admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-11 19:00:53 +00:00
parent c085744ecd
commit b1e60f27ec
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
21 changed files with 624 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2017/11xxx/CVE-2017-11774.json
View File

@ -9,6 +9,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft Corporation",
"product": {
"product_data": [
{
@ -16,14 +17,19 @@
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016."
"version_value": "Microsoft Outlook 2010 SP2"
},
{
"version_value": "Outlook 2013 SP1 and RT SP1"
},
{
"version_value": "Outlook 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
}
]
}

48
2018/17xxx/CVE-2018-17150.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17150",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intersystems Cache 2017.2.2.865.0 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}

48
2018/17xxx/CVE-2018-17151.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17151",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}

48
2018/17xxx/CVE-2018-17152.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17152",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intersystems Cache 2017.2.2.865.0 allows XXE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}

48
2018/19xxx/CVE-2018-19588.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19588",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vfxcomputing.com/?CVE-2018-19588",
"url": "https://www.vfxcomputing.com/?CVE-2018-19588"
}
]
}

5
2019/0xxx/CVE-2019-0319.json
View File

@ -79,6 +79,11 @@
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"refsource": "MISC",
"name": "https://cxsecurity.com/ascii/WLB-2019050283",
"url": "https://cxsecurity.com/ascii/WLB-2019050283"
}
]
}

5
2019/10xxx/CVE-2019-10135.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10135",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -48,7 +49,7 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10135",
"refsource": "CONFIRM"
},
{
{
"url": "https://github.com/containerbuildsystem/osbs-client/pull/865",
"refsource": "CONFIRM",
"name": "https://github.com/containerbuildsystem/osbs-client/pull/865"

19
2019/10xxx/CVE-2019-10192.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10192",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -50,18 +51,24 @@
"references": {
"reference_data": [
{
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192",
"refsource": "CONFIRM"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
}
]
},

19
2019/10xxx/CVE-2019-10193.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10193",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -50,18 +51,24 @@
"references": {
"reference_data": [
{
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193",
"refsource": "CONFIRM"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
}
]
},

5
2019/10xxx/CVE-2019-10194.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10194",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -54,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts."
"value": "Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts."
}
]
},

12
2019/11xxx/CVE-2019-11062.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SUNNET",
"product": {
"product_data": [
{
@ -17,21 +18,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5",
"version_value": "0"
"version_value": "5.0"
},
{
"version_affected": "=",
"version_name": "5",
"version_value": "1"
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "SUNNET"
}
}
]
}

10
2019/11xxx/CVE-2019-11268.json
View File

@ -16,6 +16,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Cloud Foundry",
"product": {
"product_data": [
{
@ -23,16 +24,13 @@
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "v73.3.0"
"version_value": "prior to v73.3.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
}
]
}
@ -41,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones."
"value": "Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones."
}
]
},

66
2019/12xxx/CVE-2019-12525.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/squid-cache/squid/commits/v4",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
}
]
}

66
2019/12xxx/CVE-2019-12527.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/squid-cache/squid/commits/v4",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
}
]
}

66
2019/12xxx/CVE-2019-12529.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/squid-cache/squid/commits/v4",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch"
}
]
}

62
2019/13xxx/CVE-2019-13029.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/snippets/1874216",
"url": "https://gitlab.com/snippets/1874216"
}
]
}
}

3
2019/3xxx/CVE-2019-3889.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3889",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

170
2019/7xxx/CVE-2019-7003.json
View File

@ -1,90 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2019-07-09T23:00:00.000Z",
"ID": "CVE-2019-7003",
"STATE": "PUBLIC",
"TITLE": "ACM SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avaya Control Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "8.0.x",
"version_value": "8.0.4.0"
},
{
"affected": "=",
"version_name": "7.x",
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2019-07-09T23:00:00.000Z",
"ID": "CVE-2019-7003",
"STATE": "PUBLIC",
"TITLE": "ACM SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Avaya",
"product": {
"product_data": [
{
"product_name": "Avaya Control Manager",
"version": {
"version_data": [
{
"version_value": "8.0.x prior to 8.0.4.0"
},
{
"version_value": "7.x"
}
]
}
}
]
}
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101059368",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
}
]
},
"source": {
"advisory": "ASA-2019-119"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101059368",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101059368"
}
]
},
"source": {
"advisory": "ASA-2019-119"
}
}

48
2019/9xxx/CVE-2019-9657.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9657",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vfxcomputing.com/?CVE-2019-9657",
"url": "https://www.vfxcomputing.com/?CVE-2019-9657"
}
]
}

2
2019/9xxx/CVE-2019-9886.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login before eClass version ip.2.5.10.2.1. "
"value": "Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1."
}
]
},

5
2019/9xxx/CVE-2019-9948.json
View File

@ -91,6 +91,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1700",
"url": "https://access.redhat.com/errata/RHSA-2019:1700"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190711 [SECURITY] [DLA 1852-1] python3.4 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html"
}
]
}