admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-29 19:01:09 +00:00
parent f02e101d8b
commit 6d81adf673
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 2417 additions and 1178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2009/3xxx/CVE-2009-3723.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3723", "ID": "CVE-2009-3723",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "asterisk",
"product": {
"product_data": [
{
"product_name": "asterisk",
"version": {
"version_data": [
{
"version_value": "All 1.6.1 versions"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "asterisk allows calls on prohibited networks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "calls allowed on prohibited networks in asterisk"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"url": "https://access.redhat.com/security/cve/cve-2009-3723",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"refsource": "MISC",
"name": "http://downloads.asterisk.org/pub/security/AST-2009-007.html",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
} }
] ]
} }

70
2009/3xxx/CVE-2009-3887.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3887", "ID": "CVE-2009-3887",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ytnef",
"product": {
"product_data": [
{
"product_name": "ytnef",
"version": {
"version_data": [
{
"version_value": "through 2009-09-07 (Fixed In Version: 2.8)"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "ytnef has directory traversal"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3887",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3887"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3887",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3887"
},
{
"url": "https://access.redhat.com/security/cve/cve-2009-3887",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2009-3887"
},
{
"refsource": "MISC",
"name": "http://ocert.org/advisories/ocert-2009-013.html",
"url": "http://ocert.org/advisories/ocert-2009-013.html"
},
{
"refsource": "MISC",
"name": "https://www.akitasecurity.nl/advisory.php?id=AK20090601",
"url": "https://www.akitasecurity.nl/advisory.php?id=AK20090601"
} }
] ]
} }

58
2010/3xxx/CVE-2010-3373.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3373", "ID": "CVE-2010-3373",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "paxtest handles temporary files insecurely"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3373",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3373"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598413",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598413"
},
{
"refsource": "MISC",
"name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3373.html",
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3373.html"
} }
] ]
} }

58
2010/3xxx/CVE-2010-3375.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3375", "ID": "CVE-2010-3375",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "qtparted has insecure library loading which may allow arbitrary code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3375",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3375"
},
{
"refsource": "DEBIAN",
"name": "Debian",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598301"
},
{
"refsource": "MISC",
"name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html",
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html"
} }
] ]
} }

50
2011/2xxx/CVE-2011-2538.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2538", "ID": "CVE-2011-2538",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Video Communications Server (VCS)",
"version": {
"version_data": [
{
"version_value": "X7.0.3"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf",
"url": "https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf"
} }
] ]
} }

60
2011/4xxx/CVE-2011-4931.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4931", "ID": "CVE-2011-4931",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpw",
"version": {
"version_data": [
{
"version_value": "0.0.19940601-8.1"
}
]
}
}
]
},
"vendor_name": "gpw"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "gpw generates shorter passwords than required"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4931",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4931"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-4931",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-4931"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/01/17/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/17/13"
} }
] ]
} }

60
2012/0xxx/CVE-2012-0046.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0046", "ID": "CVE-2012-0046",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mediawiki",
"product": {
"product_data": [
{
"product_name": "mediawiki",
"version": {
"version_data": [
{
"version_value": "1.16"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "mediawiki allows deleted text to be exposed"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "info leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0046",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-0046",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-0046"
} }
] ]
} }

65
2012/1xxx/CVE-2012-1187.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1187", "ID": "CVE-2012-1187",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bitlbee",
"product": {
"product_data": [
{
"product_name": "Bitlbee",
"version": {
"version_data": [
{
"version_value": "3.0.4"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Bitlbee does not drop extra group privileges correctly in unix.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "does not drop extra group privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1187",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-1187",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-1187"
},
{
"refsource": "MISC",
"name": "https://bugs.bitlbee.org/ticket/852",
"url": "https://bugs.bitlbee.org/ticket/852"
} }
] ]
} }

53
2012/2xxx/CVE-2012-2945.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2945", "ID": "CVE-2012-2945",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Hadoop 1.0.3 contains a symlink vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2945",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2945"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2012/Jul/3",
"url": "https://seclists.org/fulldisclosure/2012/Jul/3"
} }
] ]
} }

14
2017/5xxx/CVE-2017-5678.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5678",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-5678",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-13069. Reason: This candidate is a reservation duplicate of CVE-2017-13069. Notes: All CVE users should reference CVE-2017-13069 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }

5
2017/9xxx/CVE-2017-9418.json
View File

@ -61,11 +61,6 @@
"name": "42166", "name": "42166",
"refsource": "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42166/" "url": "https://www.exploit-db.com/exploits/42166/"
},
{
"name": "http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/",
"refsource": "MISC",
"url": "http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/"
} }
] ]
} }

