admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #99 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-01-29 10:02:12 -05:00 committed by GitHub
commit 631eb25880
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
463 changed files with 11222 additions and 755 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2016/10xxx/CVE-2016-10740.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/CWD-5060",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CWD-5060"
}
]
}
}

5
2016/4xxx/CVE-2016-4570.json
View File

@ -62,6 +62,11 @@
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/11/14"
},
{
"name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1334648",
"refsource" : "CONFIRM",

5
2016/4xxx/CVE-2016-4571.json
View File

@ -62,6 +62,11 @@
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/11/14"
},
{
"name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1334648",
"refsource" : "CONFIRM",

72
2017/18xxx/CVE-2017-18359.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for \"SELECT ST_AsX3D('LINESTRING EMPTY');\" because empty geometries are mishandled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://trac.osgeo.org/postgis/changeset/15444",
"refsource" : "MISC",
"url" : "https://trac.osgeo.org/postgis/changeset/15444"
},
{
"name" : "https://trac.osgeo.org/postgis/changeset/15445",
"refsource" : "MISC",
"url" : "https://trac.osgeo.org/postgis/changeset/15445"
},
{
"name" : "https://trac.osgeo.org/postgis/ticket/3704",
"refsource" : "MISC",
"url" : "https://trac.osgeo.org/postgis/ticket/3704"
}
]
}
}

12
2017/6xxx/CVE-2017-6922.json
View File

@ -20,14 +20,14 @@
{
"affected" : "<",
"platform" : "",
"version_name" : "8.x",
"version_value" : "8.3.4"
"version_name" : "Drupal 8 ",
"version_value" : "8.3.3"
},
{
"affected" : "<",
"platform" : "",
"version_name" : "7.x",
"version_value" : "7.56"
"version_name" : "Drupal 7 ",
"version_value" : "7.55"
}
]
}
@ -75,7 +75,7 @@
"description" : [
{
"lang" : "eng",
"value" : "Access bypass"
"value" : "Access Bypass"
}
]
}
@ -107,7 +107,7 @@
},
"solution" : [],
"source" : {
"advisory" : "",
"advisory" : "SA-CORE-2017-003",
"defect" : [],
"discovery" : "UNKNOWN"
},

5
2018/0xxx/CVE-2018-0187.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure"
},
{
"name" : "106717",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106717"
}
]
},

65
2018/10xxx/CVE-2018-10910.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-10910",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "bluez",
"version" : {
"version_data" : [
{
"version_value" : "before 5.51"
}
]
}
}
]
},
"vendor_name" : "The Bluez Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.5/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-863"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910"
},
{
"name" : "USN-3856-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3856-1/"
}
]
}

56
2018/12xxx/CVE-2018-12237.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "secure@symantec.com",
"DATE_PUBLIC" : "2019-01-10T00:00:00",
"ID" : "CVE-2018-12237",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Symantec Reporter",
"version" : {
"version_data" : [
{
"version_value" : "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
}
]
},
"vendor_name" : "Symantec Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS command injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.symantec.com/en_US/article.SYMSA1465.html",
"refsource" : "CONFIRM",
"url" : "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name" : "106518",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106518"
}
]
}

5
2018/15xxx/CVE-2018-15455.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss"
},
{
"name" : "106708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106708"
}
]
},

5
2018/15xxx/CVE-2018-15459.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Identity Services Engine Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege"
},
{
"name" : "106707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106707"
}
]
},

5
2018/15xxx/CVE-2018-15518.json
View File

@ -67,6 +67,11 @@
"refsource" : "CONFIRM",
"url" : "https://codereview.qt-project.org/#/c/236691/"
},
{
"name" : "DSA-4374",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4374"
},
{
"name" : "openSUSE-SU-2018:4261",
"refsource" : "SUSE",

51
2018/16xxx/CVE-2018-16098.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@lenovo.com",
"DATE_PUBLIC" : "2019-01-10T00:00:00",
"ID" : "CVE-2018-16098",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Various ThinkPad products",
"version" : {
"version_data" : [
{
"version_value" : "Various"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24573",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24573"
}
]
}

