admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-01 15:00:52 +00:00
parent 20c466fc7b
commit cba6a38941
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
29 changed files with 332 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2017/16xxx/CVE-2017-16774.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2017/16xxx/CVE-2017-16775.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13283.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13284.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13285.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13286.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13287.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13288.json
View File

@ -81,4 +81,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13289.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13290.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13291.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13292.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13293.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13294.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13295.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13296.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13297.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13298.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/13xxx/CVE-2018-13299.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

2
2018/8xxx/CVE-2018-8913.json
View File

@ -77,4 +77,4 @@
}
]
}
}
}

266
2019/1002xxx/CVE-2019-1002100.json
View File

@ -1,140 +1,140 @@
{
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"DATE_ASSIGNED": "2019-01-15",
"ID": "CVE-2019-1002100",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.0.x"
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2019-01-15",
"ID": "CVE-2019-1002100",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.0.x"
},
{
"version_affected": "=",
"version_value": "v1.1.x"
},
{
"version_affected": "=",
"version_value": "v1.2.x"
},
{
"version_affected": "=",
"version_value": "v1.3.x"
},
{
"version_affected": "=",
"version_value": "v1.4.x"
},
{
"version_affected": "=",
"version_value": "v1.5.x"
},
{
"version_affected": "=",
"version_value": "v1.6.x"
},
{
"version_affected": "=",
"version_value": "v1.7.x"
},
{
"version_affected": "=",
"version_value": "v1.8.x"
},
{
"version_affected": "=",
"version_value": "v1.9.x"
},
{
"version_affected": "=",
"version_value": "v1.10.x"
},
{
"version_affected": "<",
"version_value": "v1.11.8"
},
{
"version_affected": "<",
"version_value": "v1.12.6"
},
{
"version_affected": "<",
"version_value": "v1.13.4"
}
]
}
}
]
},
{
"version_affected": "=",
"version_value": "v1.1.x"
},
{
"version_affected": "=",
"version_value": "v1.2.x"
},
{
"version_affected": "=",
"version_value": "v1.3.x"
},
{
"version_affected": "=",
"version_value": "v1.4.x"
},
{
"version_affected": "=",
"version_value": "v1.5.x"
},
{
"version_affected": "=",
"version_value": "v1.6.x"
},
{
"version_affected": "=",
"version_value": "v1.7.x"
},
{
"version_affected": "=",
"version_value": "v1.8.x"
},
{
"version_affected": "=",
"version_value": "v1.9.x"
},
{
"version_affected": "=",
"version_value": "v1.10.x"
},
{
"version_affected": "<",
"version_value": "v1.11.8"
},
{
"version_affected": "<",
"version_value": "v1.12.6"
},
{
"version_affected": "<",
"version_value": "v1.13.4"
}
]
"vendor_name": "Kubernetes"
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
"Reported by Carl Henrik Lunde"
],
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type \"json-patch\" (e.g. `kubectl patch --type json` or `\"Content-Type: application/json-patch+json\"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption"
}
},
"credit": [
"Reported by Carl Henrik Lunde"
],
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type \"json-patch\" (e.g. `kubectl patch --type json` or `\"Content-Type: application/json-patch+json\"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/74534",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/74534"
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/74534",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/74534"
}
]
}
}

215
2019/1002xxx/CVE-2019-1002101.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"DATE_ASSIGNED": "2019-03-05",
"DATE_PUBLIC": "2019-03-28",
"ID": "CVE-2019-1002101",
"STATE": "PUBLIC",
"TITLE": "kubectl cp path traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11",
"version_value": "1.11.9"
},
{
"version_affected": "<",
"version_name": "1.12",
"version_value": "1.12.7"
},
{
"version_affected": "<",
"version_name": "1.13",
"version_value": "1.13.5"
},
{
"version_affected": "=",
"version_name": "1.1-1.10",
"version_value": "1.1-1.10"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ariel Zelivansky of Twistlock"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the users machine.\n\nIf the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the users machine when kubectl cp is called, limited only by the system permissions of the local user.\n\nThe untar function can both create and follow symbolic links.\n\nThe issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Handling"
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2019-03-05",
"DATE_PUBLIC": "2019-03-28",
"ID": "CVE-2019-1002101",
"STATE": "PUBLIC",
"TITLE": "kubectl cp path traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11",
"version_value": "1.11.9"
},
{
"version_affected": "<",
"version_name": "1.12",
"version_value": "1.12.7"
},
{
"version_affected": "<",
"version_name": "1.13",
"version_value": "1.13.5"
},
{
"version_affected": "=",
"version_name": "1.1-1.10",
"version_value": "1.1-1.10"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/pull/75037"
}
]
},
"source": {
"advisory": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/OYFV1hiDE2w",
"defect": [
"75037"
],
"discovery": "EXTERNAL"
}
}
},
"credit": [
{
"lang": "eng",
"value": "Ariel Zelivansky of Twistlock"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Handling"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/pull/75037",
"name": "https://github.com/kubernetes/kubernetes/pull/75037"
}
]
},
"source": {
"advisory": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/OYFV1hiDE2w",
"defect": [
"75037"
],
"discovery": "EXTERNAL"
}
}

18
2019/10xxx/CVE-2019-10681.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/10xxx/CVE-2019-10682.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/10xxx/CVE-2019-10683.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/3xxx/CVE-2019-3836.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3836",
"ASSIGNER": "lpardo@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -73,4 +74,4 @@
]
]
}
}
}

5
2019/3xxx/CVE-2019-3876.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3876",
"ASSIGNER": "lpardo@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,4 +69,4 @@
]
]
}
}
}

5
2019/7xxx/CVE-2019-7524.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1736-1] dovecot security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00038.html"
},
{
"refsource": "UBUNTU",
"name": "USN-3928-1",
"url": "https://usn.ubuntu.com/3928-1/"
}
]
},

7
2019/7xxx/CVE-2019-7651.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "EPP.sys in Emsisoft Anti-Malware 2018.8.1.8923 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories \"inside\" the \\\\.\\EPP device are not properly protected, leading to unintended impersonation or object creation."
"value": "EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories \"inside\" the \\\\.\\EPP device are not properly protected, leading to unintended impersonation or object creation. This vulnerability has been fixed in version 2018.12 and later."
}
]
},
@ -66,6 +66,11 @@
"name": "https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/",
"refsource": "MISC",
"url": "https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/"
},
{
"refsource": "MISC",
"name": "https://help.emsisoft.com/en/1760/vulnerability-report-en/",
"url": "https://help.emsisoft.com/en/1760/vulnerability-report-en/"
}
]
}