admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #208 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-12-20 11:23:29 -05:00 committed by GitHub
commit ba85e8cd46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
581 changed files with 34096 additions and 2164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2011/3xxx/CVE-2011-3188.json
View File

@ -91,6 +91,11 @@
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K15301?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K15301?utm_source=f5support&utm_medium=RSS"
}
]
}

60
2012/2xxx/CVE-2012-2312.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2312",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JBoss AS 7",
"product": {
"product_data": [
{
"product_name": "JBoss",
"version": {
"version_data": [
{
"version_value": "AS 7 Community Release"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2312"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-2312",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-2312"
}
]
}

70
2012/2xxx/CVE-2012-2656.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2656",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "www.restlet.org/",
"product": {
"product_data": [
{
"product_name": "Restlet",
"version": {
"version_data": [
{
"version_value": "1.1.10"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "vulnerability in Restlet"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2656",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2656"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2656",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2656"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-2656",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-2656"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/05/29/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/05/29/9"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/05/29/11",
"url": "http://www.openwall.com/lists/oss-security/2012/05/29/11"
}
]
}

75
2012/3xxx/CVE-2012-3409.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3409",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ecryptfs-utils",
"product": {
"product_data": [
{
"product_name": "ecryptfs-utils",
"version": {
"version_data": [
{
"version_value": "< 99"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "suid helper does not restrict mounting filesystems with nosuid,nodev leading to possible privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3409",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-3409"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3409",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3409"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/07/12/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/07/12/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/07/11/23",
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/23"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/07/13/5",
"url": "http://www.openwall.com/lists/oss-security/2012/07/13/5"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-3409"
}
]
}

65
2012/5xxx/CVE-2012-5639.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5639",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LibreOffice; OpenOffice",
"product": {
"product_data": [
{
"product_name": "LibreOffice, OpenOffice",
"version": {
"version_data": [
{
"version_value": "through at least 2012-12-15"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreOffice and OpenOffice automatically open embedded content"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5639",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5639"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5639",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5639"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/14/1",
"url": "http://www.openwall.com/lists/oss-security/2012/12/14/1"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-5639"
}
]
}

80
2012/6xxx/CVE-2012-6094.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6094",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cups",
"product": {
"product_data": [
{
"product_name": "cups",
"version": {
"version_data": [
{
"version_value": "<= 1.7.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6094",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6094"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82451",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82451"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/04/5",
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/5"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57158",
"url": "http://www.securityfocus.com/bid/57158"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-6094"
}
]
}

65
2012/6xxx/CVE-2012-6111.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6111",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gnome-keyring",
"product": {
"product_data": [
{
"product_name": "gnome-keyring",
"version": {
"version_data": [
{
"version_value": "Fixed 3.14.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "does not discard stored secrets in some cases"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6111",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6111"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/4",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/4"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-6111"
},
{
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=690466",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=690466"
}
]
}

2
2014/0xxx/CVE-2014-0083.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Ruby net-ldap gem before 0.16.2 uses a weak salt when generating SSHA passwords."
"value": "The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords."
}
]
},

78
2015/8xxx/CVE-2015-8313.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8313",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GnuTLS incorrectly validates the first byte of padding in CBC modes"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8313",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2015-8313"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"url": "http://www.securityfocus.com/bid/78327",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/78327"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3408",
"url": "http://www.debian.org/security/2015/dsa-3408"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/537012/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
"url": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html"
}
]
}

10
2015/9xxx/CVE-2015-9251.json
View File

@ -181,6 +181,16 @@
"refsource": "MLIST",
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-08",
"url": "https://www.tenable.com/security/tns-2019-08"
}
]
}

73
2016/1000xxx/CVE-2016-1000022.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000022",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "negotiator before 0.6.1 is vulnerable to a regular expression DoS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json",
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000022",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1000022"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1605",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1605"
},
{
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/106",
"url": "https://www.npmjs.com/advisories/106"
}
]
}

63
2016/1000xxx/CVE-2016-1000229.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000229",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "swagger-ui has XSS in key names"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json",
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229"
},
{
"url": "http://www.securityfocus.com/bid/97580",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97580"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:0868",
"url": "https://access.redhat.com/errata/RHSA-2017:0868"
}
]
}

5
2016/2xxx/CVE-2016-2542.json
View File

@ -66,6 +66,11 @@
"name": "84213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84213"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-08",
"url": "https://www.tenable.com/security/tns-2019-08"
}
]
}