60
2018/16xxx/CVE-2018-16881.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-16881",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "rsyslog:",
"version" : {
"version_data" : [
{
"version_value" : "8.27.0"
}
]
}
}
]
},
"vendor_name" : "The rsyslog Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881"
}
]
}

65
2018/16xxx/CVE-2018-16889.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-16889",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ceph",
"version" : {
"version_data" : [
{
"version_value" : "up to v13.2.4"
}
]
}
}
]
},
"vendor_name" : "The Ceph Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-532"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889"
},
{
"name" : "106528",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106528"
}
]
}

15
2018/17xxx/CVE-2018-17466.json
View File

@ -103,11 +103,26 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"name" : "RHSA-2019:0159",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"name" : "RHSA-2019:0160",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0160"
},
{
"name" : "USN-3844-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3844-1/"
},
{
"name" : "USN-3868-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3868-1/"
},
{
"name" : "105666",
"refsource" : "BID",

56
2018/18xxx/CVE-2018-18363.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "secure@symantec.com",
"DATE_PUBLIC" : "2019-01-09T00:00:00",
"ID" : "CVE-2018-18363",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Norton App Lock",
"version" : {
"version_data" : [
{
"version_value" : "Prior to 1.4.0.445"
}
]
}
}
]
},
"vendor_name" : "Symantec Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "App lock bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.symantec.com/en_US/article.SYMSA1473.html",
"refsource" : "CONFIRM",
"url" : "https://support.symantec.com/en_US/article.SYMSA1473.html"
},
{
"name" : "106450",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106450"
}
]
}

56
2018/18xxx/CVE-2018-18981.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-12-20T00:00:00",
"ID" : "CVE-2018-18981",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rockwell Automation FactoryTalk Services Platform 2.90 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Rockwell Automation FactoryTalk Services Platform 2.90 and earlier."
}
]
}
}
]
},
"vendor_name" : "Rockwell"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02"
},
{
"name" : "106279",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106279"
}
]
}

56
2018/19xxx/CVE-2018-19009.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-10T00:00:00",
"ID" : "CVE-2018-19009",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pilz PNOZmulti Configurator",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version 10.9"
}
]
}
}
]
},
"vendor_name" : "Pilz"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03"
},
{
"name" : "106529",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106529"
}
]
}

56
2018/19xxx/CVE-2018-19010.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-22T00:00:00",
"ID" : "CVE-2018-19010",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Dr&#195;&#164;ger Infinity Delta",
"version" : {
"version_data" : [
{
"version_value" : "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
},
{
"name" : "106683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106683"
}
]
}

56
2018/19xxx/CVE-2018-19012.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-01-22T00:00:00",
"ID" : "CVE-2018-19012",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Dr&#195;&#164;ger Infinity Delta",
"version" : {
"version_data" : [
{
"version_value" : "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
},
{
"name" : "106683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106683"
}
]
}

56
2018/19xxx/CVE-2018-19014.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-22T00:00:00",
"ID" : "CVE-2018-19014",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Dr&#195;&#164;ger Infinity Delta",
"version" : {
"version_data" : [
{
"version_value" : "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
},
{
"name" : "106683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106683"
}
]
}

56
2018/19xxx/CVE-2018-19015.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-17T00:00:00",
"ID" : "CVE-2018-19015",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CX-Supervisor",
"version" : {
"version_data" : [
{
"version_value" : "Versions 3.42 and prior"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01"
},
{
"name" : "106654",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106654"
}
]
}

56
2018/19xxx/CVE-2018-19021.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-10T00:00:00",
"ID" : "CVE-2018-19021",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emerson DeltaV",
"version" : {
"version_data" : [
{
"version_value" : "DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior."
}
]
}
}
]
},
"vendor_name" : "Emerson"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass CWE-307"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
},
{
"name" : "106522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106522"
}
]
}

56
2018/19xxx/CVE-2018-19023.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-03T00:00:00",
"ID" : "CVE-2018-19023",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hetronic Nova-M",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version r161"
}
]
}
}
]
},
"vendor_name" : "Hetronic"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Hetronic Nova-M radio control systems prior to version r161 use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03"
},
{
"name" : "106448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106448"
}
]
}

