admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-03-21 01:01:17 +00:00
parent f0a280d6bb
commit b054b39946
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 246 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2013/7xxx/CVE-2013-7487.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-7487",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2013-7487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to \u201csystem\u201d, which allows remote attackers to execute arbitrary code via TCP port 9000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html",
"refsource": "MISC",
"name": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html"
}
]
}

56
2019/12xxx/CVE-2019-12767.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf"
}
]
}

17
2019/15xxx/CVE-2019-15608.json
View File

@ -19,10 +19,7 @@
"version": {
"version_data": [
{
"version_value": "before 1.19.0"
},
{
"version_value": "fixed in 1.19.0"
"version_value": "Fixed in 1.19.0"
}
]
}
@ -51,6 +48,16 @@
"refsource": "MISC",
"name": "https://hackerone.com/reports/703138",
"url": "https://hackerone.com/reports/703138"
},
{
"refsource": "MISC",
"name": "https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c",
"url": "https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c"
},
{
"refsource": "MISC",
"name": "https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190",
"url": "https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190"
}
]
},
@ -58,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0."
"value": "The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack."
}
]
}

67
2019/17xxx/CVE-2019-17185.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://freeradius.org/security/",
"refsource": "MISC",
"name": "https://freeradius.org/security/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20",
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
}
]
}
}

67
2019/18xxx/CVE-2019-18936.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5",
"refsource": "MISC",
"name": "https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5"
},
{
"url": "https://github.com/jgarzik/univalue/pull/58",
"refsource": "MISC",
"name": "https://github.com/jgarzik/univalue/pull/58"
}
]
}
}