admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into cna/Oracle/CPU2019Jul

Browse Source
This commit is contained in:
bsitu 2019-07-17 10:56:43 -07:00 committed by GitHub
commit 72c373713d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
59 changed files with 2050 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2014/0xxx/CVE-2014-0114.json
View File

@ -513,9 +513,14 @@
"name":"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
}
]
}
}

5
2014/10xxx/CVE-2014-10374.json
View File

@ -56,6 +56,11 @@
"url": "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf",
"refsource": "MISC",
"name": "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf"
},
{
"refsource": "MISC",
"name": "https://twitter.com/TedOnPrivacy/status/1151390589990187008",
"url": "https://twitter.com/TedOnPrivacy/status/1151390589990187008"
}
]
}

5
2016/9xxx/CVE-2016-9572.json
View File

@ -95,6 +95,11 @@
"url":"https://www.debian.org/security/2017/dsa-3768"
},
{
"refsource": "BID",
"name": "109233",
"url": "http://www.securityfocus.com/bid/109233"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]

10
2017/15xxx/CVE-2017-15123.json
View File

@ -48,6 +48,16 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
"refsource": "CONFIRM"
},
{
"refsource": "BID",
"name": "108690",
"url": "http://www.securityfocus.com/bid/108690"
},
{
"refsource": "MISC",
"name": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/",
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
]
},

5
2018/1000xxx/CVE-2018-1000024.json
View File

@ -78,6 +78,11 @@
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
},
{
"refsource": "UBUNTU",
"name": "USN-4059-2",
"url": "https://usn.ubuntu.com/4059-2/"
}
]
}

5
2018/1000xxx/CVE-2018-1000027.json
View File

@ -93,6 +93,11 @@
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4059-2",
"url": "https://usn.ubuntu.com/4059-2/"
}
]
}

19
2018/11xxx/CVE-2018-11058.json
View File

@ -1,9 +1,9 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"ID":"CVE-2018-11058",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2018-11058",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
@ -86,9 +86,14 @@
"references":{
"reference_data":[
{
"name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
"refsource":"FULLDISC",
"url":"http://seclists.org/fulldisclosure/2018/Aug/46"
"name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/46"
},
{
"refsource": "BID",
"name": "108106",
"url": "http://www.securityfocus.com/bid/108106"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

13
2018/12xxx/CVE-2018-12022.json
View File

@ -144,13 +144,18 @@
"url":"https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1797",
"url":"https://access.redhat.com/errata/RHSA-2019:1797"
"refsource": "REDHAT",
"name": "RHSA-2019:1797",
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"refsource": "BID",
"name": "107585",
"url": "http://www.securityfocus.com/bid/107585"
},
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
}
]
}
}

5
2018/12xxx/CVE-2018-12897.json
View File

@ -56,6 +56,11 @@
"name": "https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow/",
"refsource": "MISC",
"url": "https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153668/DameWare-Remote-Support-12.0.0.509-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/153668/DameWare-Remote-Support-12.0.0.509-Buffer-Overflow.html"
}
]
}

11
2018/17xxx/CVE-2018-17960.json
View File

@ -59,9 +59,14 @@
"url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"
},
{
"name":"https://ckeditor.com/cke4/release/CKEditor-4.11.0",
"refsource":"MISC",
"url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0"
"name": "https://ckeditor.com/cke4/release/CKEditor-4.11.0",
"refsource": "MISC",
"url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0"
},
{
"refsource": "BID",
"name": "109205",
"url": "http://www.securityfocus.com/bid/109205"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

11
2018/19xxx/CVE-2018-19360.json
View File

@ -134,9 +134,14 @@
"url":"https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1797",
"url":"https://access.redhat.com/errata/RHSA-2019:1797"
"refsource": "REDHAT",
"name": "RHSA-2019:1797",
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"refsource": "BID",
"name": "107985",
"url": "http://www.securityfocus.com/bid/107985"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