50
2018/19xxx/CVE-2018-19721.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19721",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html"
}
]
}

50
2018/19xxx/CVE-2018-19723.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19723",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html"
}
]
}

55
2018/19xxx/CVE-2018-19724.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19724",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Experience Manager Forms",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored Cross-site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/aem-forms/apsb19-03.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/aem-forms/apsb19-03.html"
},
{
"name" : "106677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106677"
}
]
}

55
2018/19xxx/CVE-2018-19726.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19726",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Experience Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored Cross-site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb19-09.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb19-09.html"
},
{
"name" : "106679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106679"
}
]
}

55
2018/19xxx/CVE-2018-19727.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19727",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Experience Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reflected Cross-site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb19-09.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb19-09.html"
},
{
"name" : "106678",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106678"
}
]
}

50
2018/19xxx/CVE-2018-19728.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19728",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}

5
2018/19xxx/CVE-2018-19788.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name" : "https://bugs.debian.org/915332",
"refsource" : "MISC",

5
2018/19xxx/CVE-2018-19870.json
View File

@ -66,6 +66,11 @@
"name" : "https://codereview.qt-project.org/#/c/235998/",
"refsource" : "CONFIRM",
"url" : "https://codereview.qt-project.org/#/c/235998/"
},
{
"name" : "DSA-4374",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4374"
}
]
}

5
2018/19xxx/CVE-2018-19873.json
View File

@ -67,6 +67,11 @@
"refsource" : "CONFIRM",
"url" : "https://codereview.qt-project.org/#/c/238749/"
},
{
"name" : "DSA-4374",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4374"
},
{
"name" : "openSUSE-SU-2018:4261",
"refsource" : "SUSE",

5
2018/1xxx/CVE-2018-1751.json
View File

@ -81,6 +81,11 @@
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10791829"
},
{
"name" : "106734",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106734"
},
{
"name" : "ibm-tivoli-cve20181751-info-disc(148512)",
"refsource" : "XF",

81
2018/1xxx/CVE-2018-1959.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-22T00:00:00",
"ID" : "CVE-2018-1959",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "7.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,58 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name" : "106726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106726"
},
{
"name" : "ibm-sim-cve20181959-info-disc(153633)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153633"
}
]
}

5
2018/20xxx/CVE-2018-20004.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html"
},
{
"name" : "https://github.com/fouzhe/security/tree/master/mxml#stack-buffer-overflow-in-function-mxml_write_node",
"refsource" : "MISC",

5
2018/20xxx/CVE-2018-20217.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763",
"refsource" : "CONFIRM",

77
2018/20xxx/CVE-2018-20743.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/919249",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/919249"
},
{
"name" : "https://github.com/mumble-voip/mumble/issues/3505",
"refsource" : "MISC",
"url" : "https://github.com/mumble-voip/mumble/issues/3505"
},
{
"name" : "https://github.com/mumble-voip/mumble/pull/3510",
"refsource" : "MISC",
"url" : "https://github.com/mumble-voip/mumble/pull/3510"
},
{
"name" : "https://github.com/mumble-voip/mumble/pull/3512",
"refsource" : "MISC",
"url" : "https://github.com/mumble-voip/mumble/pull/3512"
}
]
}
}

67
2018/20xxx/CVE-2018-20744.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rs/cors/issues/55",
"refsource" : "MISC",
"url" : "https://github.com/rs/cors/issues/55"
},
{
"name" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf",
"refsource" : "MISC",
"url" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
]
}
}

67
2018/20xxx/CVE-2018-20745.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/yiisoft/yii2/issues/16193",
"refsource" : "MISC",
"url" : "https://github.com/yiisoft/yii2/issues/16193"
},
{
"name" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf",
"refsource" : "MISC",
"url" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
]
}
}

5
2018/2xxx/CVE-2018-2026.json
View File

@ -83,6 +83,11 @@
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10795544"
},
{
"name" : "106733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106733"
},
{
"name" : "ibm-ftm-cve20182026-info-disc(155552)",
"refsource" : "XF",

