admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-25 18:00:46 +00:00
parent de55d657c0
commit 84271794ba
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
16 changed files with 452 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/18xxx/CVE-2017-18367.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e",
"refsource": "MISC",
"name": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments",
"url": "http://www.openwall.com/lists/oss-security/2019/04/25/6"
}
]
}

64
2018/1xxx/CVE-2018-1360.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1360",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1360",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet, Inc.",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiManager",
"version": {
"version_data": [
{
"version_value": "5.2.0 to 5.2.7"
},
{
"version_value": "5.4.0"
},
{
"version_value": "5.4.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-18-051",
"url": "https://fortiguard.com/advisory/FG-IR-18-051"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
}
]
}

101
2019/10xxx/CVE-2019-10955.json
View File

@ -4,14 +4,109 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "MicroLogix 1400 Controllers",
"version": {
"version_data": [
{
"version_value": "Series A"
},
{
"version_value": "All Versions Series B"
},
{
"version_value": "v15.002 and earlier"
}
]
}
},
{
"product_name": "MicroLogix 1100 Controllers",
"version": {
"version_data": [
{
"version_value": "v14.00 and earlier"
}
]
}
},
{
"product_name": "CompactLogix 5370 L1 controllers",
"version": {
"version_data": [
{
"version_value": "v30.014 and earlier"
}
]
}
},
{
"product_name": "CompactLogix 5370 L2 controllers",
"version": {
"version_data": [
{
"version_value": "v30.014 and earlier"
}
]
}
},
{
"product_name": "CompactLogix 5370 L3 controllers",
"version": {
"version_data": [
{
"version_value": "v30.014 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT') CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01"
},
{
"refsource": "BID",
"name": "108049",
"url": "https://www.securityfocus.com/bid/108049"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user\u2019s machine."
}
]
}

5
2019/11xxx/CVE-2019-11448.json
View File

@ -66,6 +66,11 @@
"url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html",
"refsource": "MISC",
"name": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html"
}
]
}

5
2019/11xxx/CVE-2019-11469.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html"
}
]
}

5
2019/11xxx/CVE-2019-11502.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1",
"refsource": "MISC",
"name": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190425 Re: Security issues in snapcraft snap-confine set*id binary",
"url": "http://www.openwall.com/lists/oss-security/2019/04/25/7"
}
]
}

5
2019/11xxx/CVE-2019-11503.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/snapcore/snapd/pull/6642",
"refsource": "MISC",
"name": "https://github.com/snapcore/snapd/pull/6642"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190425 Re: Security issues in snapcraft snap-confine set*id binary",
"url": "http://www.openwall.com/lists/oss-security/2019/04/25/7"
}
]
}

18
2019/11xxx/CVE-2019-11533.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/11xxx/CVE-2019-11534.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/11xxx/CVE-2019-11535.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/7xxx/CVE-2019-7438.json
View File

@ -66,6 +66,11 @@
"refsource": "EXPLOIT-DB",
"name": "46751",
"url": "https://www.exploit-db.com/exploits/46751/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152625/JioFi-4G-M2S-1.0.2-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/152625/JioFi-4G-M2S-1.0.2-Cross-Site-Scripting.html"
}
]
}

5
2019/7xxx/CVE-2019-7439.json
View File

@ -61,6 +61,11 @@
"refsource": "EXPLOIT-DB",
"name": "46752",
"url": "https://www.exploit-db.com/exploits/46752/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152626/JioFi-4G-M2S-1.0.2-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/152626/JioFi-4G-M2S-1.0.2-Denial-Of-Service.html"
}
]
}

2
2019/9xxx/CVE-2019-9135.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. ."
"value": "DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution."
}
]
},

72
2019/9xxx/CVE-2019-9137.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-9137",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HumanTalk Co,Ltd",
"product": {
"product_data": [
{
"product_name": "DaviewIndy",
"version": {
"version_data": [
{
"version_value": "fixed in 8.98.8"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +34,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

72
2019/9xxx/CVE-2019-9138.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-9138",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HumanTalk Co,Ltd",
"product": {
"product_data": [
{
"product_name": "DaviewIndy",
"version": {
"version_data": [
{
"version_value": "fixed in 8.98.8"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +34,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

72
2019/9xxx/CVE-2019-9139.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-9139",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HumanTalk Co,Ltd",
"product": {
"product_data": [
{
"product_name": "DaviewIndy",
"version": {
"version_data": [
{
"version_value": "fixed in 8.98.8"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +34,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}