11
2018/19xxx/CVE-2018-19361.json
View File

@ -134,9 +134,14 @@
"url":"https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1797",
"url":"https://access.redhat.com/errata/RHSA-2019:1797"
"refsource": "REDHAT",
"name": "RHSA-2019:1797",
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"refsource": "BID",
"name": "107985",
"url": "http://www.securityfocus.com/bid/107985"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

11
2018/19xxx/CVE-2018-19362.json
View File

@ -134,9 +134,14 @@
"url":"https://access.redhat.com/errata/RHSA-2019:1782"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1797",
"url":"https://access.redhat.com/errata/RHSA-2019:1797"
"refsource": "REDHAT",
"name": "RHSA-2019:1797",
"url": "https://access.redhat.com/errata/RHSA-2019:1797"
},
{
"refsource": "BID",
"name": "107985",
"url": "http://www.securityfocus.com/bid/107985"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

97
2018/1xxx/CVE-2018-1921.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1921",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887995 (Campaign)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887995",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887995"
},
{
"name": "ibm-campaign-cve20181921-xss (152857)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152857"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Campaign",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
},
{
"version_value": "11.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"UI": "R",
"AC": "L",
"SCORE": "5.400",
"S": "C",
"AV": "N",
"PR": "L",
"C": "L",
"A": "N",
"I": "L"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-1921",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-07-10T00:00:00"
},
"data_type": "CVE"
}

87
2018/2xxx/CVE-2018-2021.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2018-2021",
"STATE": "RESERVED"
"DATE_PUBLIC": "2019-07-10T00:00:00"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888117",
"title": "IBM Security Bulletin 888117 (QRadar SIEM)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888117"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155345",
"name": "ibm-qradar-cve20182021-xss (155345)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
},
"product_name": "QRadar SIEM"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"UI": "R",
"AC": "L",
"SCORE": "6.100",
"AV": "N",
"PR": "N",
"S": "C",
"C": "L",
"A": "N",
"I": "L"
}
}
},
"data_version": "4.0"
}

91
2018/2xxx/CVE-2018-2022.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2022",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-07-10T00:00:00",
"ID": "CVE-2018-2022",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888133",
"title": "IBM Security Bulletin 888133 (QRadar SIEM)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888133"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155346",
"name": "ibm-qradar-cve20182022-info-disc (155346)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.300",
"UI": "N",
"AC": "L",
"A": "N",
"I": "N",
"S": "U",
"PR": "N",
"AV": "N",
"C": "L"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
}
}

5
2018/8xxx/CVE-2018-8453.json
View File

@ -231,6 +231,11 @@
"name": "105467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105467"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html",
"url": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html"
}
]
}

11
2019/0xxx/CVE-2019-0199.json
View File

@ -146,9 +146,14 @@
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html"
},
{
"refsource":"FEDORA",
"name":"FEDORA-2019-d66febb5df",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/"
"refsource": "FEDORA",
"name": "FEDORA-2019-d66febb5df",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/"
},
{
"refsource": "BID",
"name": "107674",
"url": "http://www.securityfocus.com/bid/107674"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

5
2019/0xxx/CVE-2019-0319.json
View File

@ -89,6 +89,11 @@
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
"url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
"url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
}
]
}

2
2019/1010xxx/CVE-2019-1010006.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victin must open a crafted PDF file."
"value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail."
}
]
},

58
2019/1010xxx/CVE-2019-1010048.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UPX",
"version": {
"version_data": [
{
"version_value": "3.95"
}
]
}
}
]
},
"vendor_name": "UPX"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-1010048",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/upx/upx/pull/190",
"refsource": "MISC",
"name": "https://github.com/upx/upx/pull/190"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

56
2019/1010xxx/CVE-2019-1010083.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Pallets Project",
"product": {
"product_data": [
{
"product_name": "Flask",
"version": {
"version_data": [
{
"version_value": "\u2264 1.0 [fixed: 1]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unexpected memory usage"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.palletsprojects.com/blog/flask-1-0-released/",
"url": "https://www.palletsprojects.com/blog/flask-1-0-released/"
}
]
}

