admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-29 23:00:49 +00:00
parent d0df0aee8b
commit aba375960e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 529 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2018/18xxx/CVE-2018-18370.json
View File

@ -1,17 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18370",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2018-18370",
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Symantec Corporation",
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site-scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
}

80
2018/18xxx/CVE-2018-18371.json
View File

@ -1,17 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18371",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2018-18371",
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Symantec Corporation",
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
}

56
2019/11xxx/CVE-2019-11658.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus",
"product": {
"product_data": [
{
"product_name": "Content Manager",
"version": {
"version_data": [
{
"version_value": "9.1"
},
{
"version_value": "9.2"
},
{
"version_value": "9.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://softwaresupport.softwaregrp.com/doc/KM03496282",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state."
}
]
}

50
2019/12xxx/CVE-2019-12402.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Commons Compress",
"version": {
"version_data": [
{
"version_value": "1.15 to 1.18"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress."
}
]
}

50
2019/12xxx/CVE-2019-12753.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Symantec Corporation",
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
]
}

50
2019/12xxx/CVE-2019-12754.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Symantec Corporation",
"product": {
"product_data": [
{
"product_name": "My VIP Portal",
"version": {
"version_data": [
{
"version_value": "Previous My VIP portal"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1491.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1491.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy."
}
]
}

62
2019/13xxx/CVE-2019-13526.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13526",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Datalogic AV7000 Linear barcode scanner",
"version": {
"version_data": [
{
"version_value": "all versions prior to 4.6.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code."
}
]
}
}

5
2019/15xxx/CVE-2019-15142.json
View File

@ -61,6 +61,11 @@
"url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html"
}
]
}

5
2019/15xxx/CVE-2019-15143.json
View File

@ -61,6 +61,11 @@
"url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html"
}
]
}

5
2019/15xxx/CVE-2019-15144.json
View File

@ -61,6 +61,11 @@
"url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html"
}
]
}

5
2019/15xxx/CVE-2019-15145.json
View File

@ -61,6 +61,11 @@
"url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html"
}
]
}

5
2019/3xxx/CVE-2019-3394.json
View File

@ -63,6 +63,11 @@
"url": "https://jira.atlassian.com/browse/CONFSERVER-58734",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-58734"
},
{
"refsource": "MISC",
"name": "https://confluence.atlassian.com/x/uAsvOg",
"url": "https://confluence.atlassian.com/x/uAsvOg"
}
]
}

70
2019/5xxx/CVE-2019-5612.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5612",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5612",
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "before 12.0-RELEASE-p10"
},
{
"version_value": "before 11.3-RELEASE-p3"
},
{
"version_value": "before 11.2-RELEASE-p14"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for unusual conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer."
}
]
}

70
2019/9xxx/CVE-2019-9697.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9697",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-9697",
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Symantec Corporation",
"product": {
"product_data": [
{
"product_name": "Management Center (MC)",
"version": {
"version_data": [
{
"version_value": "2.0"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2 prior to 2.2.2.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1480.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1480.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access."
}
]
}