admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-24 18:00:44 +00:00
parent 3832ea98c2
commit 74dcd42bb3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 132 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2019/3xxx/CVE-2019-3701.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault)." "value": "An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user \"root\" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames."
} }
] ]
}, },
@ -91,6 +91,16 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K17957133", "name": "https://support.f5.com/csp/article/K17957133",
"url": "https://support.f5.com/csp/article/K17957133" "url": "https://support.f5.com/csp/article/K17957133"
},
{
"refsource": "MISC",
"name": "https://marc.info/?l=linux-netdev&m=154661373531512&w=2",
"url": "https://marc.info/?l=linux-netdev&m=154661373531512&w=2"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68"
} }
] ]
} }

5
2019/6xxx/CVE-2019-6438.json
View File

@ -61,6 +61,11 @@
"name": "https://www.schedmd.com/news.php?id=213", "name": "https://www.schedmd.com/news.php?id=213",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://www.schedmd.com/news.php?id=213" "url": "https://www.schedmd.com/news.php?id=213"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1264",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00090.html"
} }
] ]
} }

7
2019/6xxx/CVE-2019-6976.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory." "value": "libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image."
} }
] ]
}, },
@ -61,6 +61,11 @@
"name": "https://github.com/libvips/libvips/releases/tag/v8.7.4", "name": "https://github.com/libvips/libvips/releases/tag/v8.7.4",
"refsource": "MISC", "refsource": "MISC",
"url": "https://github.com/libvips/libvips/releases/tag/v8.7.4" "url": "https://github.com/libvips/libvips/releases/tag/v8.7.4"
},
{
"refsource": "MISC",
"name": "https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/",
"url": "https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/"
} }
] ]
} }

61
2019/9xxx/CVE-2019-9950.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-9950",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-9950",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the \"nobody\" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932",
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"refsource": "CONFIRM",
"name": "https://support.wdc.com/downloads.aspx?g=2702&lang=en",
"url": "https://support.wdc.com/downloads.aspx?g=2702&lang=en"
} }
] ]
} }

61
2019/9xxx/CVE-2019-9951.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-9951",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-9951",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932",
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"refsource": "CONFIRM",
"name": "https://support.wdc.com/downloads.aspx?g=2702&lang=en",
"url": "https://support.wdc.com/downloads.aspx?g=2702&lang=en"
} }
] ]
} }