51
2018/5xxx/CVE-2018-5497.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security-alert@netapp.com",
"DATE_PUBLIC" : "2019-01-09T00:00:00",
"ID" : "CVE-2018-5497",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Clustered Data ONTAP",
"version" : {
"version_data" : [
{
"version_value" : "Versions prior to 9.1P16, 9.3P10 and 9.4P5"
}
]
}
}
]
},
"vendor_name" : "NetApp"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security.netapp.com/advisory/ntap-20190109-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190109-0001/"
}
]
}

5
2018/5xxx/CVE-2018-5729.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869",
"refsource" : "CONFIRM",

5
2018/5xxx/CVE-2018-5730.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869",
"refsource" : "CONFIRM",

5
2018/6xxx/CVE-2018-6892.json
View File

@ -67,6 +67,11 @@
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45197/"
},
{
"name" : "46250",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46250/"
},
{
"name" : "https://blogs.securiteam.com/index.php/archives/3669",
"refsource" : "MISC",

9
2018/7xxx/CVE-2018-7603.json
View File

@ -34,7 +34,12 @@
}
},
"configuration" : [],
"credit" : [],
"credit" : [
{
"lang" : "eng",
"value" : "Reported By: Simon Kapadia Fixed By: Dominique CLAUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
@ -69,7 +74,7 @@
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting"
"value" : "A vulnerability in search auto complete a 3rd party Druapl contributed module. Search Autocomplete allows an attacker to execute javascript code to causing xss. Affected releases are Drupal 3rd party module - Search Autocomplete: versions prior to 7.x-4.8."
}
]
}

5
2019/1xxx/CVE-2019-1636.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams"
},
{
"name" : "106718",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106718"
}
]
},

5
2019/1xxx/CVE-2019-1637.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"name" : "106704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106704"
}
]
},

5
2019/1xxx/CVE-2019-1638.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"name" : "106704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106704"
}
]
},

5
2019/1xxx/CVE-2019-1639.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"name" : "106704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106704"
}
]
},

5
2019/1xxx/CVE-2019-1640.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"name" : "106704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106704"
}
]
},

5
2019/1xxx/CVE-2019-1641.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"name" : "106704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106704"
}
]
},

10
2019/1xxx/CVE-2019-1642.json
View File

@ -67,10 +67,20 @@
},
"references" : {
"reference_data" : [
{
"name" : "46263",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46263/"
},
{
"name" : "20190123 Cisco Firepower Management Center Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss"
},
{
"name" : "106714",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106714"
}
]
},

5
2019/1xxx/CVE-2019-1643.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Prime Infrastructure Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cpi-xss"
},
{
"name" : "106702",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106702"
}
]
},

5
2019/1xxx/CVE-2019-1644.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos"
},
{
"name" : "106709",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106709"
}
]
},

5
2019/1xxx/CVE-2019-1645.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco Connected Mobile Experiences Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl"
},
{
"name" : "106701",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106701"
}
]
},

5
2019/1xxx/CVE-2019-1646.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal"
},
{
"name" : "106723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106723"
}
]
},

5
2019/1xxx/CVE-2019-1647.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco SD-WAN Solution Unauthorized Access Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess"
},
{
"name" : "106705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106705"
}
]
},

5
2019/1xxx/CVE-2019-1648.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco SD-WAN Solution Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal"
},
{
"name" : "106719",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106719"
}
]
},

5
2019/1xxx/CVE-2019-1650.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write"
},
{
"name" : "106716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106716"
}
]
},

5
2019/1xxx/CVE-2019-1651.json
View File

@ -71,6 +71,11 @@
"name" : "20190123 Cisco SD-WAN Solution Buffer Overflow Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo"
},
{
"name" : "106703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106703"
}
]
},

176
2019/1xxx/CVE-2019-1652.json
View File

@ -1,86 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1652",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1652",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Small Business RV Series Router Firmware ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.2",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-rv-inject",
"defect": [
[
"CSCvm78058"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46243",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46243/"
},
{
"name" : "20190123 Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject"
},
{
"name" : "106728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106728"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-rv-inject",
"defect" : [
[
"CSCvm78058"
]
],
"discovery" : "INTERNAL"
}
}