5
2017/9xxx/CVE-2017-9419.json
View File

@ -56,11 +56,6 @@
"name": "https://wpvulndb.com/vulnerabilities/8848", "name": "https://wpvulndb.com/vulnerabilities/8848",
"refsource": "MISC", "refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8848" "url": "https://wpvulndb.com/vulnerabilities/8848"
},
{
"name": "http://dtsa.eu/cve-2017-9419-wordpress-wp-custom-fields-search-v-0-3-28-reflected-cross-site-scripting-xss/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9419-wordpress-wp-custom-fields-search-v-0-3-28-reflected-cross-site-scripting-xss/"
} }
] ]
} }

5
2017/9xxx/CVE-2017-9420.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC", "refsource": "MISC",
"url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/" "url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/"
}, },
{
"name": "http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/"
},
{ {
"name": "https://wpvulndb.com/vulnerabilities/8842", "name": "https://wpvulndb.com/vulnerabilities/8842",
"refsource": "MISC", "refsource": "MISC",

5
2017/9xxx/CVE-2017-9429.json
View File

@ -52,11 +52,6 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"name": "http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-injection-sqli/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-injection-sqli/"
},
{ {
"name": "42173", "name": "42173",
"refsource": "EXPLOIT-DB", "refsource": "EXPLOIT-DB",

5
2017/9xxx/CVE-2017-9603.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC", "refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-jobs/#developers" "url": "https://wordpress.org/plugins/wp-jobs/#developers"
}, },
{
"name": "http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/"
},
{ {
"name": "42172", "name": "42172",
"refsource": "EXPLOIT-DB", "refsource": "EXPLOIT-DB",

58
2019/0xxx/CVE-2019-0205.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0205",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0205",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Apache Thrift",
"version": {
"version_data": [
{
"version_value": "all versions up to and including 0.12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential DoS when processing untrusted Thrift payloads"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E",
"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings."
} }
] ]
} }

58
2019/0xxx/CVE-2019-0210.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0210",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0210",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Apache Thrift",
"version": {
"version_data": [
{
"version_value": "0.9.3 to 0.12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E",
"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data."
} }
] ]
} }

7
2019/10xxx/CVE-2019-10208.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10208", "ID": "CVE-2019-10208",
"ASSIGNER": "mrehak@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -61,6 +62,8 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/" "url": "https://www.postgresql.org/about/news/1960/"
} }
] ]
@ -83,4 +86,4 @@
] ]
] ]
} }
} }

7
2019/10xxx/CVE-2019-10209.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10209", "ID": "CVE-2019-10209",
"ASSIGNER": "mrehak@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -57,6 +58,8 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/" "url": "https://www.postgresql.org/about/news/1960/"
} }
] ]
@ -79,4 +82,4 @@
] ]
] ]
} }
} }

7
2019/10xxx/CVE-2019-10210.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10210", "ID": "CVE-2019-10210",
"ASSIGNER": "mrehak@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -61,6 +62,8 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/" "url": "https://www.postgresql.org/about/news/1960/"
} }
] ]
@ -83,4 +86,4 @@
] ]
] ]
} }
} }

9
2019/10xxx/CVE-2019-10211.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10211", "ID": "CVE-2019-10211",
"ASSIGNER": "mrehak@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -61,6 +62,8 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/" "url": "https://www.postgresql.org/about/news/1960/"
} }
] ]
@ -69,7 +72,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory." "value": "Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory."
} }
] ]
}, },
@ -83,4 +86,4 @@
] ]
] ]
} }
} }

60
2019/10xxx/CVE-2019-10743.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10743", "ID": "CVE-2019-10743",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "report@snyk.io",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "github.com/mholt/archiver/cmd/arc",
"version": {
"version_data": [
{
"version_value": "versions 3.0.0 and later"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Write via Archive Extraction (Zip Slip)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/research/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728,",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728,"
},
{
"refsource": "MISC",
"name": "https://github.com/mholt/archiver/pull/169,",
"url": "https://github.com/mholt/archiver/pull/169,"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip). The package is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder."
} }
] ]
} }

66
2019/10xxx/CVE-2019-10748.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10748", "ID": "CVE-2019-10748",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "report@snyk.io",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Sequelize",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.35.1"
},
{
"version_value": "All versions prior to 4.44.3"
},
{
"version_value": "All versions prior to 5.8.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221",
"url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221"
},
{
"refsource": "MISC",
"name": "https://github.com/sequelize/sequelize/commit/a72a3f5,",
"url": "https://github.com/sequelize/sequelize/commit/a72a3f5,"
},
{
"refsource": "MISC",
"name": "https://github.com/sequelize/sequelize/pull/11089,",
"url": "https://github.com/sequelize/sequelize/pull/11089,"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects."
} }
] ]
} }

