admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-30 17:00:59 +00:00
parent eb9eb27ce5
commit b679db7e02
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 167 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/16xxx/CVE-2018-16871.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16871",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,4 +69,4 @@
]
]
}
}
}

9
2019/10xxx/CVE-2019-10129.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10129",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -49,7 +50,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://www.postgresql.org/about/news/1939/"
"url": "https://www.postgresql.org/about/news/1939/",
"refsource": "MISC",
"name": "https://www.postgresql.org/about/news/1939/"
}
]
},
@ -71,4 +74,4 @@
]
]
}
}
}

13
2019/10xxx/CVE-2019-10130.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10130",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -52,13 +53,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.postgresql.org/about/news/1939/",
"refsource": "MISC",
"name": "https://www.postgresql.org/about/news/1939/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130",
"refsource": "CONFIRM"
},
{
"url": "https://www.postgresql.org/about/news/1939/"
}
]
},
@ -80,4 +83,4 @@
]
]
}
}
}

9
2019/10xxx/CVE-2019-10138.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10138",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -49,7 +50,9 @@
"refsource": "CONFIRM"
},
{
"url": "https://review.opendev.org/#/c/631240/"
"url": "https://review.opendev.org/#/c/631240/",
"refsource": "MISC",
"name": "https://review.opendev.org/#/c/631240/"
}
]
},
@ -71,4 +74,4 @@
]
]
}
}
}

27
2019/10xxx/CVE-2019-10141.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10141",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -56,10 +57,14 @@
"references": {
"reference_data": [
{
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky"
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky",
"refsource": "MISC",
"name": "https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky"
},
{
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein"
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein",
"refsource": "MISC",
"name": "https://docs.openstack.org/releasenotes/ironic-inspector/stein.html#relnotes-8-2-1-stable-stein"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141",
@ -67,13 +72,19 @@
"refsource": "CONFIRM"
},
{
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata"
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata",
"refsource": "MISC",
"name": "https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata"
},
{
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike"
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike",
"refsource": "MISC",
"name": "https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike"
},
{
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens"
"url": "https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens",
"refsource": "MISC",
"name": "https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens"
}
]
},
@ -81,7 +92,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service."
"value": "A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service."
}
]
},
@ -95,4 +106,4 @@
]
]
}
}
}

5
2019/10xxx/CVE-2019-10142.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10142",
"ASSIGNER": "mrehak@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -76,4 +77,4 @@
]
]
}
}
}

61
2019/11xxx/CVE-2019-11202.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11202",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://forums.rancher.com/c/announcements",
"refsource": "MISC",
"name": "https://forums.rancher.com/c/announcements"
},
{
"refsource": "MISC",
"name": "https://rancher.com/docs/rancher/v2.x/en/security/",
"url": "https://rancher.com/docs/rancher/v2.x/en/security/"
}
]
}

67
2019/14xxx/CVE-2019-14318.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://eprint.iacr.org/2011/232.pdf",
"refsource": "MISC",
"name": "https://eprint.iacr.org/2011/232.pdf"
},
{
"url": "https://tches.iacr.org/index.php/TCHES/article/view/7337",
"refsource": "MISC",
"name": "https://tches.iacr.org/index.php/TCHES/article/view/7337"
}
]
}
}