176
2019/1xxx/CVE-2019-1653.json
View File

@ -1,86 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1653",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1653",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Small Business RV Series Router Firmware ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.5",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-rv-info",
"defect": [
[
"CSCvg85922"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46262",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46262/"
},
{
"name" : "20190123 Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info"
},
{
"name" : "106732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106732"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-rv-info",
"defect" : [
[
"CSCvg85922"
]
],
"discovery" : "INTERNAL"
}
}

171
2019/1xxx/CVE-2019-1655.json
View File

@ -1,86 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1655",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Meetings Server Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Meetings Server ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1655",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Webex Meetings Server Cross-Site Scripting Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco WebEx Meetings Server ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.1",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Webex Meetings Server Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-meetings-xss",
"defect": [
[
"CSCvn10993"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco Webex Meetings Server Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss"
},
{
"name" : "106710",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106710"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-meetings-xss",
"defect" : [
[
"CSCvn10993"
]
],
"discovery" : "INTERNAL"
}
}

171
2019/1xxx/CVE-2019-1656.json
View File

@ -1,86 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1656",
"STATE": "PUBLIC",
"TITLE": "Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise NFV Infrastructure Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1656",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Enterprise NFV Infrastructure Software ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "5.3",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-nfvis-shell-access",
"defect": [
[
"CSCvm80829"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access"
},
{
"name" : "106715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106715"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-nfvis-shell-access",
"defect" : [
[
"CSCvm80829"
]
],
"discovery" : "INTERNAL"
}
}

171
2019/1xxx/CVE-2019-1657.json
View File

@ -1,86 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1657",
"STATE": "PUBLIC",
"TITLE": "Cisco AMP Threat Grid API Key Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AMP Threat Grid Appliance Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1657",
"STATE" : "PUBLIC",
"TITLE" : "Cisco AMP Threat Grid API Key Information Disclosure Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AMP Threat Grid Appliance Software ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.3",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-threat-grid",
"defect": [
[
"NA"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid"
},
{
"name" : "106711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106711"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-threat-grid",
"defect" : [
[
"NA"
]
],
"discovery" : "INTERNAL"
}
}

171
2019/1xxx/CVE-2019-1658.json
View File

@ -1,86 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1658",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Intelligence Center ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1658",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Unified Intelligence Center ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.7",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-uic-csrf",
"defect": [
[
"CSCvn41579"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf"
},
{
"name" : "106713",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106713"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-uic-csrf",
"defect" : [
[
"CSCvn41579"
]
],
"discovery" : "INTERNAL"
}
}

175
2019/1xxx/CVE-2019-1668.json
View File

@ -1,88 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1668",
"STATE": "PUBLIC",
"TITLE": "Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco SocialMiner ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1668",
"STATE" : "PUBLIC",
"TITLE" : "Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco SocialMiner ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.1",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-miner-chat-xss",
"defect": [
[
"CSCvi52835",
"CSCvn50066",
"CSCvn59276"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
},
{
"name" : "106720",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106720"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-miner-chat-xss",
"defect" : [
[
"CSCvi52835",
"CSCvn50066",
"CSCvn59276"
]
],
"discovery" : "INTERNAL"
}
}

171
2019/1xxx/CVE-2019-1669.json
View File

@ -1,86 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T14:00:00-0800",
"ID": "CVE-2019-1669",
"STATE": "PUBLIC",
"TITLE": "Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Threat Defense Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T14:00:00-0800",
"ID" : "CVE-2019-1669",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Firepower Threat Defense Software ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.6",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-firepowertds-bypass",
"defect": [
[
"CSCvo02577"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass"
},
{
"name" : "106721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106721"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-firepowertds-bypass",
"defect" : [
[
"CSCvo02577"
]
],
"discovery" : "INTERNAL"
}
}

76
2019/3xxx/CVE-2019-3462.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@debian.org",
"DATE_PUBLIC" : "2019-01-22T00:00:00",
"ID" : "CVE-2019-3462",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "apt as used in Debian Stretch and Ubuntu",
"version" : {
"version_data" : [
{
"version_value" : "1.4.8 and earlier"
}
]
}
}
]
},
"vendor_name" : "Debian GNU/Linux"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution in apt"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html"
},
{
"name" : "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20190125-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190125-0002/"
},
{
"name" : "DSA-4371",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4371"
},
{
"name" : "USN-3863-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3863-2/"
},
{
"name" : "106690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106690"
}
]
}