20
2019/11xxx/CVE-2019-11043.json
View File

@ -106,6 +106,26 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://bugs.php.net/bug.php?id=78599", "name": "https://bugs.php.net/bug.php?id=78599",
"url": "https://bugs.php.net/bug.php?id=78599" "url": "https://bugs.php.net/bug.php?id=78599"
},
{
"refsource": "UBUNTU",
"name": "USN-4166-1",
"url": "https://usn.ubuntu.com/4166-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4552",
"url": "https://www.debian.org/security/2019/dsa-4552"
},
{
"refsource": "DEBIAN",
"name": "DSA-4553",
"url": "https://www.debian.org/security/2019/dsa-4553"
},
{
"refsource": "UBUNTU",
"name": "USN-4166-2",
"url": "https://usn.ubuntu.com/4166-2/"
} }
] ]
}, },

5
2019/13xxx/CVE-2019-13117.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4164-1", "name": "USN-4164-1",
"url": "https://usn.ubuntu.com/4164-1/" "url": "https://usn.ubuntu.com/4164-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-fdf6ec39b4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
} }
] ]
} }

5
2019/13xxx/CVE-2019-13118.json
View File

@ -221,6 +221,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4164-1", "name": "USN-4164-1",
"url": "https://usn.ubuntu.com/4164-1/" "url": "https://usn.ubuntu.com/4164-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-fdf6ec39b4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
} }
] ]
} }

5
2019/13xxx/CVE-2019-13139.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update", "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
"url": "https://seclists.org/bugtraq/2019/Sep/21" "url": "https://seclists.org/bugtraq/2019/Sep/21"
},
{
"refsource": "REDHAT",
"name": "RHBA-2019:3092",
"url": "https://access.redhat.com/errata/RHBA-2019:3092"
} }
] ]
} }

5
2019/14xxx/CVE-2019-14287.json
View File

@ -146,6 +146,11 @@
"refsource": "REDHAT", "refsource": "REDHAT",
"name": "RHSA-2019:3204", "name": "RHSA-2019:3204",
"url": "https://access.redhat.com/errata/RHSA-2019:3204" "url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3209",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
} }
] ]
} }

5
2019/15xxx/CVE-2019-15587.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://github.com/flavorjones/loofah/issues/171", "name": "https://github.com/flavorjones/loofah/issues/171",
"url": "https://github.com/flavorjones/loofah/issues/171" "url": "https://github.com/flavorjones/loofah/issues/171"
},
{
"refsource": "DEBIAN",
"name": "DSA-4554",
"url": "https://www.debian.org/security/2019/dsa-4554"
} }
] ]
}, },

5
2019/15xxx/CVE-2019-15903.json
View File

@ -156,6 +156,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-4549", "name": "DSA-4549",
"url": "https://www.debian.org/security/2019/dsa-4549" "url": "https://www.debian.org/security/2019/dsa-4549"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3210",
"url": "https://access.redhat.com/errata/RHSA-2019:3210"
} }
] ]
} }

5
2019/16xxx/CVE-2019-16391.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr", "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr" "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
} }
] ]
} }

5
2019/16xxx/CVE-2019-16392.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-4532", "name": "DSA-4532",
"url": "https://www.debian.org/security/2019/dsa-4532" "url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
} }
] ]
} }

5
2019/16xxx/CVE-2019-16393.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-4532", "name": "DSA-4532",
"url": "https://www.debian.org/security/2019/dsa-4532" "url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
} }
] ]
} }

5
2019/16xxx/CVE-2019-16394.json
View File

@ -81,6 +81,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-4532", "name": "DSA-4532",
"url": "https://www.debian.org/security/2019/dsa-4532" "url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
} }
] ]
} }

10
2019/17xxx/CVE-2019-17543.json
View File

@ -101,6 +101,16 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[arrow-issues] 20191025 [jira] [Commented] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543", "name": "[arrow-issues] 20191025 [jira] [Commented] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543",
"url": "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E" "url": "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2399",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2398",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html"
} }
] ]
} }

120
2019/18xxx/CVE-2019-18187.json
View File

@ -1,60 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2019-18187", "ID": "CVE-2019-18187",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro OfficeScan", "product_name": "Trend Micro OfficeScan",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 11.0, XG (12.0)" "version_value": "Version 11.0, XG (12.0)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication." "value": "Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Arbitrary File Upload with Directory Traversal" "value": "Arbitrary File Upload with Directory Traversal"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"url" : "https://success.trendmicro.com/solution/000151730" "url": "https://success.trendmicro.com/solution/000151730",
} "refsource": "MISC",
] "name": "https://success.trendmicro.com/solution/000151730"
} }
} ]
}
}

