admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #157 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-07-11 15:50:52 -04:00 committed by GitHub
commit b28dceac25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 1446 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
2017/11xxx/CVE-2017-11774.json
View File

@ -9,6 +9,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft Corporation",
"product": {
"product_data": [
{
@ -16,14 +17,19 @@
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016."
}
]
}
}
]
"version_value": "Microsoft Outlook 2010 SP2"
},
"vendor_name": "Microsoft Corporation"
{
"version_value": "Outlook 2013 SP1 and RT SP1"
},
{
"version_value": "Outlook 2016"
}
]
}
}
]
}
}
]
}

48
2018/17xxx/CVE-2018-17150.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17150",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intersystems Cache 2017.2.2.865.0 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}

48
2018/17xxx/CVE-2018-17151.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17151",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}

48
2018/17xxx/CVE-2018-17152.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17152",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intersystems Cache 2017.2.2.865.0 allows XXE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities"
}
]
}

48
2018/19xxx/CVE-2018-19588.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19588",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vfxcomputing.com/?CVE-2018-19588",
"url": "https://www.vfxcomputing.com/?CVE-2018-19588"
}
]
}

139
2019/0xxx/CVE-2019-0046.json
View File

@ -1,9 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-07-10T16:00:00.000Z",
"ID": "CVE-2019-0046",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid packets on management interface."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required:\n set interfaces me0"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +79,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device.\n\nAffected releases are Juniper Networks Junos OS:\n16.1 versions above and including 16.1R1 prior to 16.1R7-S5;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3;\n17.3 versions prior to 17.3R3-S2;\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R3;\n18.2 versions prior to 18.2R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10938",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10938"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S5, 17.1R3, 17.2R3, 17.3R3-S2, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10938",
"defect": [
"1329430"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

147
2019/0xxx/CVE-2019-0048.json
View File

@ -1,9 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-07-10T16:00:00.000Z",
"ID": "CVE-2019-0048",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall filters for multicast traffic may fail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D51, 14.1X53-D115"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S2"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S5, 17.4R3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S1"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue only affects EX Series switches with TCAM optimization enabled:\n\n set system packet-forwarding-options tcam-group-optimization\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +87,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic.\n\nThe command 'show firewall filter' can be used to confirm whether the filter is working.\n\nThis issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability.\nThis issue affects:\nJuniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series;\n17.1 versions prior to 17.1R3 on EX4300 Series;\n17.2 versions prior to 17.2R3-S2 on EX4300 Series;\n17.3 versions prior to 17.3R3-S3 on EX4300 Series;\n17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series;\n18.1 versions prior to 18.1R3-S1 on EX4300 Series;\n18.2 versions prior to 18.2R2 on EX4300 Series;\n18.3 versions prior to 18.3R2 on EX4300 Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10942",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10942"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D51, 14.1X53-D115, 17.1R3, 17.2R3-S2, 17.3R3-S3, 17.4R2-S5, 17.4R3, 18.1R3-S1, 18.2R2, 18.3R2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10942",
"defect": [
"1392082"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Disabling TCAM optimization will mitigate this issue."
}
]
}

152
2019/0xxx/CVE-2019-0049.json
View File

@ -1,8 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-07-10T16:00:00.000Z",
"ID": "CVE-2019-0049",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD process crashes when BGP peer restarts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S3"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D105"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S7, 17.4R2-S2, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D12, 18.2X75-D30"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S4, 18.3R2"
},
{
"version_affected": "!<",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +92,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonged Denial of Service (DoS). \n\nGraceful restart helper mode for BGP is enabled by default.\n\nNo other Juniper Networks products or platforms are affected by this issue.\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7-S3;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3;\n17.2X75 versions prior to 17.2X75-D105;\n17.3 versions prior to 17.3R3-S2;\n17.4 versions prior to 17.4R1-S7, 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2;\n18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30;\n18.3 versions prior to 18.3R1-S4, 18.3R2.\n\nJunos OS releases prior to 16.1R1 are not affected."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10943",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10943"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S3, 16.2R2-S9, 17.1R3, 17.2R3, 17.2X75-D105, 17.3R3-S2, 17.4R1-S7, 17.4R2-S2, 17.4R3, 18.1R3-S2, 18.2R2, 18.2X75-D12, 18.2X75-D30, 18.3R1-S4, 18.3R2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10943",
"defect": [
"1337304"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "This issue can be prevented by disabling the BGP graceful restart mechanism, including graceful restart helper mode:\n [protocols bgp graceful-restart disable]\n\nFurthermore, the risk associated with this issue can be mitigated by limiting BGP sessions only from trusted peers.\n"
}
]
}

