admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-21 17:00:41 +00:00
parent 1b707e4a9d
commit bd3edc696c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 466 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/10xxx/CVE-2018-10754.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax."
"value": "In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a \"dubious character `[' in name or alias field\" detection."
}
]
},

2
2018/19xxx/CVE-2018-19211.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack."
"value": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection."
}
]
},

76
2019/11xxx/CVE-2019-11234.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11234",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19",
"refsource": "MISC",
"name": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19"
},
{
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"url": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"url": "https://freeradius.org/security/",
"refsource": "MISC",
"name": "https://freeradius.org/security/"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
}
]
}

76
2019/11xxx/CVE-2019-11235.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19",
"refsource": "MISC",
"name": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19"
},
{
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"url": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"url": "https://freeradius.org/security/",
"refsource": "MISC",
"name": "https://freeradius.org/security/"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
}
]
}

62
2019/11xxx/CVE-2019-11402.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gradle.com/enterprise/releases/2018.5/#changes-3",
"refsource": "MISC",
"name": "https://gradle.com/enterprise/releases/2018.5/#changes-3"
}
]
}
}

62
2019/11xxx/CVE-2019-11403.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gradle.com/enterprise/releases/2018.5/#changes-2",
"refsource": "MISC",
"name": "https://gradle.com/enterprise/releases/2018.5/#changes-2"
}
]
}
}

96
2019/11xxx/CVE-2019-11404.json Normal file
View File

@ -0,0 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/arrow-kt/arrow/issues/1310",
"refsource": "MISC",
"name": "https://github.com/arrow-kt/arrow/issues/1310"
},
{
"url": "https://github.com/arrow-kt/arrow/commit/74198dab522393487d5344f194dc21208ab71ae8",
"refsource": "MISC",
"name": "https://github.com/arrow-kt/arrow/commit/74198dab522393487d5344f194dc21208ab71ae8"
},
{
"url": "https://github.com/arrow-kt/arrow/releases/tag/0.9.0",
"refsource": "MISC",
"name": "https://github.com/arrow-kt/arrow/releases/tag/0.9.0"
},
{
"url": "https://github.com/arrow-kt/ank/issues/35",
"refsource": "MISC",
"name": "https://github.com/arrow-kt/ank/issues/35"
},
{
"url": "https://github.com/arrow-kt/ank/pull/36",
"refsource": "MISC",
"name": "https://github.com/arrow-kt/ank/pull/36"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
}

86
2019/11xxx/CVE-2019-11405.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenAPITools/openapi-generator/issues/2253",
"refsource": "MISC",
"name": "https://github.com/OpenAPITools/openapi-generator/issues/2253"
},
{
"url": "https://github.com/OpenAPITools/openapi-generator/pull/2248",
"refsource": "MISC",
"name": "https://github.com/OpenAPITools/openapi-generator/pull/2248"
},
{
"url": "https://github.com/OpenAPITools/openapi-generator/pull/2697",
"refsource": "MISC",
"name": "https://github.com/OpenAPITools/openapi-generator/pull/2697"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
}

18
2019/11xxx/CVE-2019-11406.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}