120
2019/18xxx/CVE-2019-18188.json
View File

@ -1,60 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2019-18188", "ID": "CVE-2019-18188",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro Apex One", "product_name": "Trend Micro Apex One",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.\r\n" "value": "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Arbitrary File Upload with Command Injection" "value": "Arbitrary File Upload with Command Injection"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"url" : "https://success.trendmicro.com/solution/000151731" "url": "https://success.trendmicro.com/solution/000151731",
} "refsource": "MISC",
] "name": "https://success.trendmicro.com/solution/000151731"
} }
} ]
}
}

120
2019/18xxx/CVE-2019-18189.json
View File

@ -1,60 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2019-18189", "ID": "CVE-2019-18189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS)", "product_name": "Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Apex One (All), OSCE (11.0, XG), WFBS (9.5, 10.0)" "version_value": "Apex One (All), OSCE (11.0, XG), WFBS (9.5, 10.0)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.\r\n" "value": "A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Root Login Bypass with Directory Traversal" "value": "Root Login Bypass with Directory Traversal"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"url" : "https://success.trendmicro.com/solution/000151732" "url": "https://success.trendmicro.com/solution/000151732",
} "refsource": "MISC",
] "name": "https://success.trendmicro.com/solution/000151732"
} }
} ]
}
}

5
2019/18xxx/CVE-2019-18217.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-848e410cfb", "name": "FEDORA-2019-848e410cfb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-7559f29ace",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2/"
} }
] ]
} }

5
2019/18xxx/CVE-2019-18418.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability", "url": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability" "name": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html",
"url": "http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html"
} }
] ]
} }

62
2019/18xxx/CVE-2019-18601.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt",
"refsource": "MISC",
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
}
]
}
}

62
2019/18xxx/CVE-2019-18602.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt",
"refsource": "MISC",
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
}
]
}
}

62
2019/18xxx/CVE-2019-18603.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt",
"refsource": "MISC",
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
}
]
}
}

62
2019/18xxx/CVE-2019-18604.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a",
"refsource": "MISC",
"name": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a"
}
]
}
}

58
2019/3xxx/CVE-2019-3976.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3976",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3976",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative path traversal."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
} }
] ]
} }

58
2019/3xxx/CVE-2019-3977.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3977",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3977",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Insufficient checks on origin"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system's usernames and passwords."
} }
] ]
} }

58
2019/3xxx/CVE-2019-3978.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3978",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3978",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
} }
] ]
} }

58
2019/3xxx/CVE-2019-3979.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3979",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3979",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records."
} }
] ]
} }

176
2019/4xxx/CVE-2019-4306.json
View File

@ -1,90 +1,90 @@
{ {
"data_format" : "MITRE", "data_format": "MITRE",
"data_version" : "4.0", "data_version": "4.0",
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4" "version_value": "4"
} }
] ]
}, },
"product_name" : "Security Guardium Big Data Intelligence" "product_name": "Security Guardium Big Data Intelligence"
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1096396 (Security Guardium Big Data Intelligence)",
"url" : "https://www.ibm.com/support/pages/node/1096396",
"name" : "https://www.ibm.com/support/pages/node/1096396"
},
{
"name" : "ibm-guardium-cve20194306-access-control (160986)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160986",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.500",
"PR" : "N",
"I" : "L",
"AC" : "L",
"S" : "U",
"A" : "N",
"AV" : "N",
"UI" : "N",
"C" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4306",
"DATE_PUBLIC" : "2019-10-22T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
] ]
} }
] },
} "references": {
} "reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1096396 (Security Guardium Big Data Intelligence)",
"url": "https://www.ibm.com/support/pages/node/1096396",
"name": "https://www.ibm.com/support/pages/node/1096396"
},
{
"name": "ibm-guardium-cve20194306-access-control (160986)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160986",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "6.500",
"PR": "N",
"I": "L",
"AC": "L",
"S": "U",
"A": "N",
"AV": "N",
"UI": "N",
"C": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986."
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-4306",
"DATE_PUBLIC": "2019-10-22T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}