147
2019/0xxx/CVE-2019-0052.json
View File

@ -1,9 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-07-10T16:00:00.000Z",
"ID": "CVE-2019-0052",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D85"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D181, 15.1X49-D190"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S8, 17.4R2-S5, 17.4R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S6"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S1, 18.2R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S1, 18.4R2"
},
{
"platform": "SRX Series",
"version_affected": ">=",
"version_name": "17.3",
"version_value": "17.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Sample SRX Series services gateway web-filtering configuration:\n\n security {\n utm {\n default-configuration {\n web-filtering {\n ...\n feature-profile {\n web-filtering {\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +87,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash.\n\nThis issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled.\n\nAffected releases are Juniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D85 on SRX Series;\n15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series;\n17.3 versions on SRX Series;\n17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series;\n18.1 versions prior to 18.1R3-S6 on SRX Series;\n18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series;\n18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series;\n18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10946",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10946"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D85, 12.3X48-D90, 15.1X49-D181, 15.1X49-D190, 17.4R1-S8, 17.4R2-S5, 17.4R3, 18.1R3-S6, 18.2R2-S1, 18.2R3, 18.3R1-S2, 18.3R2, 18.4R1-S1, 18.4R2, 19.1R1, 19.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10946",
"defect": [
"1406403"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "This issue can be mitigated by enabling HTTP reassembly in the web-filtering configuration:\n\n set security utm default-configuration web-filtering http-reassemble\n"
}
]
}

189
2019/0xxx/CVE-2019-0053.json
View File

@ -1,9 +1,122 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-07-10T16:00:00.000Z",
"ID": "CVE-2019-0053",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S13"
},
{
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D80"
},
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D130, 14.1X53-D49"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S4"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D170"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S11, 16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R2-S7, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S3, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S2, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S3, 18.3R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S2, 18.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthew Hickey, Hacker House (https://hacker.house/) who reported this issue on November 12, 2018.\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +124,78 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers.\n\nThis issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue.\n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S13;\n12.3X48 versions prior to 12.3X48-D80;\n14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49;\n15.1 versions prior to 15.1F6-S12, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D170;\n15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69;\n16.1 versions prior to 16.1R3-S11, 16.1R7-S4;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S4;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S3;\n18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S3, 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10947",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10947"
},
{
"name": "https://www.exploit-db.com/exploits/45982",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/45982"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D170, 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, 17.3R3-S4, 17.4R1-S6, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S3, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.2X75-D40, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10947",
"defect": [
"1409847"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Since this issue is specific to outbound connections to a malicious host from the local telnet client, mitigation includes:\n* limit access to the Junos CLI and shell from only from trusted administrators\n* block outbound telnet connections\n* deny access to the telnet command and shell per user or user class"
}
]
}

5
2019/0xxx/CVE-2019-0319.json
View File

@ -79,6 +79,11 @@
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"refsource": "MISC",
"name": "https://cxsecurity.com/ascii/WLB-2019050283",
"url": "https://cxsecurity.com/ascii/WLB-2019050283"
}
]
}

3
2019/10xxx/CVE-2019-10135.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10135",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

19
2019/10xxx/CVE-2019-10192.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10192",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -50,18 +51,24 @@
"references": {
"reference_data": [
{
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192",
"refsource": "CONFIRM"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
}
]
},

19
2019/10xxx/CVE-2019-10193.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10193",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -50,18 +51,24 @@
"references": {
"reference_data": [
{
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193",
"refsource": "CONFIRM"
},
{
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
}
]
},

3
2019/10xxx/CVE-2019-10194.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10194",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

12
2019/11xxx/CVE-2019-11062.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SUNNET",
"product": {
"product_data": [
{
@ -17,21 +18,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5",
"version_value": "0"
"version_value": "5.0"
},
{
"version_affected": "=",
"version_name": "5",
"version_value": "1"
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "SUNNET"
}
}
]
}

10
2019/11xxx/CVE-2019-11268.json
View File

@ -16,6 +16,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Cloud Foundry",
"product": {
"product_data": [
{
@ -23,16 +24,13 @@
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "v73.3.0"
"version_value": "prior to v73.3.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
}
]
}
@ -41,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones."
"value": "Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones."
}
]
},

66
2019/12xxx/CVE-2019-12525.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/squid-cache/squid/commits/v4",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
}
]
}

66
2019/12xxx/CVE-2019-12527.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/squid-cache/squid/commits/v4",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
}
]
}

66
2019/12xxx/CVE-2019-12529.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/squid-cache/squid/commits/v4",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"refsource": "CONFIRM",
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch"
}
]
}

62
2019/13xxx/CVE-2019-13029.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/snippets/1874216",
"url": "https://gitlab.com/snippets/1874216"
}
]
}
}

14
2019/3xxx/CVE-2019-3854.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3854",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3854",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

3
2019/3xxx/CVE-2019-3889.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3889",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

10
2019/7xxx/CVE-2019-7003.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Avaya",
"product": {
"product_data": [
{
@ -17,21 +18,16 @@
"version": {
"version_data": [
{
"affected": "<",
"version_name": "8.0.x",
"version_value": "8.0.4.0"
"version_value": "8.0.x prior to 8.0.4.0"
},
{
"affected": "=",
"version_name": "7.x",
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
}
]
}

48
2019/9xxx/CVE-2019-9657.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9657",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vfxcomputing.com/?CVE-2019-9657",
"url": "https://www.vfxcomputing.com/?CVE-2019-9657"
}
]
}

2
2019/9xxx/CVE-2019-9886.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login before eClass version ip.2.5.10.2.1. "
"value": "Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1."
}
]
},

5
2019/9xxx/CVE-2019-9948.json
View File

@ -91,6 +91,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1700",
"url": "https://access.redhat.com/errata/RHSA-2019:1700"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190711 [SECURITY] [DLA 1852-1] python3.4 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html"
}
]
}