admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-01 16:00:47 +00:00
parent 9b559ed59b
commit acb2e0bd50
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 345 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/15xxx/CVE-2017-15691.json
View File

@ -69,6 +69,11 @@
"name": "https://uima.apache.org/security_report#CVE-2017-15691", "name": "https://uima.apache.org/security_report#CVE-2017-15691",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://uima.apache.org/security_report#CVE-2017-15691" "url": "https://uima.apache.org/security_report#CVE-2017-15691"
},
{
"refsource": "MLIST",
"name": "[uima-commits] 20190501 svn commit: r1858489 - in /uima/site/trunk/uima-website: docs/security_report.html xdocs/security_report.xml",
"url": "https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79@%3Ccommits.uima.apache.org%3E"
} }
] ]
} }

7
2018/18xxx/CVE-2018-18696.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF." "value": "** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US) and disagrees that this issue is a vulnerability. They also claim that MicroStrategy was never properly informed of this issue via normal support channels or their vulnerability reporting page on their website, so they were unable to evaluate the report or explain how this is something their customers view as a feature and not a security vulnerability."
} }
] ]
}, },
@ -61,6 +61,11 @@
"name": "20181203 CSRF Vulnerability in MicroStrategy Web application", "name": "20181203 CSRF Vulnerability in MicroStrategy Web application",
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Dec/3" "url": "https://seclists.org/bugtraq/2018/Dec/3"
},
{
"refsource": "MISC",
"name": "https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US",
"url": "https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US"
} }
] ]
} }

210
2018/1xxx/CVE-2018-1608.json
View File

@ -1,108 +1,108 @@
{ {
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10882778",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10882778",
"title" : "IBM Security Bulletin 882778 (Rational Engineering Lifecycle Manager)"
},
{
"name" : "ibm-relm-cve20181608-info-disc (143798)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143798",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"product" : { "description": [
"product_data" : [ {
{ "value": "Obtain Information",
"product_name" : "Rational Engineering Lifecycle Manager", "lang": "eng"
"version" : { }
"version_data" : [ ]
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
},
{
"version_value" : "6.0.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
} }
] ]
} },
}, "references": {
"CVE_data_meta" : { "reference_data": [
"STATE" : "PUBLIC", {
"ASSIGNER" : "psirt@us.ibm.com", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10882778",
"DATE_PUBLIC" : "2019-04-29T00:00:00", "refsource": "CONFIRM",
"ID" : "CVE-2018-1608" "name": "https://www.ibm.com/support/docview.wss?uid=ibm10882778",
}, "title": "IBM Security Bulletin 882778 (Rational Engineering Lifecycle Manager)"
"impact" : { },
"cvssv3" : { {
"TM" : { "name": "ibm-relm-cve20181608-info-disc (143798)",
"RL" : "O", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143798",
"RC" : "C", "refsource": "XF",
"E" : "U" "title": "X-Force Vulnerability Report"
}, }
"BM" : { ]
"AV" : "N", },
"A" : "N", "data_type": "CVE",
"C" : "H", "data_version": "4.0",
"UI" : "N", "description": {
"S" : "U", "description_data": [
"SCORE" : "5.900", {
"PR" : "N", "lang": "eng",
"I" : "N", "value": "IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798."
"AC" : "H" }
} ]
} },
}, "affects": {
"data_format" : "MITRE" "vendor": {
} "vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-29T00:00:00",
"ID": "CVE-2018-1608"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"AV": "N",
"A": "N",
"C": "H",
"UI": "N",
"S": "U",
"SCORE": "5.900",
"PR": "N",
"I": "N",
"AC": "H"
}
}
},
"data_format": "MITRE"
}

