admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-10 17:00:47 +00:00
parent 8c94bdd806
commit 818f7d0820
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 175 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/1xxx/CVE-2017-1274.json
View File

@ -76,6 +76,11 @@
"name": "VU#676632",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/676632"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html"
}
]
}

25
2018/16xxx/CVE-2018-16476.json
View File

@ -8,6 +8,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -15,14 +16,22 @@
"version": {
"version_data": [
{
"version_value": "4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1"
}
]
}
}
]
"version_value": "4.2.0 up to and before 4.2.11"
},
"vendor_name": "n/a"
{
"version_value": "4.2.0 up to and before 5.0.7.1"
},
{
"version_value": "4.2.0 up to and before 5.1.6.1"
},
{
"version_value": "4.2.0 up to and before 5.2.1.1"
}
]
}
}
]
}
}
]
}
@ -34,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have."
"value": "A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1."
}
]
},

8
2018/16xxx/CVE-2018-16477.json
View File

@ -8,6 +8,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -15,14 +16,13 @@
"version": {
"version_data": [
{
"version_value": "5.2.1.1"
"version_value": "5.2.0 and later and before 5.2.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path."
"value": "A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1."
}
]
},

5
2018/5xxx/CVE-2018-5408.json
View File

@ -62,6 +62,11 @@
"name": "VU#",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/169249/"
},
{
"refsource": "BID",
"name": "108285",
"url": "http://www.securityfocus.com/bid/108285"
}
]
},

5
2018/5xxx/CVE-2018-5409.json
View File

@ -62,6 +62,11 @@
"name": "VU#",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/169249/"
},
{
"refsource": "BID",
"name": "108285",
"url": "http://www.securityfocus.com/bid/108285"
}
]
},

64
2018/7xxx/CVE-2018-7082.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7082",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2018-7082",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Instant (IAP)",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated command injection "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
]
}

64
2018/7xxx/CVE-2018-7083.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7083",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2018-7083",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Instant (IAP)",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Core dumps are publicly accessible "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a process running within Aruba Instant crashes, it may leave behind a \"core dump\", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
]
}

18
2019/11xxx/CVE-2019-11880.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11880",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/11xxx/CVE-2019-11881.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/9xxx/CVE-2019-9505.json
View File

@ -62,6 +62,11 @@
"name": "VU#",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/169249/"
},
{
"refsource": "BID",
"name": "108285",
"url": "http://www.securityfocus.com/bid/108285"
}
]
},