5
2016/6xxx/CVE-2016-6352.json
View File

@ -86,6 +86,11 @@
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=769170",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
]
}

5
2017/15xxx/CVE-2017-15095.json
View File

@ -200,6 +200,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "MLIST",
"name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
}
]
}

5
2017/2xxx/CVE-2017-2870.json
View File

@ -62,6 +62,11 @@
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
]
}

20
2017/5xxx/CVE-2017-5645.json
View File

@ -226,6 +226,26 @@
"refsource": "MLIST",
"name": "[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?",
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"url": "http://www.openwall.com/lists/oss-security/2019/12/19/2"
},
{
"refsource": "MLIST",
"name": "[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E"
}
]
}

5
2017/6xxx/CVE-2017-6312.json
View File

@ -81,6 +81,11 @@
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
]
}

5
2017/6xxx/CVE-2017-6313.json
View File

@ -81,6 +81,11 @@
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
]
}

5
2017/6xxx/CVE-2017-6314.json
View File

@ -81,6 +81,11 @@
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
]
}

10
2017/7xxx/CVE-2017-7525.json
View File

@ -318,6 +318,16 @@
"refsource": "MLIST",
"name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
"url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
}
]
}

5
2018/10xxx/CVE-2018-10536.json
View File

@ -81,6 +81,11 @@
"name": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

5
2018/10xxx/CVE-2018-10537.json
View File

@ -81,6 +81,11 @@
"name": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

5
2018/10xxx/CVE-2018-10538.json
View File

@ -71,6 +71,11 @@
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

5
2018/10xxx/CVE-2018-10539.json
View File

@ -71,6 +71,11 @@
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

5
2018/10xxx/CVE-2018-10540.json
View File

@ -71,6 +71,11 @@
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

15
2018/11xxx/CVE-2018-11805.json
View File

@ -98,6 +98,21 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"refsource": "MLIST",
"name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
"url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4@%3Cusers.spamassassin.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
"url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae@%3Cusers.spamassassin.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
"url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5@%3Cusers.spamassassin.apache.org%3E"
}
]
},

5
2018/12xxx/CVE-2018-12126.json
View File

@ -49,6 +49,11 @@
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-1f5832fc0e",

5
2018/12xxx/CVE-2018-12127.json
View File

@ -49,6 +49,11 @@
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-1f5832fc0e",

5
2018/12xxx/CVE-2018-12130.json
View File

@ -49,6 +49,11 @@
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-1f5832fc0e",

5
2018/14xxx/CVE-2018-14526.json
View File

@ -96,6 +96,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01"
}
]
}

25
2018/16xxx/CVE-2018-16860.json
View File

@ -50,6 +50,11 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_23",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860",
@ -104,6 +109,26 @@
"refsource": "FULLDISC",
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT210346",
"url": "https://support.apple.com/HT210346"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT210348",
"url": "https://support.apple.com/HT210348"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT210351",
"url": "https://support.apple.com/HT210351"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT210353",
"url": "https://support.apple.com/HT210353"
}
]
},

5
2018/19xxx/CVE-2018-19840.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-235c682f35",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

5
2018/19xxx/CVE-2018-19841.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-235c682f35",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

58
2018/1xxx/CVE-2018-1311.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1311",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1311",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Xerces-C",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 3.2.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service and Remote Exploit"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2",
"url": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable."
}
]
}

32
2018/20xxx/CVE-2018-20346.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple issues in SQLite via WebSQL in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan."
}
]
},
@ -57,6 +57,11 @@
"refsource": "MISC",
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT209446",
"url": "https://support.apple.com/HT209446"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379",
"refsource": "MISC",
@ -82,11 +87,21 @@
"refsource": "MISC",
"url": "https://access.redhat.com/articles/3758321"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT209443",
"url": "https://support.apple.com/HT209443"
},
{
"name": "https://blade.tencent.com/magellan/index_en.html",
"refsource": "MISC",
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT209451",
"url": "https://support.apple.com/HT209451"
},
{
"name": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html",
"refsource": "MISC",
@ -97,11 +112,21 @@
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT209450",
"url": "https://support.apple.com/HT209450"
},
{
"name": "https://sqlite.org/src/info/940f2adc8541a838",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT209448",
"url": "https://support.apple.com/HT209448"
},
{
"name": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e",
"refsource": "MISC",
@ -142,6 +167,11 @@
"refsource": "MISC",
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/HT209447",
"url": "https://support.apple.com/HT209447"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1159",

