admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 14:00:59 +00:00
parent 99aa595c85
commit 9326bfc0a9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 398 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2018/20xxx/CVE-2018-20141.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20141",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151305/Abantecart-1.2.12-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151305/Abantecart-1.2.12-Cross-Site-Scripting.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Jan/59",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Jan/59"
},
{
"url": "https://github.com/abantecart",
"refsource": "MISC",
"name": "https://github.com/abantecart"
}
]
}

56
2019/5xxx/CVE-2019-5413.json
View File

@ -1,17 +1,59 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5413",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5413",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "morgan",
"version": {
"version_data": [
{
"version_value": "< 1.9.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": {
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/390881",
"url": "https://hackerone.com/reports/390881"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1."
}
]
}

56
2019/5xxx/CVE-2019-5415.json
View File

@ -1,17 +1,59 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5415",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5415",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "serve",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": {
"lang": "eng",
"value": "Information Exposure Through Directory Listing (CWE-548)"
}
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/330724",
"url": "https://hackerone.com/reports/330724"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to."
}
]
}

53
2019/6xxx/CVE-2019-6501.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6501",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "MLIST [oss-security] 20190124 CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling inquiry request",
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/1"
},
{
"refsource": "MLIST",
"name": "[Qemu-devel][PATCH] 20190111 scsi-generic: avoid possible out-of-bounds access to r->buf",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html"
}
]
}

78
2019/6xxx/CVE-2019-6690.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6690",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a \"CWE-20: Improper Input Validation\" issue affecting the affect functionality component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "106756",
"url": "http://www.securityfocus.com/bid/106756"
},
{
"url": "http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html"
},
{
"url": "https://pypi.org/project/python-gnupg/#history",
"refsource": "MISC",
"name": "https://pypi.org/project/python-gnupg/#history"
},
{
"refsource": "SUSE",
"name": "SU-2019:0143-1",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html"
},
{
"refsource": "SUSE",
"name": "SUSE-SU-2019:0239-1",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html"
},
{
"refsource": "MLIST",
"name": "[SECURITY] [DLA 1675-1] 20190214 python-gnupg security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html"
},
{
"refsource": "BUGTRAQ",
"name": "20190125 CVE-2019-6690: Improper Input Validation in python-gnupg",
"url": "https://seclists.org/bugtraq/2019/Jan/41"
}
]
}

58
2019/6xxx/CVE-2019-6716.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6716",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46254",
"url": "https://www.exploit-db.com/exploits/46254/"
},
{
"url": "https://www.logonbox.com/en/",
"refsource": "MISC",
"name": "https://www.logonbox.com/en/"
}
]
}

63
2019/6xxx/CVE-2019-6778.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6778",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "106758",
"url": "http://www.securityfocus.com/bid/106758"
},
{
"refsource": "SUSE",
"name": "SUSE-SA-2019:0254-1",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/01/24/5"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html"
}
]
}