admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-13 23:01:42 +00:00
parent 1a13b9ccda
commit 7b459591c2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 688 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2010/5xxx/CVE-2010-5108.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5108",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "trac",
"product": {
"product_data": [
{
"product_name": "trac",
"version": {
"version_data": [
{
"version_value": "0.11.6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Ticket Modification Workflow Permission Restriction Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-5108",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-5108"
},
{
"url": "https://access.redhat.com/security/cve/cve-2010-5108",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2010-5108"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/13/2"
}
]
}

123
2019/0xxx/CVE-2019-0386.json
View File

@ -1,17 +1,126 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0386",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0386",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP ERP Sales (SAP_APPL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "6.0"
},
{
"version_name": "<",
"version_value": "6.02"
},
{
"version_name": "<",
"version_value": "6.03"
},
{
"version_name": "<",
"version_value": "6.04"
},
{
"version_name": "<",
"version_value": "6.05"
},
{
"version_name": "<",
"version_value": "6.06"
},
{
"version_name": "<",
"version_value": "6.16"
},
{
"version_name": "<",
"version_value": "6.17"
},
{
"version_name": "<",
"version_value": "6.18"
}
]
}
},
{
"product_name": "S4HANA Sales (S4CORE)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1.0"
},
{
"version_name": "<",
"version_value": "1.01"
},
{
"version_name": "<",
"version_value": "1.02"
},
{
"version_name": "<",
"version_value": "1.03"
},
{
"version_name": "<",
"version_value": "1.04"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2840520",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2840520"
}
]
}

91
2019/0xxx/CVE-2019-0388.json
View File

@ -1,17 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0388",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0388",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP UI",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.5"
},
{
"version_name": "<",
"version_value": "7.51"
},
{
"version_name": "<",
"version_value": "7.52"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "7.54"
}
]
}
},
{
"product_name": "SAP UI 700",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2843016",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2843016"
}
]
}

68
2019/0xxx/CVE-2019-0396.json
View File

@ -1,17 +1,71 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0396",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0396",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "4.1"
},
{
"version_name": "<",
"version_value": "4.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2814007",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2814007"
}
]
}

5
2019/12xxx/CVE-2019-12900.json
View File

@ -131,6 +131,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp;utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp;utm_medium=RSS"
}
]
}

62
2019/13xxx/CVE-2019-13555.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13555",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior. MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior.",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior. MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules."
}
]
}
}

62
2019/18xxx/CVE-2019-18240.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18240",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fuji Electric V-Server 4.0.6 and prior",
"version": {
"version_data": [
{
"version_value": "Fuji Electric V-Server 4.0.6 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-311-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code."
}
]
}
}

62
2019/18xxx/CVE-2019-18951.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/pak0s/af9f640170aed335fdf6d110d468dbce",
"refsource": "MISC",
"name": "https://gist.github.com/pak0s/af9f640170aed335fdf6d110d468dbce"
}
]
}
}

62
2019/18xxx/CVE-2019-18952.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/pak0s/af9f640170aed335fdf6d110d468dbce",
"refsource": "MISC",
"name": "https://gist.github.com/pak0s/af9f640170aed335fdf6d110d468dbce"
}
]
}
}

58
2019/3xxx/CVE-2019-3420.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3420",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3420",
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ZXHN H108N",
"version": {
"version_data": [
{
"version_value": "V2.5.0_EG1T5_TED"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations."
}
]
}

9
2019/3xxx/CVE-2019-3649.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.\n"
"value": "Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files."
}
]
},
@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304"
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304"
}
]
},
@ -83,4 +84,4 @@
"advisory": "SB10304",
"discovery": "EXTERNAL"
}
}
}

9
2019/3xxx/CVE-2019-3650.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.\n\n"
"value": "Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database."
}
]
},
@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304"
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304"
}
]
},
@ -83,4 +84,4 @@
"advisory": "SB10304",
"discovery": "EXTERNAL"
}
}
}

9
2019/3xxx/CVE-2019-3651.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the ATD user credentials, which were too permissive.\n\n\n"
"value": "Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the ATD user credentials, which were too permissive."
}
]
},
@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304"
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304"
}
]
},
@ -83,4 +84,4 @@
"advisory": "SB10304",
"discovery": "EXTERNAL"
}
}
}

58
2019/5xxx/CVE-2019-5029.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5029",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5029",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Exhibitor",
"version": {
"version_data": [
{
"version_value": "Tested version was compiled using the standalone pom.xml from the Exhibitor master branch"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0790",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0790"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process."
}
]
}