5
2018/21xxx/CVE-2018-21031.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://forums.plex.tv/t/security-regarding-cve-2018-21031/493286",
"url": "https://forums.plex.tv/t/security-regarding-cve-2018-21031/493286"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/docs/47790",
"url": "https://www.exploit-db.com/docs/47790"
}
]
}

5
2018/5xxx/CVE-2018-5743.json
View File

@ -85,6 +85,11 @@
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2018-5743"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K74009656?utm_source=f5support&amp;utm_medium=RSS",

5
2018/6xxx/CVE-2018-6767.json
View File

@ -76,6 +76,11 @@
"name": "USN-3568-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3568-1/"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

5
2018/7xxx/CVE-2018-7253.json
View File

@ -76,6 +76,11 @@
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

5
2018/7xxx/CVE-2018-7254.json
View File

@ -81,6 +81,11 @@
"name": "44154",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44154/"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
}
]
}

58
2019/0xxx/CVE-2019-0131.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0131",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0131",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access."
}
]
}

58
2019/0xxx/CVE-2019-0165.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0165",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0165",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access."
}
]
}

58
2019/0xxx/CVE-2019-0166.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0166",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0166",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access."
}
]
}

58
2019/0xxx/CVE-2019-0168.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0168",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0168",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Intel(R) TXE",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access."
}
]
}

58
2019/0xxx/CVE-2019-0169.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0169",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0169",
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) TXE",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access."
}
]
}

5
2019/0xxx/CVE-2019-0201.json
View File

@ -121,6 +121,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4352",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
}
]
},

5
2019/10xxx/CVE-2019-10086.json
View File

@ -128,6 +128,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-79b5790566",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4317",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
}
]
},

5
2019/10xxx/CVE-2019-10173.json
View File

@ -58,6 +58,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4352",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
}
]
},

5
2019/10xxx/CVE-2019-10218.json
View File

@ -54,6 +54,11 @@
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2019-10218.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_35",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2458",

50
2019/11xxx/CVE-2019-11086.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11086",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
}
]
}

50
2019/11xxx/CVE-2019-11087.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11087",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Intel(R) TXE",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access."
}
]
}

50
2019/11xxx/CVE-2019-11088.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
}
]
}

50
2019/11xxx/CVE-2019-11090.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) PTT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access."
}
]
}

5
2019/11xxx/CVE-2019-11091.json
View File

@ -49,6 +49,11 @@
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-1f5832fc0e",

50
2019/11xxx/CVE-2019-11097.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) Management Engine",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
}

50
2019/11xxx/CVE-2019-11100.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access."
}
]
}

50
2019/11xxx/CVE-2019-11101.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Intel(R) TXE",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access."
}
]
}

50
2019/11xxx/CVE-2019-11102.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) DAL software for Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access."
}
]
}

50
2019/11xxx/CVE-2019-11103.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
}

50
2019/11xxx/CVE-2019-11104.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11104",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
}

50
2019/11xxx/CVE-2019-11105.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access."
}
]
}

50
2019/11xxx/CVE-2019-11106.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
}

50
2019/11xxx/CVE-2019-11107.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
}
]
}

50
2019/11xxx/CVE-2019-11108.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
}

50
2019/11xxx/CVE-2019-11109.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) SPS",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access."
}
]
}

50
2019/11xxx/CVE-2019-11110.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Intel(R) TXE",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
}

50
2019/11xxx/CVE-2019-11131.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
}
]
}

50
2019/11xxx/CVE-2019-11132.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access."
}
]
}

50
2019/11xxx/CVE-2019-11147.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
}

72
2019/11xxx/CVE-2019-11294.json
View File

@ -3,16 +3,82 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-12-19T00:00:00.000Z",
"ID": "CVE-2019-11294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CAPI leaks service broker URLs and GUIDs to space developers"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAPI",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "1.88.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11294",
"name": "https://www.cloudfoundry.org/blog/cve-2019-11294"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
}

5
2019/11xxx/CVE-2019-11358.json
View File

@ -291,6 +291,11 @@
"refsource": "MLIST",
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-08",
"url": "https://www.tenable.com/security/tns-2019-08"
}
]
}

