admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-29 19:01:09 +00:00
parent f02e101d8b
commit 6d81adf673
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 2417 additions and 1178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2009/3xxx/CVE-2009-3723.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3723",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "asterisk",
"product": {
"product_data": [
{
"product_name": "asterisk",
"version": {
"version_data": [
{
"version_value": "All 1.6.1 versions"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "asterisk allows calls on prohibited networks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "calls allowed on prohibited networks in asterisk"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"url": "https://access.redhat.com/security/cve/cve-2009-3723",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"refsource": "MISC",
"name": "http://downloads.asterisk.org/pub/security/AST-2009-007.html",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
]
}

70
2009/3xxx/CVE-2009-3887.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3887",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ytnef",
"product": {
"product_data": [
{
"product_name": "ytnef",
"version": {
"version_data": [
{
"version_value": "through 2009-09-07 (Fixed In Version: 2.8)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ytnef has directory traversal"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3887",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3887"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3887",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3887"
},
{
"url": "https://access.redhat.com/security/cve/cve-2009-3887",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2009-3887"
},
{
"refsource": "MISC",
"name": "http://ocert.org/advisories/ocert-2009-013.html",
"url": "http://ocert.org/advisories/ocert-2009-013.html"
},
{
"refsource": "MISC",
"name": "https://www.akitasecurity.nl/advisory.php?id=AK20090601",
"url": "https://www.akitasecurity.nl/advisory.php?id=AK20090601"
}
]
}

58
2010/3xxx/CVE-2010-3373.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3373",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "paxtest handles temporary files insecurely"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3373",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3373"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598413",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598413"
},
{
"refsource": "MISC",
"name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3373.html",
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3373.html"
}
]
}

58
2010/3xxx/CVE-2010-3375.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3375",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "qtparted has insecure library loading which may allow arbitrary code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3375",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3375"
},
{
"refsource": "DEBIAN",
"name": "Debian",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598301"
},
{
"refsource": "MISC",
"name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html",
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html"
}
]
}

50
2011/2xxx/CVE-2011-2538.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2538",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Video Communications Server (VCS)",
"version": {
"version_data": [
{
"version_value": "X7.0.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf",
"url": "https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf"
}
]
}

60
2011/4xxx/CVE-2011-4931.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4931",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpw",
"version": {
"version_data": [
{
"version_value": "0.0.19940601-8.1"
}
]
}
}
]
},
"vendor_name": "gpw"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gpw generates shorter passwords than required"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4931",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4931"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-4931",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-4931"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/01/17/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/17/13"
}
]
}

60
2012/0xxx/CVE-2012-0046.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0046",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mediawiki",
"product": {
"product_data": [
{
"product_name": "mediawiki",
"version": {
"version_data": [
{
"version_value": "1.16"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mediawiki allows deleted text to be exposed"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "info leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-0046",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-0046",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-0046"
}
]
}

65
2012/1xxx/CVE-2012-1187.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1187",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bitlbee",
"product": {
"product_data": [
{
"product_name": "Bitlbee",
"version": {
"version_data": [
{
"version_value": "3.0.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bitlbee does not drop extra group privileges correctly in unix.c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "does not drop extra group privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1187",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-1187",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-1187"
},
{
"refsource": "MISC",
"name": "https://bugs.bitlbee.org/ticket/852",
"url": "https://bugs.bitlbee.org/ticket/852"
}
]
}

53
2012/2xxx/CVE-2012-2945.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2945",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hadoop 1.0.3 contains a symlink vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2945",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2945"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2012/Jul/3",
"url": "https://seclists.org/fulldisclosure/2012/Jul/3"
}
]
}

14
2017/5xxx/CVE-2017-5678.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5678",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-5678",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-13069. Reason: This candidate is a reservation duplicate of CVE-2017-13069. Notes: All CVE users should reference CVE-2017-13069 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

5
2017/9xxx/CVE-2017-9418.json
View File

@ -61,11 +61,6 @@
"name": "42166",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42166/"
},
{
"name": "http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/",
"refsource": "MISC",
"url": "http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/"
}
]
}