56
2019/1010xxx/CVE-2019-1010084.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010084",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dancer::Plugin::SimpleCRUD",
"product": {
"product_data": [
{
"product_name": "Dancer::Plugin::SimpleCRUD",
"version": {
"version_data": [
{
"version_value": "\u2264 1.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bigpresh/Dancer-Plugin-SimpleCRUD/pull/109",
"refsource": "MISC",
"name": "https://github.com/bigpresh/Dancer-Plugin-SimpleCRUD/pull/109"
}
]
}

56
2019/1010xxx/CVE-2019-1010091.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tinymce",
"version": {
"version_data": [
{
"version_value": "4.7.11, 4.7.12"
}
]
}
}
]
},
"vendor_name": "tinymce"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tinymce/tinymce/issues/4394",
"refsource": "MISC",
"name": "https://github.com/tinymce/tinymce/issues/4394"
}
]
}

5
2019/1010xxx/CVE-2019-1010315.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc",
"url": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc"
},
{
"refsource": "UBUNTU",
"name": "USN-4062-1",
"url": "https://usn.ubuntu.com/4062-1/"
}
]
}

5
2019/1010xxx/CVE-2019-1010317.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b",
"url": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b"
},
{
"refsource": "UBUNTU",
"name": "USN-4062-1",
"url": "https://usn.ubuntu.com/4062-1/"
}
]
}

5
2019/1010xxx/CVE-2019-1010319.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe",
"url": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe"
},
{
"refsource": "UBUNTU",
"name": "USN-4062-1",
"url": "https://usn.ubuntu.com/4062-1/"
}
]
}

50
2019/10xxx/CVE-2019-10352.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10352",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.185 and earlier, LTS 2.176.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424"
}
]
}

50
2019/10xxx/CVE-2019-10353.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10353",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.185 and earlier, LTS 2.176.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626"
}
]
}

50
2019/10xxx/CVE-2019-10354.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10354",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.185 and earlier, LTS 2.176.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534"
}
]
}

11
2019/12xxx/CVE-2019-12086.json
View File

@ -94,9 +94,14 @@
"url":"https://seclists.org/bugtraq/2019/May/68"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190530-0003/",
"url":"https://security.netapp.com/advisory/ntap-20190530-0003/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
},
{
"refsource": "BID",
"name": "109227",
"url": "http://www.securityfocus.com/bid/109227"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

56
2019/12xxx/CVE-2019-12175.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/zeek/zeek/releases/tag/v2.6.2",
"url": "https://github.com/zeek/zeek/releases/tag/v2.6.2"
}
]
}

56
2019/12xxx/CVE-2019-12475.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12475",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/undefinedmode/CVE-2019-12475",
"url": "https://github.com/undefinedmode/CVE-2019-12475"
}
]
}

5
2019/13xxx/CVE-2019-13050.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html"
},
{
"refsource": "MISC",
"name": "https://twitter.com/lambdafu/status/1147162583969009664",
"url": "https://twitter.com/lambdafu/status/1147162583969009664"
}
]
}

87
2019/13xxx/CVE-2019-13272.json Normal file
View File

@ -0,0 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"
},
{
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140671",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
}
]
}
}

5
2019/13xxx/CVE-2019-13345.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4059-1",
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4059-2",
"url": "https://usn.ubuntu.com/4059-2/"
}
]
}

62
2019/13xxx/CVE-2019-13346.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MyT 1.5.1, the User[username] parameter has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "EXPLOIT-DB",
"name": "47109",
"url": "https://www.exploit-db.com/exploits/47109"
}
]
}
}

5
2019/13xxx/CVE-2019-13359.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13359.md",
"url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13359.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-Privilege-Escalation.html"
}
]
}