176
2019/4xxx/CVE-2019-4307.json
View File

@ -1,90 +1,90 @@
{ {
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Guardium Big Data Intelligence", "product_name": "Security Guardium Big Data Intelligence",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4" "version_value": "4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4307",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-10-22T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"impact" : { "data_version": "4.0",
"cvssv3" : { "data_type": "CVE",
"BM" : { "CVE_data_meta": {
"A" : "N", "ID": "CVE-2019-4307",
"C" : "H", "ASSIGNER": "psirt@us.ibm.com",
"UI" : "N", "DATE_PUBLIC": "2019-10-22T00:00:00",
"AV" : "L", "STATE": "PUBLIC"
"PR" : "N", },
"I" : "N", "problemtype": {
"SCORE" : "5.100", "problemtype_data": [
"AC" : "H", {
"S" : "U" "description": [
}, {
"TM" : { "lang": "eng",
"RC" : "C", "value": "Obtain Information"
"RL" : "O", }
"E" : "U" ]
} }
} ]
}, },
"references" : { "impact": {
"reference_data" : [ "cvssv3": {
{ "BM": {
"refsource" : "CONFIRM", "A": "N",
"title" : "IBM Security Bulletin 1096288 (Security Guardium Big Data Intelligence)", "C": "H",
"url" : "https://www.ibm.com/support/pages/node/1096288", "UI": "N",
"name" : "https://www.ibm.com/support/pages/node/1096288" "AV": "L",
}, "PR": "N",
{ "I": "N",
"name" : "ibm-guardium-cve20194307-info-disc (160987)", "SCORE": "5.100",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160987", "AC": "H",
"refsource" : "XF", "S": "U"
"title" : "X-Force Vulnerability Report" },
} "TM": {
] "RC": "C",
}, "RL": "O",
"description" : { "E": "U"
"description_data" : [ }
{ }
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.", },
"lang" : "eng" "references": {
} "reference_data": [
] {
} "refsource": "CONFIRM",
} "title": "IBM Security Bulletin 1096288 (Security Guardium Big Data Intelligence)",
"url": "https://www.ibm.com/support/pages/node/1096288",
"name": "https://www.ibm.com/support/pages/node/1096288"
},
{
"name": "ibm-guardium-cve20194307-info-disc (160987)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160987",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.",
"lang": "eng"
}
]
}
}

174
2019/4xxx/CVE-2019-4309.json
View File

@ -1,90 +1,90 @@
{ {
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4309",
"DATE_PUBLIC" : "2019-10-22T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "N",
"C" : "H",
"UI" : "N",
"AV" : "L",
"I" : "N",
"PR" : "N",
"SCORE" : "5.900",
"S" : "C",
"AC" : "H"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1096348",
"title" : "IBM Security Bulletin 1096348 (Security Guardium Big Data Intelligence)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1096348"
},
{
"name" : "ibm-guardium-cve20194309-info-disc (161035)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161035",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"product" : { "description": [
"product_data" : [ {
{ "lang": "eng",
"version" : { "value": "Obtain Information"
"version_data" : [ }
{ ]
"version_value" : "4"
}
]
},
"product_name" : "Security Guardium Big Data Intelligence"
}
]
},
"vendor_name" : "IBM"
} }
] ]
} },
}, "data_type": "CVE",
"data_version" : "4.0", "CVE_data_meta": {
"data_format" : "MITRE" "ID": "CVE-2019-4309",
} "DATE_PUBLIC": "2019-10-22T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"A": "N",
"C": "H",
"UI": "N",
"AV": "L",
"I": "N",
"PR": "N",
"SCORE": "5.900",
"S": "C",
"AC": "H"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1096348",
"title": "IBM Security Bulletin 1096348 (Security Guardium Big Data Intelligence)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1096348"
},
{
"name": "ibm-guardium-cve20194309-info-disc (161035)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161035",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4"
}
]
},
"product_name": "Security Guardium Big Data Intelligence"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"data_format": "MITRE"
}

174
2019/4xxx/CVE-2019-4311.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"ID" : "CVE-2019-4311", "ID": "CVE-2019-4311",
"DATE_PUBLIC" : "2019-10-24T00:00:00", "DATE_PUBLIC": "2019-10-24T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com" "ASSIGNER": "psirt@us.ibm.com"
}, },
"data_type" : "CVE", "data_type": "CVE",
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"A" : "N",
"AV" : "N",
"C" : "L",
"UI" : "N",
"SCORE" : "5.300",
"PR" : "N",
"I" : "N",
"AC" : "L",
"S" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1098069 (Security Guardium Big Data Intelligence)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1098069",
"name" : "https://www.ibm.com/support/pages/node/1098069"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161037",
"name" : "ibm-guardium-cve20194311-info-disc (161037)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"product" : { "description": [
"product_data" : [ {
{ "lang": "eng",
"version" : { "value": "Obtain Information"
"version_data" : [ }
{ ]
"version_value" : "4"
}
]
},
"product_name" : "Security Guardium Big Data Intelligence"
}
]
},
"vendor_name" : "IBM"
} }
] ]
} },
}, "impact": {
"data_format" : "MITRE", "cvssv3": {
"data_version" : "4.0" "TM": {
} "E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"A": "N",
"AV": "N",
"C": "L",
"UI": "N",
"SCORE": "5.300",
"PR": "N",
"I": "N",
"AC": "L",
"S": "U"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1098069 (Security Guardium Big Data Intelligence)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1098069",
"name": "https://www.ibm.com/support/pages/node/1098069"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161037",
"name": "ibm-guardium-cve20194311-info-disc (161037)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4"
}
]
},
"product_name": "Security Guardium Big Data Intelligence"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_version": "4.0"
}

