admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-21 15:00:47 +00:00
parent e12306d7d0
commit 9ef8b232a8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 485 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2017/1xxx/CVE-2017-1713.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.2.1"
}
]
},
"product_name" : "Streams"
}
]
}
"value": "IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.2.1"
}
]
},
"product_name": "Streams"
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 2016056 (Streams)",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22016056",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22016056"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134632",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-infosphere-cve20171713-info-disc (134632)",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"I" : "N",
"S" : "U",
"PR" : "N",
"SCORE" : "5.900",
"AV" : "N",
"C" : "H",
"A" : "N",
"AC" : "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-05-02T00:00:00",
"ID" : "CVE-2017-1713"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 2016056 (Streams)",
"name": "http://www.ibm.com/support/docview.wss?uid=swg22016056",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22016056"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134632",
"title": "X-Force Vulnerability Report",
"name": "ibm-infosphere-cve20171713-info-disc (134632)",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"I": "N",
"S": "U",
"PR": "N",
"SCORE": "5.900",
"AV": "N",
"C": "H",
"A": "N",
"AC": "H"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-05-02T00:00:00",
"ID": "CVE-2017-1713"
}
}

160
2018/16xxx/CVE-2018-16563.json
View File

@ -1,17 +1,163 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16563",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16563",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Firmware variant IEC 61850 for EN100 Ethernet module",
"version": {
"version_data": [
{
"version_value": "All versions < V4.35"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Firmware variant MODBUS TCP for EN100 Ethernet module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Firmware variant DNP3 TCP for EN100 Ethernet module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Firmware variant IEC104 for EN100 Ethernet module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Firmware variant Profinet IO for EN100 Ethernet module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions < V7.82"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions < V7.58"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

184
2018/1xxx/CVE-2018-1992.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"value" : "The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "6.400",
"PR" : "H",
"AV" : "L",
"S" : "U",
"I" : "H",
"UI" : "N",
"AC" : "H",
"A" : "H",
"C" : "H"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10868992",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 868992 (Power 9 Systems)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name" : "ibm-power9-cve20181992-code-exec (154345)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Power 9 Systems",
"version" : {
"version_data" : [
{
"version_value" : "FW910"
},
{
"version_value" : "OP910"
},
{
"version_value" : "OP920"
}
]
}
}
]
}
"value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-18T00:00:00",
"ID" : "CVE-2018-1992",
"STATE" : "PUBLIC"
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"SCORE": "6.400",
"PR": "H",
"AV": "L",
"S": "U",
"I": "H",
"UI": "N",
"AC": "H",
"A": "H",
"C": "H"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10868992",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 868992 (Power 9 Systems)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name": "ibm-power9-cve20181992-code-exec (154345)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Power 9 Systems",
"version": {
"version_data": [
{
"version_value": "FW910"
},
{
"version_value": "OP910"
},
{
"version_value": "OP920"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-18T00:00:00",
"ID": "CVE-2018-1992",
"STATE": "PUBLIC"
}
}

58
2018/4xxx/CVE-2018-4058.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4058",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4058",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Talos",
"product": {
"product_data": [
{
"product_name": "coTURN",
"version": {
"version_data": [
{
"version_value": "coTURN 4.5.0.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability."
}
]
}

58
2018/4xxx/CVE-2018-4059.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4059",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4059",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Talos",
"product": {
"product_data": [
{
"product_name": "coTURN",
"version": {
"version_data": [
{
"version_value": "coTURN 4.5.0.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server."
}
]
}

58
2019/5xxx/CVE-2019-5011.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5011",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5011",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CleanMyMac X",
"version": {
"version_data": [
{
"version_value": "Clean My Mac X 4.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit."
}
]
}