
2019/16xxx/CVE-2019-16894.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "download.php in inoERP 4.15 allows SQL injection through insecure deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "EXPLOIT-DB",
"name": "47426",
"url": "https://www.exploit-db.com/exploits/47426"
}
]
}
}

18
2019/16xxx/CVE-2019-16895.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-16895",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-16894. Reason: This candidate is a reservation duplicate of CVE-2019-16894. Notes: All CVE users should reference CVE-2019-16894 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

178
2019/4xxx/CVE-2019-4262.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1074538",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1074538 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/pages/node/1074538"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160014",
"name" : "ibm-qradar-cve20194262-ssrf (160014)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
},
"product_name" : "QRadar SIEM"
}
]
}
"url": "https://www.ibm.com/support/pages/node/1074538",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1074538 (QRadar SIEM)",
"name": "https://www.ibm.com/support/pages/node/1074538"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160014",
"name": "ibm-qradar-cve20194262-ssrf (160014)"
}
]
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
},
"product_name": "QRadar SIEM"
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4262",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-09-24T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"PR" : "N",
"I" : "L",
"AC" : "L",
"S" : "U",
"SCORE" : "5.300",
"C" : "N",
"A" : "N",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
}
}
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4262",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-09-24T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"PR": "N",
"I": "L",
"AC": "L",
"S": "U",
"SCORE": "5.300",
"C": "N",
"A": "N",
"UI": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
}
}

440
2019/4xxx/CVE-2019-4378.json
View File

@ -1,222 +1,222 @@
{
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"SCORE" : "5.300",
"C" : "N",
"A" : "H",
"AC" : "H",
"S" : "U",
"UI" : "N",
"AV" : "N",
"I" : "N",
"PR" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-09-17T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4378"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://supportcontent.ibm.com/support/pages/node/886885",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 886885 (MQ)",
"name" : "https://supportcontent.ibm.com/support/pages/node/886885"
},
{
"name" : "ibm-mq-cve20194378-dos (162084)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "MQ",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.0.6"
},
{
"version_value" : "8.0.0.7"
},
{
"version_value" : "9.0.0.2"
},
{
"version_value" : "7.5.0.1"
},
{
"version_value" : "7.5.0.2"
},
{
"version_value" : "7.5.0.3"
},
{
"version_value" : "7.5.0.4"
},
{
"version_value" : "7.5.0.5"
},
{
"version_value" : "7.5.0.6"
},
{
"version_value" : "7.5.0.7"
},
{
"version_value" : "7.5.0.8"
},
{
"version_value" : "8.0.0.8"
},
{
"version_value" : "7.1.0.1"
},
{
"version_value" : "7.1.0.2"
},
{
"version_value" : "7.1.0.3"
},
{
"version_value" : "7.1.0.4"
},
{
"version_value" : "7.1.0.5"
},
{
"version_value" : "7.1.0.6"
},
{
"version_value" : "7.1.0.7"
},
{
"version_value" : "8.0.0.9"
},
{
"version_value" : "9.0.0.3"
},
{
"version_value" : "8.0.0.0"
},
{
"version_value" : "8.0.0.10"
},
{
"version_value" : "9.0.0.0"
},
{
"version_value" : "9.0.0.4"
},
{
"version_value" : "9.0.0.5"
},
{
"version_value" : "9.1.0.0"
},
{
"version_value" : "9.1.0.1"
},
{
"version_value" : "9.1.1"
},
{
"version_value" : "9.1.0.2"
},
{
"version_value" : "9.1.2"
},
{
"version_value" : "8.0.0.11"
},
{
"version_value" : "9.0.0.6"
},
{
"version_value" : "7.1.0.0"
},
{
"version_value" : "7.1.0.8"
},
{
"version_value" : "7.1.0.9"
},
{
"version_value" : "7.5.0.0"
},
{
"version_value" : "7.5.0.9"
},
{
"version_value" : "8.0.0.12"
}
]
}
}
]
}
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"SCORE": "5.300",
"C": "N",
"A": "H",
"AC": "H",
"S": "U",
"UI": "N",
"AV": "N",
"I": "N",
"PR": "L"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.",
"lang" : "eng"
}
]
},
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-09-17T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2019-4378"
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://supportcontent.ibm.com/support/pages/node/886885",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 886885 (MQ)",
"name": "https://supportcontent.ibm.com/support/pages/node/886885"
},
{
"name": "ibm-mq-cve20194378-dos (162084)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.5.0.6"
},
{
"version_value": "7.5.0.7"
},
{
"version_value": "7.5.0.8"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "7.1.0.1"
},
{
"version_value": "7.1.0.2"
},
{
"version_value": "7.1.0.3"
},
{
"version_value": "7.1.0.4"
},
{
"version_value": "7.1.0.5"
},
{
"version_value": "7.1.0.6"
},
{
"version_value": "7.1.0.7"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
},
{
"version_value": "9.1.2"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "9.0.0.6"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.0.8"
},
{
"version_value": "7.1.0.9"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.9"
},
{
"version_value": "8.0.0.12"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.",
"lang": "eng"
}
]
},
"data_type": "CVE"
}

7
2019/6xxx/CVE-2019-6161.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
"value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
}
]
},
@ -56,8 +56,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-26957"
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-26957",
"name": "https://support.lenovo.com/solutions/LEN-26957"
}
]
},

5
2019/6xxx/CVE-2019-6175.json
View File

@ -64,8 +64,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-28093"
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-28093",
"name": "https://support.lenovo.com/solutions/LEN-28093"
}
]
},