176
2019/4xxx/CVE-2019-4314.json
View File

@ -1,90 +1,90 @@
{ {
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name" : "IBM", "vendor_name": "IBM",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4" "version_value": "4"
} }
] ]
}, },
"product_name" : "Security Guardium Big Data Intelligence" "product_name": "Security Guardium Big Data Intelligence"
} }
] ]
} }
} }
]
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_version": "4.0",
"data_type" : "CVE", "data_format": "MITRE",
"CVE_data_meta" : { "problemtype": {
"ID" : "CVE-2019-4314", "problemtype_data": [
"ASSIGNER" : "psirt@us.ibm.com", {
"DATE_PUBLIC" : "2019-10-23T00:00:00", "description": [
"STATE" : "PUBLIC" {
}, "lang": "eng",
"description" : { "value": "Obtain Information"
"description_data" : [ }
{ ]
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.", }
"lang" : "eng" ]
} },
] "data_type": "CVE",
}, "CVE_data_meta": {
"impact" : { "ID": "CVE-2019-4314",
"cvssv3" : { "ASSIGNER": "psirt@us.ibm.com",
"TM" : { "DATE_PUBLIC": "2019-10-23T00:00:00",
"RC" : "C", "STATE": "PUBLIC"
"RL" : "O", },
"E" : "U" "description": {
}, "description_data": [
"BM" : { {
"SCORE" : "5.900", "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.",
"I" : "N", "lang": "eng"
"PR" : "N", }
"S" : "U", ]
"AC" : "H", },
"A" : "N", "impact": {
"AV" : "N", "cvssv3": {
"UI" : "N", "TM": {
"C" : "H" "RC": "C",
} "RL": "O",
} "E": "U"
}, },
"references" : { "BM": {
"reference_data" : [ "SCORE": "5.900",
{ "I": "N",
"name" : "https://www.ibm.com/support/pages/node/1096912", "PR": "N",
"url" : "https://www.ibm.com/support/pages/node/1096912", "S": "U",
"title" : "IBM Security Bulletin 1096912 (Security Guardium Big Data Intelligence)", "AC": "H",
"refsource" : "CONFIRM" "A": "N",
}, "AV": "N",
{ "UI": "N",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161041", "C": "H"
"title" : "X-Force Vulnerability Report", }
"refsource" : "XF", }
"name" : "ibm-guardium-cve20194314-info-disc (161041)" },
} "references": {
] "reference_data": [
} {
} "name": "https://www.ibm.com/support/pages/node/1096912",
"url": "https://www.ibm.com/support/pages/node/1096912",
"title": "IBM Security Bulletin 1096912 (Security Guardium Big Data Intelligence)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161041",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-guardium-cve20194314-info-disc (161041)"
}
]
}
}

176
2019/4xxx/CVE-2019-4329.json
View File

@ -1,90 +1,90 @@
{ {
"data_format" : "MITRE", "data_format": "MITRE",
"data_version" : "4.0", "data_version": "4.0",
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name" : "IBM", "vendor_name": "IBM",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4" "version_value": "4"
} }
] ]
}, },
"product_name" : "Security Guardium Big Data Intelligence" "product_name": "Security Guardium Big Data Intelligence"
} }
] ]
} }
} }
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/1096906",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 1096906 (Security Guardium Big Data Intelligence)",
"url" : "https://www.ibm.com/support/pages/node/1096906"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161209",
"name" : "ibm-guardium-cve20194329-sec-bypass (161209)"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"C" : "N",
"UI" : "N",
"A" : "N",
"AC" : "L",
"S" : "U",
"SCORE" : "4.300",
"PR" : "L",
"I" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
] ]
} }
] },
}, "description": {
"CVE_data_meta" : { "description_data": [
"ID" : "CVE-2019-4329", {
"DATE_PUBLIC" : "2019-10-23T00:00:00", "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.",
"ASSIGNER" : "psirt@us.ibm.com", "lang": "eng"
"STATE" : "PUBLIC" }
}, ]
"data_type" : "CVE" },
} "references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1096906",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1096906 (Security Guardium Big Data Intelligence)",
"url": "https://www.ibm.com/support/pages/node/1096906"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161209",
"name": "ibm-guardium-cve20194329-sec-bypass (161209)"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AV": "N",
"C": "N",
"UI": "N",
"A": "N",
"AC": "L",
"S": "U",
"SCORE": "4.300",
"PR": "L",
"I": "L"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4329",
"DATE_PUBLIC": "2019-10-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE"
}