5
2019/13xxx/CVE-2019-13360.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13360.md",
"url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13360.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html"
}
]
}

5
2019/13xxx/CVE-2019-13383.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md",
"url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html",
"url": "http://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html"
}
]
}

62
2019/13xxx/CVE-2019-13403.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/B3Bo1d/CVE-2019-13403/",
"url": "https://github.com/B3Bo1d/CVE-2019-13403/"
}
]
}
}

18
2019/13xxx/CVE-2019-13446.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13446",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

67
2019/13xxx/CVE-2019-13453.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-2-of-3/",
"url": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-2-of-3/"
},
{
"refsource": "CONFIRM",
"name": "https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/",
"url": "https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/"
}
]
}
}

72
2019/13xxx/CVE-2019-13573.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers",
"url": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers"
},
{
"refsource": "CONFIRM",
"name": "https://plugins.trac.wordpress.org/changeset/2121566/fv-wordpress-flowplayer/trunk/models/db.php",
"url": "https://plugins.trac.wordpress.org/changeset/2121566/fv-wordpress-flowplayer/trunk/models/db.php"
},
{
"refsource": "MISC",
"name": "https://fortiguard.com/zeroday/FG-VD-19-097",
"url": "https://fortiguard.com/zeroday/FG-VD-19-097"
}
]
}
}

5
2019/13xxx/CVE-2019-13605.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md",
"url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html"
}
]
}

62
2019/13xxx/CVE-2019-13613.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fakhrizulkifli.github.io/posts/2019/07/15/CVE-2019-13613/",
"url": "https://fakhrizulkifli.github.io/posts/2019/07/15/CVE-2019-13613/"
}
]
}
}

67
2019/13xxx/CVE-2019-13623.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/NationalSecurityAgency/ghidra/issues/789",
"refsource": "MISC",
"name": "https://github.com/NationalSecurityAgency/ghidra/issues/789"
},
{
"url": "http://blog.fxiao.me/ghidra/",
"refsource": "MISC",
"name": "http://blog.fxiao.me/ghidra/"
}
]
}
}

62
2019/13xxx/CVE-2019-13624.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gerrit.onosproject.org/#/c/20767/",
"refsource": "MISC",
"name": "https://gerrit.onosproject.org/#/c/20767/"
}
]
}
}

72
2019/13xxx/CVE-2019-13625.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://blog.fxiao.me/ghidra/",
"refsource": "MISC",
"name": "http://blog.fxiao.me/ghidra/"
},
{
"url": "https://xlab.tencent.com/en/2019/03/18/ghidra-from-xxe-to-rce/",
"refsource": "MISC",
"name": "https://xlab.tencent.com/en/2019/03/18/ghidra-from-xxe-to-rce/"
},
{
"url": "https://github.com/NationalSecurityAgency/ghidra/issues/71",
"refsource": "MISC",
"name": "https://github.com/NationalSecurityAgency/ghidra/issues/71"
}
]
}
}

62
2019/13xxx/CVE-2019-13626.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4522",
"refsource": "MISC",
"name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4522"
}
]
}
}

5
2019/2xxx/CVE-2019-2107.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153628/Android-VideoPlayer-ihevcd_parse_pps-Out-Of-Bounds-Write.html",
"url": "http://packetstormsecurity.com/files/153628/Android-VideoPlayer-ihevcd_parse_pps-Out-Of-Bounds-Write.html"
},
{
"refsource": "FULLDISC",
"name": "20190716 CVE-2019-2107 a.k.a \"Hevcfright\" Proof of Concept exploit (Denial of Service PoC)",
"url": "http://seclists.org/fulldisclosure/2019/Jul/18"
}
]
},

56
2019/3xxx/CVE-2019-3571.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-07-16",
"ID": "CVE-2019-3571",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Desktop",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "0.3.3793"
},
{
"version_affected": "<",
"version_value": "0.3.3793"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +40,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Encoding or Escaping of Output (CWE-116), Improper Handling of Unicode Encoding (CWE-176)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-3571",
"url": "https://www.facebook.com/security/advisories/cve-2019-3571"
}
]
}