84
2019/3xxx/CVE-2019-3593.json
View File

@ -1,9 +1,40 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"AKA" : "",
"ASSIGNER" : "psirt@mcafee.com",
"DATE_PUBLIC" : "",
"ID" : "CVE-2019-3593",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "Exploitation of Privilege/Trust vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Total Protection (MTP)",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "",
"version_name" : "",
"version_value" : "16.0.R18"
}
]
}
}
]
},
"vendor_name" : "Mcafee, LLC"
}
]
}
},
"configuration" : [],
"credit" : [],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
@ -11,8 +42,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware."
}
]
}
},
"exploit" : [],
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Exploitation of Privilege/Trust vulnerability\n"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.mcafee.com/FAQDocument.aspx?&id=TS102888",
"refsource" : "CONFIRM",
"url" : "http://service.mcafee.com/FAQDocument.aspx?&id=TS102888"
}
]
},
"solution" : [],
"source" : {
"advisory" : "",
"defect" : [],
"discovery" : "EXTERNAL"
},
"work_around" : []
}

65
2019/3xxx/CVE-2019-3815.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2019-3815",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "systemd",
"version" : {
"version_data" : [
{
"version_value" : "v219-62.2 and newer"
}
]
}
}
]
},
"vendor_name" : "The systemd Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815"
},
{
"name" : "106632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106632"
}
]
}

65
2019/3xxx/CVE-2019-3819.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2019-3819",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "kernel:",
"version" : {
"version_data" : [
{
"version_value" : "from v4.18 and newer"
}
]
}
}
]
},
"vendor_name" : "The Linux Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.2/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-835"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819"
},
{
"name" : "106730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106730"
}
]
}

5
2019/5xxx/CVE-2019-5716.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1645-1] wireshark security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217",
"refsource" : "MISC",

5
2019/5xxx/CVE-2019-5717.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1645-1] wireshark security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337",
"refsource" : "MISC",

5
2019/5xxx/CVE-2019-5719.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1645-1] wireshark security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374",
"refsource" : "MISC",

5
2019/6xxx/CVE-2019-6133.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692",
"refsource" : "MISC",

5
2019/6xxx/CVE-2019-6338.json
View File

@ -98,6 +98,11 @@
"name" : "DSA-4370",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4370"
},
{
"name" : "106706",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106706"
}
]
},

5
2019/6xxx/CVE-2019-6486.json
View File

@ -66,6 +66,11 @@
"name" : "https://groups.google.com/forum/#!topic/golang-announce/mVeX35iXuSw",
"refsource" : "CONFIRM",
"url" : "https://groups.google.com/forum/#!topic/golang-announce/mVeX35iXuSw"
},
{
"name" : "106740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106740"
}
]
}

48
2019/6xxx/CVE-2019-6703.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6703",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/",
"refsource" : "MISC",
"url" : "https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/"
}
]
}

5
2019/6xxx/CVE-2019-6706.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "46246",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46246/"
},
{
"name" : "http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html",
"refsource" : "MISC",

18
2019/6xxx/CVE-2019-6778.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6778",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2019/6xxx/CVE-2019-6779.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/chshcms/cscms/issues/3",
"refsource" : "MISC",
"url" : "https://github.com/chshcms/cscms/issues/3"
}
]
}
}

72
2019/6xxx/CVE-2019-6780.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46247",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46247/"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php",
"refsource" : "MISC",
"url" : "https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php"
},
{
"name" : "https://wordpress.org/plugins/wise-chat/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/wise-chat/#developers"
}
]
}
}

18
2019/6xxx/CVE-2019-6781.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6781",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6782.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6782",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6783.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6783",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6784.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6784",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6785.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6785",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6786.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6786",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6787.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6787",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6788.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6788",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6789.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6789",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6790.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6790",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6791.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6791",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6792.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6792",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6793.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6793",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6794.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6794",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6795.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6795",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6796.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6796",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

Some files were not shown because too many files have changed in this diff Show More