admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-07 20:01:26 +00:00
parent 46f79002e8
commit b4c1811bf3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 250 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2010/2xxx/CVE-2010-2447.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2447",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gitolite before 1.4.1 does not filter src/ or hooks/ from path names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-2447",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-2447"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20100624 Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc",
"url": "https://www.openwall.com/lists/oss-security/2010/06/24/5"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637",
"url": "https://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/sitaramc/gitolite/commit/5fd9328c1cd1e7c576b6530b3253061c68b159aa",
"url": "https://github.com/sitaramc/gitolite/commit/5fd9328c1cd1e7c576b6530b3253061c68b159aa"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/sitaramc/gitolite/releases/tag/v1.4.1",
"url": "https://github.com/sitaramc/gitolite/releases/tag/v1.4.1"
}
]
}

58
2010/2xxx/CVE-2010-2449.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2449",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-2449",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-2449"
},
{
"refsource": "BID",
"name": "39529",
"url": "https://www.securityfocus.com/bid/39529/info"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958"
}
]
}

7
2019/17xxx/CVE-2019-17551.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter to WFS/agreementView.faces in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG \u201cNotes\u201d section are likely affected."
"value": "In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG editor in the Notes section are likely affected."
}
]
},
@ -56,6 +56,11 @@
"url": "https://www.apakgroup.com/products/wholesale-floorplanning-finance/",
"refsource": "MISC",
"name": "https://www.apakgroup.com/products/wholesale-floorplanning-finance/"
},
{
"refsource": "MISC",
"name": "https://www2.deloitte.com/de/de/pages/risk/articles/wholesale-finance-xss.html",
"url": "https://www2.deloitte.com/de/de/pages/risk/articles/wholesale-finance-xss.html"
}
]
}

58
2019/3xxx/CVE-2019-3422.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3422",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3422",
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE",
"product": {
"product_data": [
{
"product_name": "MF910S",
"version": {
"version_data": [
{
"version_value": "DL_MF910S_CN_EUV1.00.01.exe"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011722",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011722"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Security researcher Shen Ying from the Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security."
}
]
}

78
2019/3xxx/CVE-2019-3465.json
View File

@ -1,17 +1,81 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3465",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3465",
"ASSIGNER": "security@debian.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rob Richards XmlSecLibs",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 3.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"
},
{
"refsource": "BUGTRAQ",
"name": "20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update",
"url": "https://seclists.org/bugtraq/2019/Nov/8"
},
{
"refsource": "DEBIAN",
"name": "DSA-4560",
"url": "https://www.debian.org/security/2019/dsa-4560"
},
{
"refsource": "MISC",
"name": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5",
"url": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"
},
{
"refsource": "MISC",
"name": "https://simplesamlphp.org/security/201911-01",
"url": "https://simplesamlphp.org/security/201911-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message."
}
]
}