212
2018/1xxx/CVE-2018-1933.json
View File

@ -1,108 +1,108 @@
{ {
"data_version" : "4.0", "data_version": "4.0",
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-04-29T00:00:00", "DATE_PUBLIC": "2019-04-29T00:00:00",
"ID" : "CVE-2018-1933", "ID": "CVE-2018-1933",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name" : "IBM", "vendor_name": "IBM",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0.3" "version_value": "2.0.3"
}, },
{ {
"version_value" : "2.0" "version_value": "2.0"
}, },
{ {
"version_value" : "2.0.1" "version_value": "2.0.1"
}, },
{ {
"version_value" : "2.0.2" "version_value": "2.0.2"
}, },
{ {
"version_value" : "2.0.4" "version_value": "2.0.4"
}, },
{ {
"version_value" : "2.0.5" "version_value": "2.0.5"
}, },
{ {
"version_value" : "2.0.6" "version_value": "2.0.6"
} }
] ]
}, },
"product_name" : "Planning Analytics" "product_name": "Planning Analytics"
} }
] ]
} }
} }
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"S" : "C",
"I" : "L",
"SCORE" : "5.400",
"PR" : "L",
"A" : "N",
"C" : "L",
"UI" : "R",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
] ]
} }
] },
}, "description": {
"references" : { "description_data": [
"reference_data" : [ {
{ "value": "IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.",
"title" : "IBM Security Bulletin 879407 (Planning Analytics)", "lang": "eng"
"refsource" : "CONFIRM", }
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879407", ]
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879407" },
}, "impact": {
{ "cvssv3": {
"refsource" : "XF", "BM": {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153177", "AC": "L",
"name" : "ibm-planning-cve20181933-xss (153177)", "S": "C",
"title" : "X-Force Vulnerability Report" "I": "L",
} "SCORE": "5.400",
] "PR": "L",
}, "A": "N",
"data_type" : "CVE" "C": "L",
} "UI": "R",
"AV": "N"
},
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 879407 (Planning Analytics)",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10879407",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10879407"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153177",
"name": "ibm-planning-cve20181933-xss (153177)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE"
}

5
2019/0xxx/CVE-2019-0213.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://archiva.apache.org/security.html#CVE-2019-0213", "name": "http://archiva.apache.org/security.html#CVE-2019-0213",
"url": "http://archiva.apache.org/security.html#CVE-2019-0213" "url": "http://archiva.apache.org/security.html#CVE-2019-0213"
},
{
"refsource": "MLIST",
"name": "[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0",
"url": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E"
} }
] ]
}, },

5
2019/0xxx/CVE-2019-0214.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "http://archiva.apache.org/security.html#CVE-2019-0214", "name": "http://archiva.apache.org/security.html#CVE-2019-0214",
"url": "http://archiva.apache.org/security.html#CVE-2019-0214" "url": "http://archiva.apache.org/security.html#CVE-2019-0214"
},
{
"refsource": "MLIST",
"name": "[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0",
"url": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E"
} }
] ]
}, },

5
2019/11xxx/CVE-2019-11596.json
View File

@ -66,6 +66,11 @@
"url": "https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f", "url": "https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f" "name": "https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f"
},
{
"refsource": "UBUNTU",
"name": "USN-3963-1",
"url": "https://usn.ubuntu.com/3963-1/"
} }
] ]
} }

18
2019/11xxx/CVE-2019-11635.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2019/4xxx/CVE-2019-4258.json
View File

@ -1,93 +1,93 @@
{ {
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10880591",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10880591"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159946",
"refsource" : "XF",
"name" : "ibm-sterling-cve20194258-xss (159946)"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"product" : { "description": [
"product_data" : [ {
{ "value": "Cross-Site Scripting",
"version" : { "lang": "eng"
"version_data" : [ }
{ ]
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
},
"vendor_name" : "IBM"
} }
] ]
} },
}, "data_type": "CVE",
"CVE_data_meta" : { "references": {
"ID" : "CVE-2019-4258", "reference_data": [
"DATE_PUBLIC" : "2019-04-29T00:00:00", {
"ASSIGNER" : "psirt@us.ibm.com", "title": "IBM Security Bulletin 880591 (Sterling B2B Integrator)",
"STATE" : "PUBLIC" "url": "http://www.ibm.com/support/docview.wss?uid=ibm10880591",
}, "refsource": "CONFIRM",
"description" : { "name": "http://www.ibm.com/support/docview.wss?uid=ibm10880591"
"description_data" : [ },
{ {
"lang" : "eng", "title": "X-Force Vulnerability Report",
"value" : "IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946." "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159946",
} "refsource": "XF",
] "name": "ibm-sterling-cve20194258-xss (159946)"
}, }
"impact" : { ]
"cvssv3" : { },
"TM" : { "data_version": "4.0",
"RL" : "O", "data_format": "MITRE",
"RC" : "C", "affects": {
"E" : "H" "vendor": {
}, "vendor_data": [
"BM" : { {
"SCORE" : "5.400", "product": {
"I" : "L", "product_data": [
"PR" : "L", {
"S" : "C", "version": {
"UI" : "R", "version_data": [
"C" : "L", {
"A" : "N", "version_value": "6.0.0.0"
"AV" : "N", },
"AC" : "L" {
} "version_value": "6.0.0.1"
} }
} ]
} },
"product_name": "Sterling B2B Integrator"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4258",
"DATE_PUBLIC": "2019-04-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
},
"BM": {
"SCORE": "5.400",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R",
"C": "L",
"A": "N",
"AV": "N",
"AC": "L"
}
}
}
}