88
2019/11xxx/CVE-2019-11780.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@odoo.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Odoo Community",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.0"
}
]
}
},
{
"product_name": "Odoo Enterprise",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.0"
}
]
}
}
]
},
"vendor_name": "Odoo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Swapnesh Shah"
}
],
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/odoo/odoo/issues/42196",
"name": "https://github.com/odoo/odoo/issues/42196"
}
]
},
"source": {
"advisory": "ODOO-SA-2019-10-25-1",
"discovery": "EXTERNAL"
}
}

50
2019/11xxx/CVE-2019-11995.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11995",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HPE IOT + GCP",
"version": {
"version_data": [
{
"version_value": "1.2.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized access to sensitive information; remote unauthorized remote access"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03954en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03954en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance."
}
]
}

57
2019/11xxx/CVE-2019-11996.json
View File

@ -11,62 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "HPE",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nimble Storage Hybrid Flash Arrays",
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older"
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
},
{
"version_value": "5.0.7.0 and older"
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
},
{
"version_value": "4.5.4.0 and older"
},
{
"version_value": "3.9.1.0 and older"
}
]
}
},
{
"product_name": "Nimble Storage All Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older"
},
{
"version_value": "5.0.7.0 and older"
},
{
"version_value": "4.5.4.0 and older"
},
{
"version_value": "3.9.1.0 and older"
}
]
}
},
{
"product_name": "Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older"
},
{
"version_value": "5.0.7.0 and older"
},
{
"version_value": "4.5.4.0 and older"
},
{
"version_value": "3.9.1.0 and older"
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
}
]
}
@ -83,7 +42,7 @@
"description": [
{
"lang": "eng",
"value": "remote gain elevated privileges and disclose information"
"value": "remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities"
}
]
}
@ -92,7 +51,7 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"refsource": "MISC",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us"
}
@ -102,7 +61,7 @@
"description_data": [
{
"lang": "eng",
"value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older"
"value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0."
}
]
}

5
2019/12xxx/CVE-2019-12384.json
View File

@ -251,6 +251,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3901",
"url": "https://access.redhat.com/errata/RHSA-2019:3901"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4352",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
}
]
}

9
2019/13xxx/CVE-2019-13942.json
View File

@ -92,10 +92,15 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07"
}
]
}

9
2019/13xxx/CVE-2019-13943.json
View File

@ -92,10 +92,15 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07"
}
]
}

9
2019/13xxx/CVE-2019-13944.json
View File

@ -92,10 +92,15 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07"
}
]
}

5
2019/14xxx/CVE-2019-14833.json
View File

@ -54,6 +54,11 @@
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2019-14833.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_35",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2458",

5
2019/14xxx/CVE-2019-14845.json
View File

@ -53,6 +53,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:4101",
"url": "https://access.redhat.com/errata/RHSA-2019:4101"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4237",
"url": "https://access.redhat.com/errata/RHSA-2019:4237"
}
]
},

5
2019/14xxx/CVE-2019-14847.json
View File

@ -54,6 +54,11 @@
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2019-14847.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_35",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2458",

115
2019/15xxx/CVE-2019-15006.json Normal file
View File

@ -0,0 +1,115 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-12-19T00:00:00",
"ID": "CVE-2019-15006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence Server",
"version": {
"version_data": [
{
"version_value": "6.11.0",
"version_affected": ">="
},
{
"version_value": "6.13.10",
"version_affected": "<"
},
{
"version_value": "6.14.0",
"version_affected": ">="
},
{
"version_value": "6.15.10",
"version_affected": "<"
},
{
"version_value": "7.0.1",
"version_affected": ">="
},
{
"version_value": "7.0.5",
"version_affected": "<"
},
{
"version_value": "7.1.0",
"version_affected": ">="
},
{
"version_value": "7.1.2",
"version_affected": "<"
},
{
"version_value": "7.2.0-beta1",
"version_affected": ">="
},
{
"version_value": "7.2.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-Middle (MitM)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-59244",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-59244"
},
{
"url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html",
"refsource": "MISC",
"name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html"
},
{
"url": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067",
"refsource": "MISC",
"name": "https://twitter.com/SwiftOnSecurity/status/1202034106495832067"
},
{
"refsource": "BUGTRAQ",
"name": "20191219 Confluence Server and Data Center Security Advisory - 2019-12-18 - CVE-2019-15006",
"url": "https://seclists.org/bugtraq/2019/Dec/36"
}
]
}
}

62
2019/15xxx/CVE-2019-15575.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15575",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GitLab CE/EE",
"version": {
"version_data": [
{
"version_value": "12.3.2, 12.2.6, and 12.1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection - Generic (CWE-77)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/682442",
"url": "https://hackerone.com/reports/682442"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope."
}
]
}
}