176
2019/4xxx/CVE-2019-4330.json
View File

@ -1,90 +1,90 @@
{ {
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name" : "IBM", "vendor_name": "IBM",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4" "version_value": "4"
} }
] ]
}, },
"product_name" : "Security Guardium Big Data Intelligence" "product_name": "Security Guardium Big Data Intelligence"
} }
] ]
} }
} }
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"CVE_data_meta" : { "data_version": "4.0",
"ASSIGNER" : "psirt@us.ibm.com", "problemtype": {
"DATE_PUBLIC" : "2019-10-22T00:00:00", "problemtype_data": [
"ID" : "CVE-2019-4330", {
"STATE" : "PUBLIC" "description": [
}, {
"data_type" : "CVE", "lang": "eng",
"description" : { "value": "Obtain Information"
"description_data" : [ }
{ ]
"lang" : "eng", }
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210." ]
} },
] "CVE_data_meta": {
}, "ASSIGNER": "psirt@us.ibm.com",
"references" : { "DATE_PUBLIC": "2019-10-22T00:00:00",
"reference_data" : [ "ID": "CVE-2019-4330",
{ "STATE": "PUBLIC"
"name" : "https://www.ibm.com/support/pages/node/1096384", },
"title" : "IBM Security Bulletin 1096384 (Security Guardium Big Data Intelligence)", "data_type": "CVE",
"refsource" : "CONFIRM", "description": {
"url" : "https://www.ibm.com/support/pages/node/1096384" "description_data": [
}, {
{ "lang": "eng",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161210", "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210."
"title" : "X-Force Vulnerability Report", }
"refsource" : "XF", ]
"name" : "ibm-guardium-cve20194330-info-disc (161210)" },
} "references": {
] "reference_data": [
}, {
"impact" : { "name": "https://www.ibm.com/support/pages/node/1096384",
"cvssv3" : { "title": "IBM Security Bulletin 1096384 (Security Guardium Big Data Intelligence)",
"TM" : { "refsource": "CONFIRM",
"RL" : "O", "url": "https://www.ibm.com/support/pages/node/1096384"
"RC" : "C", },
"E" : "U" {
}, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161210",
"BM" : { "title": "X-Force Vulnerability Report",
"SCORE" : "3.100", "refsource": "XF",
"PR" : "N", "name": "ibm-guardium-cve20194330-info-disc (161210)"
"I" : "N", }
"AC" : "H", ]
"S" : "U", },
"A" : "N", "impact": {
"AV" : "N", "cvssv3": {
"C" : "L", "TM": {
"UI" : "R" "RL": "O",
} "RC": "C",
} "E": "U"
} },
} "BM": {
"SCORE": "3.100",
"PR": "N",
"I": "N",
"AC": "H",
"S": "U",
"A": "N",
"AV": "N",
"C": "L",
"UI": "R"
}
}
}
}

176
2019/4xxx/CVE-2019-4339.json
View File

@ -1,90 +1,90 @@
{ {
"data_version" : "4.0", "data_version": "4.0",
"data_format" : "MITRE", "data_format": "MITRE",
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Guardium Big Data Intelligence", "product_name": "Security Guardium Big Data Intelligence",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4" "version_value": "4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1096924",
"title" : "IBM Security Bulletin 1096924 (Security Guardium Big Data Intelligence)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1096924"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161418",
"name" : "ibm-guardium-cve20194339-info-disc (161418)"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"C" : "H",
"UI" : "N",
"A" : "N",
"AC" : "H",
"S" : "U",
"SCORE" : "5.900",
"PR" : "N",
"I" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-10-23T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4339",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
] ]
} }
] },
} "references": {
} "reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/1096924",
"title": "IBM Security Bulletin 1096924 (Security Guardium Big Data Intelligence)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1096924"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161418",
"name": "ibm-guardium-cve20194339-info-disc (161418)"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"C": "H",
"UI": "N",
"A": "N",
"AC": "H",
"S": "U",
"SCORE": "5.900",
"PR": "N",
"I": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-10-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4339",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}

