admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-24 16:00:48 +00:00
parent 1646751791
commit 7727dc44e9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 286 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/10xxx/CVE-2017-10204.json
View File

@ -72,6 +72,11 @@
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html"
}
]
}

5
2018/20xxx/CVE-2018-20250.json
View File

@ -77,6 +77,11 @@
"name": "https://www.win-rar.com/whatsnew.html",
"refsource": "MISC",
"url": "https://www.win-rar.com/whatsnew.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"
}
]
}

5
2019/11xxx/CVE-2019-11223.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/",
"url": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/"
},
{
"refsource": "MISC",
"name": "https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/",
"url": "https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/"
}
]
}

5
2019/11xxx/CVE-2019-11234.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"refsource": "UBUNTU",
"name": "USN-3954-1",
"url": "https://usn.ubuntu.com/3954-1/"
}
]
}

5
2019/11xxx/CVE-2019-11235.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"refsource": "UBUNTU",
"name": "USN-3954-1",
"url": "https://usn.ubuntu.com/3954-1/"
}
]
}

5
2019/11xxx/CVE-2019-11446.json
View File

@ -57,11 +57,6 @@
"name": "46691",
"url": "https://www.exploit-db.com/exploits/46691/"
},
{
"url": "https://www.exploit-db.com/exploits/46691",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46691"
},
{
"url": "http://pentest.com.tr/exploits/ATutor-2-2-4-file-manager-Remote-Code-Execution-Injection-Metasploit.html",
"refsource": "MISC",

5
2019/2xxx/CVE-2019-2721.json
View File

@ -61,6 +61,11 @@
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46747",
"url": "https://www.exploit-db.com/exploits/46747/"
}
]
}

5
2019/3xxx/CVE-2019-3719.json
View File

@ -83,11 +83,6 @@
"refsource": "MISC",
"url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en",
"name": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
},
{
"refsource": "BID",
"name": "108020",
"url": "http://www.securityfocus.com/bid/108020"
}
]
},

156
2019/3xxx/CVE-2019-3786.json
View File

@ -1,85 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
"ID": "CVE-2019-3786",
"STATE": "PUBLIC",
"TITLE": "BBR could run arbitrary scripts on deployment VMs"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BOSH Backup and Restore",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "v1.5.0"
}
]
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
"ID": "CVE-2019-3786",
"STATE": "PUBLIC",
"TITLE": "BBR could run arbitrary scripts on deployment VMs"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BOSH Backup and Restore",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "v1.5.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3786",
"name": "https://www.cloudfoundry.org/blog/cve-2019-3786"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3786",
"name": "https://www.cloudfoundry.org/blog/cve-2019-3786"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
}
}

156
2019/3xxx/CVE-2019-3789.json
View File

@ -1,85 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-04-16T00:00:00.000Z",
"ID": "CVE-2019-3789",
"STATE": "PUBLIC",
"TITLE": "Gorouter allows space developer to hijack route services hosted outside the platform"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF Routing",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "0.188.0"
}
]
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-16T00:00:00.000Z",
"ID": "CVE-2019-3789",
"STATE": "PUBLIC",
"TITLE": "Gorouter allows space developer to hijack route services hosted outside the platform"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF Routing",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "0.188.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840: Business Logic Errors"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3789",
"name": "https://www.cloudfoundry.org/blog/cve-2019-3789"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840: Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3789",
"name": "https://www.cloudfoundry.org/blog/cve-2019-3789"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}

174
2019/3xxx/CVE-2019-3793.json
View File

@ -1,95 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-04-16T15:45:27.000Z",
"ID": "CVE-2019-3793",
"STATE": "PUBLIC",
"TITLE": "Invitations Service supports HTTP connections"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apps Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "666",
"version_value": "666.0.21"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-16T15:45:27.000Z",
"ID": "CVE-2019-3793",
"STATE": "PUBLIC",
"TITLE": "Invitations Service supports HTTP connections"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apps Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "666",
"version_value": "666.0.21"
},
{
"affected": "<",
"version_name": "667",
"version_value": "667.0.7"
},
{
"affected": "<",
"version_name": "665",
"version_value": "665.0.28"
}
]
}
}
]
},
{
"affected": "<",
"version_name": "667",
"version_value": "667.0.7"
},
{
"affected": "<",
"version_name": "665",
"version_value": "665.0.28"
}
]
"vendor_name": "Pivotal"
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300: Man-in-the-Middle"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3793",
"name": "https://pivotal.io/security/cve-2019-3793"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300: Man-in-the-Middle"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3793",
"name": "https://pivotal.io/security/cve-2019-3793"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
}
}

7
2019/3xxx/CVE-2019-3868.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3868",
"ASSIGNER": "lpardo@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -54,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack users browser session."
"value": "Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user\u2019s browser session."
}
]
},
@ -68,4 +69,4 @@
]
]
}
}
}

5
2019/3xxx/CVE-2019-3882.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3882",
"ASSIGNER": "psampaio@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,4 +69,4 @@
]
]
}
}
}

7
2019/6xxx/CVE-2019-6579.json
View File

@ -44,6 +44,11 @@
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "107830",
"url": "http://www.securityfocus.com/bid/107830"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf",
@ -55,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Spectrum Power\u2122 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}