62
2019/15xxx/CVE-2019-15576.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15576",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GitLab CE/EE",
"version": {
"version_data": [
{
"version_value": "12.3.2, 12.2.6, and 12.1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/633001",
"url": "https://hackerone.com/reports/633001"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint."
}
]
}
}

62
2019/15xxx/CVE-2019-15577.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15577",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GitLab CE/EE",
"version": {
"version_data": [
{
"version_value": "12.3.2, 12.2.6, and 12.1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/636560",
"url": "https://hackerone.com/reports/636560"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing."
}
]
}
}

62
2019/15xxx/CVE-2019-15580.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15580",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "gitlab.com",
"version": {
"version_data": [
{
"version_value": "12.3.2, 12.2.6, and 12.1.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Sent Data (CWE-201)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/667408",
"url": "https://hackerone.com/reports/667408"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted."
}
]
}
}

62
2019/15xxx/CVE-2019-15589.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15589",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GitLab CE/EE",
"version": {
"version_data": [
{
"version_value": "12.3.2, 12.2.6, 12.1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/497047",
"url": "https://hackerone.com/reports/497047"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before."
}
]
}
}

62
2019/15xxx/CVE-2019-15591.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15591",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "12.3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/676976",
"url": "https://hackerone.com/reports/676976"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled."
}
]
}
}

62
2019/15xxx/CVE-2019-15596.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15596",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "statics-server",
"version": {
"version_data": [
{
"version_value": "Not fixed"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/695416",
"url": "https://hackerone.com/reports/695416"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory."
}
]
}
}

62
2019/15xxx/CVE-2019-15597.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15597",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "node-df",
"version": {
"version_data": [
{
"version_value": "Not fixed"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/703412",
"url": "https://hackerone.com/reports/703412"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input."
}
]
}
}

62
2019/15xxx/CVE-2019-15598.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15598",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "treekill",
"version": {
"version_data": [
{
"version_value": "Not fixed"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/703415",
"url": "https://hackerone.com/reports/703415"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command."
}
]
}
}

62
2019/15xxx/CVE-2019-15599.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15599",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "tree-kill",
"version": {
"version_data": [
{
"version_value": "Not fixed"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/701183",
"url": "https://hackerone.com/reports/701183"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command."
}
]
}
}

62
2019/15xxx/CVE-2019-15600.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15600",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "http_server",
"version": {
"version_data": [
{
"version_value": "Not fixed"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/692262",
"url": "https://hackerone.com/reports/692262"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Path traversal exists in http_server which allows an attacker to read arbitrary system files."
}
]
}
}

2
2019/16xxx/CVE-2019-16386.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account."
"value": "** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect."
}
]
},

2
2019/16xxx/CVE-2019-16387.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.)"
"value": "** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect."
}
]
},

2
2019/16xxx/CVE-2019-16388.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account."
"value": "** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect."
}
]
},

62
2019/16xxx/CVE-2019-16444.json Normal file
View File

@ -0,0 +1,62 @@
{
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ", 2019.021.20056 and earlier, 2017.011.30152\u202fand earlier, 2017.011.30155 and earlier version, 2017.011.30152\u202fand earlier, and 2015.006.30505\u202fand earlier versions"
}
]
},
"product_name": "Adobe Acrobat and Reader"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Binary Planting (default folder privilege escalation) "
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-16444",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/16xxx/CVE-2019-16445.json Normal file
View File

@ -0,0 +1,62 @@
{
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ", 2019.021.20056 and earlier, 2017.011.30152\u202fand earlier, 2017.011.30155 and earlier version, 2017.011.30152\u202fand earlier, and 2015.006.30505\u202fand earlier versions"
}
]
},
"product_name": "Adobe Acrobat and Reader"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free\u202f\u202f\u202f"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-16445",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/16xxx/CVE-2019-16446.json Normal file
View File

@ -0,0 +1,62 @@
{
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution ."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ", 2019.021.20056 and earlier, 2017.011.30152\u202fand earlier, 2017.011.30155 and earlier version, 2017.011.30152\u202fand earlier, and 2015.006.30505\u202fand earlier versions"
}
]
},
"product_name": "Adobe Acrobat and Reader"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-16446",
"ASSIGNER": "psirt@adobe.com"
}
}

Some files were not shown because too many files have changed in this diff Show More