176
2019/4xxx/CVE-2019-4546.json
View File

@ -1,90 +1,90 @@
{ {
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.6.1" "version_value": "7.6.1"
} }
] ]
}, },
"product_name" : "Maximo Health- Safety and Environment Manager" "product_name": "Maximo Health- Safety and Environment Manager"
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2019-4546",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-10-23T00:00:00"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
] ]
} }
] },
}, "data_version": "4.0",
"references" : { "data_format": "MITRE",
"reference_data" : [ "CVE_data_meta": {
{ "STATE": "PUBLIC",
"url" : "https://www.ibm.com/support/pages/node/1087738", "ID": "CVE-2019-4546",
"refsource" : "CONFIRM", "ASSIGNER": "psirt@us.ibm.com",
"title" : "IBM Security Bulletin 1087738 (Maximo Health- Safety and Environment Manager)", "DATE_PUBLIC": "2019-10-23T00:00:00"
"name" : "https://www.ibm.com/support/pages/node/1087738" },
}, "data_type": "CVE",
{ "problemtype": {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165948", "problemtype_data": [
"refsource" : "XF", {
"title" : "X-Force Vulnerability Report", "description": [
"name" : "ibm-maximo-cve20194546-priv-escalation (165948)" {
} "value": "Gain Privileges",
] "lang": "eng"
}, }
"impact" : { ]
"cvssv3" : { }
"TM" : { ]
"RC" : "C", },
"RL" : "O", "references": {
"E" : "U" "reference_data": [
}, {
"BM" : { "url": "https://www.ibm.com/support/pages/node/1087738",
"I" : "L", "refsource": "CONFIRM",
"PR" : "L", "title": "IBM Security Bulletin 1087738 (Maximo Health- Safety and Environment Manager)",
"SCORE" : "5.400", "name": "https://www.ibm.com/support/pages/node/1087738"
"S" : "U", },
"AC" : "L", {
"A" : "N", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165948",
"UI" : "N", "refsource": "XF",
"C" : "L", "title": "X-Force Vulnerability Report",
"AV" : "N" "name": "ibm-maximo-cve20194546-priv-escalation (165948)"
} }
} ]
}, },
"description" : { "impact": {
"description_data" : [ "cvssv3": {
{ "TM": {
"lang" : "eng", "RC": "C",
"value" : "After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948." "RL": "O",
} "E": "U"
] },
} "BM": {
} "I": "L",
"PR": "L",
"SCORE": "5.400",
"S": "U",
"AC": "L",
"A": "N",
"UI": "N",
"C": "L",
"AV": "N"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948."
}
]
}
}

182
2019/4xxx/CVE-2019-4600.json
View File

@ -1,93 +1,93 @@
{ {
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name" : "IBM", "vendor_name": "IBM",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "API Connect", "product_name": "API Connect",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.0.0" "version_value": "5.0.0.0"
}, },
{ {
"version_value" : "5.0.8.7" "version_value": "5.0.8.7"
} }
] ]
} }
} }
] ]
} }
} }
]
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_version": "4.0",
"CVE_data_meta" : { "data_format": "MITRE",
"STATE" : "PUBLIC", "problemtype": {
"ID" : "CVE-2019-4600", "problemtype_data": [
"ASSIGNER" : "psirt@us.ibm.com", {
"DATE_PUBLIC" : "2019-10-24T00:00:00" "description": [
}, {
"data_type" : "CVE", "lang": "eng",
"description" : { "value": "Obtain Information"
"description_data" : [ }
{ ]
"lang" : "eng", }
"value" : "IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883." ]
} },
] "CVE_data_meta": {
}, "STATE": "PUBLIC",
"references" : { "ID": "CVE-2019-4600",
"reference_data" : [ "ASSIGNER": "psirt@us.ibm.com",
{ "DATE_PUBLIC": "2019-10-24T00:00:00"
"url" : "https://www.ibm.com/support/pages/node/1079127", },
"refsource" : "CONFIRM", "data_type": "CVE",
"title" : "IBM Security Bulletin 1079127 (API Connect)", "description": {
"name" : "https://www.ibm.com/support/pages/node/1079127" "description_data": [
}, {
{ "lang": "eng",
"name" : "ibm-api-cve20194600-info-disc (167883)", "value": "IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883."
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167883", }
"title" : "X-Force Vulnerability Report", ]
"refsource" : "XF" },
} "references": {
] "reference_data": [
}, {
"impact" : { "url": "https://www.ibm.com/support/pages/node/1079127",
"cvssv3" : { "refsource": "CONFIRM",
"BM" : { "title": "IBM Security Bulletin 1079127 (API Connect)",
"PR" : "N", "name": "https://www.ibm.com/support/pages/node/1079127"
"I" : "N", },
"SCORE" : "5.300", {
"AC" : "L", "name": "ibm-api-cve20194600-info-disc (167883)",
"S" : "U", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167883",
"A" : "N", "title": "X-Force Vulnerability Report",
"UI" : "N", "refsource": "XF"
"C" : "L", }
"AV" : "N" ]
}, },
"TM" : { "impact": {
"E" : "U", "cvssv3": {
"RL" : "O", "BM": {
"RC" : "C" "PR": "N",
} "I": "N",
} "SCORE": "5.300",
} "AC": "L",
} "S": "U",
"A": "N",
"UI": "N",
"C": "L",
"AV": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
}
}

58
2019/5xxx/CVE-2019-5533.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5533",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5533",
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "SD-WAN by VeloCloud",
"version": {
"version_data": [
{
"version_value": "3.x prior to 3.3.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3."
} }
] ]
} }