admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-27 21:01:05 +00:00
parent b27e49388b
commit 6794ebef38
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 195 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
2019/11xxx/CVE-2019-11927.json
View File

@ -9,6 +9,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
@ -16,12 +17,7 @@
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "2.19.243"
},
{
"version_affected": "<",
"version_value": "2.19.243"
"version_value": "before version 2.19.143"
}
]
}
@ -31,19 +27,13 @@
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "2.19.100"
},
{
"version_affected": "<",
"version_value": "2.19.100"
"version_value": "before version 2.19.100"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
}
]
}
@ -80,4 +70,4 @@
}
]
}
}
}

15
2019/15xxx/CVE-2019-15098.json
View File

@ -71,6 +71,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2181",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
}
]
}

15
2019/15xxx/CVE-2019-15290.json
View File

@ -81,6 +81,21 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2181",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
}
]
}

72
2019/16xxx/CVE-2019-16928.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html",
"refsource": "MISC",
"name": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"
},
{
"url": "https://bugs.exim.org/show_bug.cgi?id=2449",
"refsource": "MISC",
"name": "https://bugs.exim.org/show_bug.cgi?id=2449"
},
{
"url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f",
"refsource": "MISC",
"name": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"
}
]
}
}

44
2019/3xxx/CVE-2019-3736.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-08",
"ID": "CVE-2019-3736",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-08",
"ID": "CVE-2019-3736",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.3"
"version_value": "prior to 2.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-257: Storing Passwords in a Recoverable Format"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"refsource": "CONFIRM",
"name": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities",
"url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"
}
]

44
2019/3xxx/CVE-2019-3746.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-08",
"ID": "CVE-2019-3746",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-08",
"ID": "CVE-2019-3746",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.3"
"version_value": "prior to 2.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"refsource": "CONFIRM",
"name": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities",
"url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"
}
]

44
2019/3xxx/CVE-2019-3747.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-08",
"ID": "CVE-2019-3747",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-08",
"ID": "CVE-2019-3747",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.3"
"version_value": "prior to 2.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.4,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 8.4,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"refsource": "CONFIRM",
"name": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities",
"url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"
}
]

44
2019/3xxx/CVE-2019-3766.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-09-24",
"ID": "CVE-2019-3766",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-09-24",
"ID": "CVE-2019-3766",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Storage",
"product_name": "Elastic Cloud Storage",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.4"
"version_value": "prior to 3.4.0.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"refsource": "CONFIRM",
"name": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio",
"url": "https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio"
}
]