5
2017/9xxx/CVE-2017-9419.json
View File

@ -56,11 +56,6 @@
"name": "https://wpvulndb.com/vulnerabilities/8848",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8848"
},
{
"name": "http://dtsa.eu/cve-2017-9419-wordpress-wp-custom-fields-search-v-0-3-28-reflected-cross-site-scripting-xss/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9419-wordpress-wp-custom-fields-search-v-0-3-28-reflected-cross-site-scripting-xss/"
}
]
}

5
2017/9xxx/CVE-2017-9420.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC",
"url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/"
},
{
"name": "http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8842",
"refsource": "MISC",

5
2017/9xxx/CVE-2017-9429.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"name": "http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-injection-sqli/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-injection-sqli/"
},
{
"name": "42173",
"refsource": "EXPLOIT-DB",

5
2017/9xxx/CVE-2017-9603.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-jobs/#developers"
},
{
"name": "http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/",
"refsource": "MISC",
"url": "http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/"
},
{
"name": "42172",
"refsource": "EXPLOIT-DB",

64
2019/0xxx/CVE-2019-0205.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0205",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-0205",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Apache Thrift",
"version": {
"version_data": [
{
"version_value": "all versions up to and including 0.12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential DoS when processing untrusted Thrift payloads"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E",
"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings."
}
]
}

64
2019/0xxx/CVE-2019-0210.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0210",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-0210",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Apache Thrift",
"version": {
"version_data": [
{
"version_value": "0.9.3 to 0.12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E",
"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data."
}
]
}

5
2019/10xxx/CVE-2019-10208.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10208",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -61,6 +62,8 @@
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/"
}
]

5
2019/10xxx/CVE-2019-10209.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10209",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -57,6 +58,8 @@
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/"
}
]

5
2019/10xxx/CVE-2019-10210.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10210",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -61,6 +62,8 @@
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/"
}
]

5
2019/10xxx/CVE-2019-10211.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10211",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -61,6 +62,8 @@
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://www.postgresql.org/about/news/1960/",
"url": "https://www.postgresql.org/about/news/1960/"
}
]

60
2019/10xxx/CVE-2019-10743.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "github.com/mholt/archiver/cmd/arc",
"version": {
"version_data": [
{
"version_value": "versions 3.0.0 and later"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Write via Archive Extraction (Zip Slip)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/research/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728,",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728,"
},
{
"refsource": "MISC",
"name": "https://github.com/mholt/archiver/pull/169,",
"url": "https://github.com/mholt/archiver/pull/169,"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip). The package is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder."
}
]
}

66
2019/10xxx/CVE-2019-10748.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Sequelize",
"version": {
"version_data": [
{
"version_value": "All versions prior to 3.35.1"
},
{
"version_value": "All versions prior to 4.44.3"
},
{
"version_value": "All versions prior to 5.8.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221",
"url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221"
},
{
"refsource": "MISC",
"name": "https://github.com/sequelize/sequelize/commit/a72a3f5,",
"url": "https://github.com/sequelize/sequelize/commit/a72a3f5,"
},
{
"refsource": "MISC",
"name": "https://github.com/sequelize/sequelize/pull/11089,",
"url": "https://github.com/sequelize/sequelize/pull/11089,"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects."
}
]
}

20
2019/11xxx/CVE-2019-11043.json
View File

@ -106,6 +106,26 @@
"refsource": "CONFIRM",
"name": "https://bugs.php.net/bug.php?id=78599",
"url": "https://bugs.php.net/bug.php?id=78599"
},
{
"refsource": "UBUNTU",
"name": "USN-4166-1",
"url": "https://usn.ubuntu.com/4166-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4552",
"url": "https://www.debian.org/security/2019/dsa-4552"
},
{
"refsource": "DEBIAN",
"name": "DSA-4553",
"url": "https://www.debian.org/security/2019/dsa-4553"
},
{
"refsource": "UBUNTU",
"name": "USN-4166-2",
"url": "https://usn.ubuntu.com/4166-2/"
}
]
},

5
2019/13xxx/CVE-2019-13117.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4164-1",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-fdf6ec39b4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
}
]
}

