admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-07 19:01:06 +00:00
parent ac6105a0f5
commit b6fadc8c3d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 397 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2018/10xxx/CVE-2018-10465.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10465", "ID": "CVE-2018-10465",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of account privileges or privilege sets. An authenticated Jamf Pro account without required privileges could be used to perform CRUD actions (GET, POST, PUT, DELETE) on UAPI endpoints, which could result in unauthorized information disclosure, compromised data integrity, and data loss. For a full listing of available UAPI endpoints and associated CRUD actions you can navigate to /uapi/doc in your instance of Jamf Pro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docs.jamf.com/10.3.0/jamf-pro/release-notes/Bug_Fixes_and_Enhancements.html",
"url": "https://docs.jamf.com/10.3.0/jamf-pro/release-notes/Bug_Fixes_and_Enhancements.html"
} }
] ]
} }

55
2019/10xxx/CVE-2019-10776.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10776", "ID": "CVE-2019-10776",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "report@snyk.io",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "git-diff-apply",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 0.22.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5",
"url": "https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5"
},
{
"refsource": "CONFIRM",
"name": "https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,",
"url": "https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In \"index.js\" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2."
} }
] ]
} }

62
2019/16xxx/CVE-2019-16154.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-16154",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiAuthenticator WEB UI",
"version": {
"version_data": [
{
"version_value": "6.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-19-104",
"url": "https://fortiguard.com/advisory/FG-IR-19-104"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page."
}
]
}
}

5
2019/17xxx/CVE-2019-17427.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4200-1", "name": "USN-4200-1",
"url": "https://usn.ubuntu.com/4200-1/" "url": "https://usn.ubuntu.com/4200-1/"
},
{
"refsource": "MISC",
"name": "https://github.com/RealLinkers/CVE-2019-17427",
"url": "https://github.com/RealLinkers/CVE-2019-17427"
} }
] ]
} }

10
2019/17xxx/CVE-2019-17571.json
View File

@ -108,6 +108,16 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[kafka-jira] 20200107 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571", "name": "[kafka-jira] 20200107 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571",
"url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870@%3Cjira.kafka.apache.org%3E" "url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"url": "https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"url": "https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd@%3Cdev.zookeeper.apache.org%3E"
} }
] ]
}, },

65
2019/18xxx/CVE-2019-18386.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems management on Unisys Libra and Libra Software Series, with MCP-FIRMWARE through 2019-10-23, can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=53",
"url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=53"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

5
2019/20xxx/CVE-2019-20354.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/colloqi/piSignage/blob/master/RELEASE%20NOTES.md", "url": "https://github.com/colloqi/piSignage/blob/master/RELEASE%20NOTES.md",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/colloqi/piSignage/blob/master/RELEASE%20NOTES.md" "name": "https://github.com/colloqi/piSignage/blob/master/RELEASE%20NOTES.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155864/piSignage-2.6.4-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/155864/piSignage-2.6.4-Directory-Traversal.html"
} }
] ]
} }

64
2019/6xxx/CVE-2019-6700.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6700",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"description": { "CVE_data_meta": {
"description_data": [ "ID": "CVE-2019-6700",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{ {
"lang": "eng", "vendor_name": "n/a",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product": {
"product_data": [
{
"product_name": "Fortinet FortiSIEM",
"version": {
"version_data": [
{
"version_value": "FortiSIEM 5.2.2 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-19-100",
"url": "https://fortiguard.com/advisory/FG-IR-19-100"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code."
} }
] ]
} }

64
2019/9xxx/CVE-2019-9465.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9465",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"description": { "CVE_data_meta": {
"description_data": [ "ID": "CVE-2019-9465",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{ {
"lang": "eng", "vendor_name": "n/a",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/pixel/2019-12-01",
"url": "https://source.android.com/security/bulletin/pixel/2019-12-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003"
} }
] ]
} }

62
2020/5xxx/CVE-2020-5307.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-5307",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-5307",
"STATE": "PUBLIC"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "EXPLOIT-DB",
"name": "47846",
"url": "https://www.exploit-db.com/exploits/47846"
} }
] ]
} }