admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-23 20:00:48 +00:00
parent e6066506de
commit be1bbb512e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 304 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
2019/11xxx/CVE-2019-11654.json
View File

@ -2,16 +2,22 @@
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.7"
},
"CVE_data_meta": {
"ID": "CVE-2019-11654",
"ASSIGNER": "security@suse.com",
"TITLE": "A path traversal vulnerability has been identified in Verastream Host Integrator ",
"STATE": "PUBLIC"
},
"source": {
"discovery": "INTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus",
"product": {
"product_data": [
{
@ -19,13 +25,15 @@
"version": {
"version_data": [
{
"version_value": "7.7 SP2 and earlier"
"version_affected": "<",
"version_value": "7.7 SP2"
}
]
}
}
]
}
},
"vendor_name": "Micro Focus"
}
]
}
@ -36,12 +44,20 @@
"description": [
{
"lang": "eng",
"value": "Path Traversal"
"value": "A path traversal vulnerability has been identified in Verastream Host Integrator (VHI). The vulnerability allows remote unauthenticated attackers to read arbitrary files."
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files."
}
]
},
"references": {
"reference_data": [
{
@ -51,12 +67,32 @@
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": {
"version": "3.0",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 8.6,
"baseSeverity": "HIGH"
}
},
"exploit": [
{
"lang": "eng",
"value": "Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files."
"value": "Path traversal "
}
],
"solution": [
{
"lang": "eng",
"value": "An update, VHI 7.7 SP2 Update 1, that fixes this vulnerability is available to maintained customers through the download website, https://download.attachmate.com/upgrades. Micro Focus recommends that customers upgrade as soon as possible."
}
]
}
}

64
2019/5xxx/CVE-2019-5592.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5592",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5592",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fortinet IPS Engine",
"version": {
"version_data": [
{
"version_value": "IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-19-145",
"url": "https://fortiguard.com/advisory/FG-IR-19-145"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position."
}
]
}

64
2019/6xxx/CVE-2019-6698.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6698",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-6698",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiRecorder",
"version": {
"version_data": [
{
"version_value": "FortiRecorder all versions below 2.7.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Controls Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-19-185",
"url": "https://fortiguard.com/advisory/FG-IR-19-185"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."
}
]
}

64
2019/7xxx/CVE-2019-7362.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7362",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-7362",
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Design Review ",
"version": {
"version_data": [
{
"version_value": "2011, 2012, 2013, 2018"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL preloading vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution."
}
]
}

64
2019/7xxx/CVE-2019-7363.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7363",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-7363",
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Design Review ",
"version": {
"version_data": [
{
"version_value": "2011, 2012, 2013, 2018"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution."
}
]
}

64
2019/7xxx/CVE-2019-7364.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7364",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-7364",
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P&ID",
"version": {
"version_data": [
{
"version_value": "2017, 2018, 2019, 2020"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL preloading vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution."
}
]
}