5
2019/13xxx/CVE-2019-13118.json
View File

@ -221,6 +221,11 @@
"refsource": "UBUNTU",
"name": "USN-4164-1",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-fdf6ec39b4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
}
]
}

5
2019/13xxx/CVE-2019-13139.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ",
"name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
"url": "https://seclists.org/bugtraq/2019/Sep/21"
},
{
"refsource": "REDHAT",
"name": "RHBA-2019:3092",
"url": "https://access.redhat.com/errata/RHBA-2019:3092"
}
]
}

5
2019/14xxx/CVE-2019-14287.json
View File

@ -146,6 +146,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3204",
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3209",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
}
]
}

5
2019/15xxx/CVE-2019-15587.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/flavorjones/loofah/issues/171",
"url": "https://github.com/flavorjones/loofah/issues/171"
},
{
"refsource": "DEBIAN",
"name": "DSA-4554",
"url": "https://www.debian.org/security/2019/dsa-4554"
}
]
},

5
2019/15xxx/CVE-2019-15903.json
View File

@ -156,6 +156,11 @@
"refsource": "DEBIAN",
"name": "DSA-4549",
"url": "https://www.debian.org/security/2019/dsa-4549"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3210",
"url": "https://access.redhat.com/errata/RHSA-2019:3210"
}
]
}

5
2019/16xxx/CVE-2019-16391.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr",
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
}
]
}

5
2019/16xxx/CVE-2019-16392.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-4532",
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
}
]
}

5
2019/16xxx/CVE-2019-16393.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4532",
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
}
]
}

5
2019/16xxx/CVE-2019-16394.json
View File

@ -81,6 +81,11 @@
"refsource": "DEBIAN",
"name": "DSA-4532",
"url": "https://www.debian.org/security/2019/dsa-4532"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html"
}
]
}

10
2019/17xxx/CVE-2019-17543.json
View File

@ -101,6 +101,16 @@
"refsource": "MLIST",
"name": "[arrow-issues] 20191025 [jira] [Commented] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543",
"url": "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2399",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2398",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html"
}
]
}

4
2019/18xxx/CVE-2019-18187.json
View File

@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url" : "https://success.trendmicro.com/solution/000151730"
"url": "https://success.trendmicro.com/solution/000151730",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000151730"
}
]
}

6
2019/18xxx/CVE-2019-18188.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value" : "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.\r\n"
"value": "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url" : "https://success.trendmicro.com/solution/000151731"
"url": "https://success.trendmicro.com/solution/000151731",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000151731"
}
]
}

6
2019/18xxx/CVE-2019-18189.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value" : "A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.\r\n"
"value": "A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url" : "https://success.trendmicro.com/solution/000151732"
"url": "https://success.trendmicro.com/solution/000151732",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000151732"
}
]
}

5
2019/18xxx/CVE-2019-18217.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-848e410cfb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-7559f29ace",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2/"
}
]
}

5
2019/18xxx/CVE-2019-18418.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability",
"refsource": "MISC",
"name": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html",
"url": "http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html"
}
]
}

62
2019/18xxx/CVE-2019-18601.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt",
"refsource": "MISC",
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
}
]
}
}

62
2019/18xxx/CVE-2019-18602.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt",
"refsource": "MISC",
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
}
]
}
}

62
2019/18xxx/CVE-2019-18603.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt",
"refsource": "MISC",
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
}
]
}
}

62
2019/18xxx/CVE-2019-18604.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a",
"refsource": "MISC",
"name": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a"
}
]
}
}

64
2019/3xxx/CVE-2019-3976.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3976",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-3976",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative path traversal."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
}
]
}

64
2019/3xxx/CVE-2019-3977.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3977",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-3977",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Insufficient checks on origin"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system's usernames and passwords."
}
]
}

64
2019/3xxx/CVE-2019-3978.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3978",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-3978",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
}
]
}

64
2019/3xxx/CVE-2019-3979.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3979",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-3979",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-46",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records."
}
]
}

64
2019/5xxx/CVE-2019-5533.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5533",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5533",
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "SD-WAN by VeloCloud",
"version": {
"version_data": [
{
"version_value": "3.x prior to 3.3.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3."
}
]
}