admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-18 21:01:49 +00:00
parent 32073149ba
commit 7b0c350744
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 450 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2010/3xxx/CVE-2010-3844.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack."
"value": "An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600130"
},
{
"refsource": "MISC",
"name": "https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0",
"url": "https://github.com/Ettercap/ettercap/commit/4ef3ede30181eca9add74305ad26dbcb0c3686a0"
}
]
}

65
2012/4xxx/CVE-2012-4438.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4438",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jenkins",
"version": {
"version_data": [
{
"version_value": "1.447.2"
}
]
}
}
]
},
"vendor_name": "jenkins"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4438",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-4438"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/21/2",
"url": "http://www.openwall.com/lists/oss-security/2012/09/21/2"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438"
},
{
"refsource": "MISC",
"name": "https://www.cloudbees.com/jenkins-security-advisory-2012-09-17",
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-09-17"
}
]
}

65
2012/4xxx/CVE-2012-4439.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4439",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jenkins",
"version": {
"version_data": [
{
"version_value": "1.447.2"
}
]
}
}
]
},
"vendor_name": "jenkins"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4439",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-4439"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/21/2",
"url": "http://www.openwall.com/lists/oss-security/2012/09/21/2"
},
{
"refsource": "MISC",
"name": "https://www.cloudbees.com/jenkins-security-advisory-2012-09-17",
"url": "https://www.cloudbees.com/jenkins-security-advisory-2012-09-17"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439"
}
]
}

7
2018/20xxx/CVE-2018-20687.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway 5.4.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
"value": "An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
}
]
},
@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155359/Raritan-CommandCenter-Secure-Gateway-XML-Injection.html",
"url": "http://packetstormsecurity.com/files/155359/Raritan-CommandCenter-Secure-Gateway-XML-Injection.html"
},
{
"refsource": "FULLDISC",
"name": "20191115 Raritan CommandCenter Secure Gateway XML External Entity < 8.0",
"url": "http://seclists.org/fulldisclosure/2019/Nov/11"
}
]
}

53
2019/10xxx/CVE-2019-10070.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Atlas",
"version": {
"version_data": [
{
"version_value": "0.8.3"
},
{
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[atlas-dev] 20191117 [CVE-2019-10070] Apache Atlas Stored XSS Vulnerability",
"url": "https://lists.apache.org/thread.html/cc21437c4c5053a13e13332d614d5172f39da03491fe17ae260be221@%3Cdev.atlas.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality"
}
]
}

5
2019/11xxx/CVE-2019-11253.json
View File

@ -199,6 +199,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3811",
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3905",
"url": "https://access.redhat.com/errata/RHSA-2019:3905"
}
]
},

4
2019/12xxx/CVE-2019-12403.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2019-12403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

50
2019/12xxx/CVE-2019-12409.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Solr",
"version": {
"version_data": [
{
"version_value": "8.1.1 and 8.2.0 for Linux"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[lucene-solr-user] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default",
"url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server."
}
]
}

2
2019/14xxx/CVE-2019-14811.json
View File

@ -105,7 +105,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
"value": "A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
}
]
},

2
2019/14xxx/CVE-2019-14813.json
View File

@ -110,7 +110,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
"value": "A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
}
]
},

2
2019/14xxx/CVE-2019-14817.json
View File

@ -110,7 +110,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
"value": "A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
}
]
},

2
2019/14xxx/CVE-2019-14869.json
View File

@ -80,7 +80,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands."
"value": "A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands."
}
]
},

67
2019/15xxx/CVE-2019-15054.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://startrekdude.github.io/mailbird.html",
"url": "https://startrekdude.github.io/mailbird.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.getmailbird.com/ReleaseNotes/LatestReleaseNotes.html",
"url": "https://www.getmailbird.com/ReleaseNotes/LatestReleaseNotes.html"
}
]
}
}

62
2019/17xxx/CVE-2019-17085.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17085",
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus International",
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://softwaresupport.softwaregrp.com/doc/KM03556426",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
]
}
}

62
2019/18xxx/CVE-2019-18373.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18373",
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Symantec",
"product": {
"product_data": [
{
"product_name": "Norton AppLock",
"version": {
"version_data": [
{
"version_value": "Prior to 1.4.0.503"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1496.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1496.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access."
}
]
}
}

5
2019/18xxx/CVE-2019-18874.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/giampaolo/psutil/pull/1616",
"refsource": "MISC",
"name": "https://github.com/giampaolo/psutil/pull/1616"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1998-1] python-psutil security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html"
}
]
}

5
2019/9xxx/CVE-2019-9512.json
View File

@ -323,6 +323,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3906",
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
}
]
},

5
2019/9xxx/CVE-2019-9514.json
View File

@ -323,6 +323,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3906",
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
}
]
},