87
2019/4xxx/CVE-2019-4054.json
View File

@ -1,17 +1,92 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4054",
"STATE": "RESERVED"
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"PR": "N",
"AV": "L",
"C": "L",
"A": "N",
"I": "N",
"UI": "N",
"AC": "L",
"SCORE": "4.000"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957139",
"title": "IBM Security Bulletin 957139 (QRadar SIEM)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10957139"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-qradar-cve20194054-info-disc (156563)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156563"
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-07-10T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2019-4054"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563."
}
]
}

94
2019/4xxx/CVE-2019-4194.json
View File

@ -1,18 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4194",
"STATE": "RESERVED"
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Jazz for Service Management",
"version": {
"version_data": [
{
"version_value": "1.1.3"
},
{
"version_value": "1.1.3.1"
},
{
"version_value": "1.1.3.2"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "N",
"AC": "L",
"SCORE": "5.300",
"S": "U",
"AV": "N",
"PR": "N",
"C": "N",
"A": "L",
"I": "N"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10885989",
"title": "IBM Security Bulletin 885989 (Jazz for Service Management)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10885989"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159033",
"name": "ibm-jazz-cve20194194-dos (159033)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033."
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-07-11T00:00:00",
"ID": "CVE-2019-4194",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE"
}

91
2019/4xxx/CVE-2019-4211.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4211",
"STATE": "RESERVED"
"DATE_PUBLIC": "2019-07-10T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4211"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131.",
"lang": "eng"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957143",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10957143",
"title": "IBM Security Bulletin 957143 (QRadar SIEM)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159131",
"name": "ibm-qradar-cve20194211-xss (159131)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"UI": "R",
"SCORE": "5.400",
"C": "L",
"S": "C",
"AV": "N",
"PR": "L",
"I": "L",
"A": "N"
},
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
}
}
},
"data_version": "4.0"
}

90
2019/4xxx/CVE-2019-4430.json
View File

@ -1,18 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4430",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10959173",
"title": "IBM Security Bulletin 959173 (Maximo Asset Management)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10959173"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162887",
"name": "ibm-maximo-cve20194430-info-disc (162887)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"SCORE": "4.300",
"UI": "N",
"AC": "L",
"A": "N",
"I": "N",
"AV": "N",
"PR": "L",
"S": "U",
"C": "L"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.",
"lang": "eng"
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-07-15T00:00:00",
"ID": "CVE-2019-4430",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE"
}

11
2019/7xxx/CVE-2019-7317.json
View File

@ -174,9 +174,14 @@
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1664",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1664",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"refsource": "BID",
"name": "108098",
"url": "http://www.securityfocus.com/bid/108098"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"

76
2019/9xxx/CVE-2019-9848.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"DATE_PUBLIC": "2019-07-16T00:00:00.000Z",
"ID": "CVE-2019-9848",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.2.5"
}
]
}
}
]
},
"vendor_name": "Document Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which could be leveraged to by an attacker document to silently execute arbitrary python commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848"
}
]
},
"source": {
"defect": [
"LibreLogo",
"arbitrary",
"script",
"execution"
],
"discovery": "EXTERNAL"
}
}

79
2019/9xxx/CVE-2019-9849.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"DATE_PUBLIC": "2019-07-16T00:00:00.000Z",
"ID": "CVE-2019-9849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.2.5"
}
]
}
}
]
},
"vendor_name": "Document Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Matei \"Mal\" Badanoiu for discovering and reporting this problem"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In 'stealth mode' where only trusted documents are allowed to download remote resources untrusted documents could download remote bullet graphics urls"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849"
}
]
},
"source": {
"defect": [
"remote",
"bullet",
"graphics",
"retrieved",
"in",
"'stealth",
"mode'"
],
"discovery": "EXTERNAL"
}
}