admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #148 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-06-27 09:01:24 -04:00 committed by GitHub
commit cf555074f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
91 changed files with 3064 additions and 538 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/3xxx/CVE-2016-3189.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4038-2",
"url": "https://usn.ubuntu.com/4038-2/"
}
]
}

5
2017/5xxx/CVE-2017-5715.json
View File

@ -482,6 +482,11 @@
"refsource": "BUGTRAQ",
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
}
]
}

5
2017/5xxx/CVE-2017-5753.json
View File

@ -372,6 +372,11 @@
"refsource": "BUGTRAQ",
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
}
]
}

5
2017/5xxx/CVE-2017-5754.json
View File

@ -367,6 +367,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
}
]
}

5
2018/10xxx/CVE-2018-10300.json
View File

@ -56,6 +56,11 @@
"name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271",
"refsource": "MISC",
"url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9393",
"url": "https://wpvulndb.com/vulnerabilities/9393"
}
]
}

5
2018/10xxx/CVE-2018-10301.json
View File

@ -56,6 +56,11 @@
"name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271",
"refsource": "MISC",
"url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9393",
"url": "https://wpvulndb.com/vulnerabilities/9393"
}
]
}

5
2018/12xxx/CVE-2018-12126.json
View File

@ -83,6 +83,11 @@
"refsource": "BUGTRAQ",
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
}
]
},

5
2018/12xxx/CVE-2018-12127.json
View File

@ -83,6 +83,11 @@
"refsource": "BUGTRAQ",
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
}
]
},

5
2018/12xxx/CVE-2018-12130.json
View File

@ -83,6 +83,11 @@
"refsource": "BUGTRAQ",
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
}
]
},

10
2018/12xxx/CVE-2018-12648.json
View File

@ -56,6 +56,16 @@
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=106981",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=106981"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1657",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00070.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1649",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00075.html"
}
]
}

10
2018/15xxx/CVE-2018-15756.json
View File

@ -111,6 +111,16 @@
"refsource": "MLIST",
"name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
"url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
"url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
"url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E"
}
]
},

5
2018/16xxx/CVE-2018-16837.json
View File

@ -111,6 +111,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1125",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1635",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"
}
]
}

5
2018/16xxx/CVE-2018-16859.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1125",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1635",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"
}
]
}

5
2018/16xxx/CVE-2018-16876.json
View File

@ -122,6 +122,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1125",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1635",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"
}
]
}

5
2018/1xxx/CVE-2018-1858.json
View File

@ -87,6 +87,11 @@
"name": "ibm-api-cve20181858-csrf (151256)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
},
{
"refsource": "BID",
"name": "108898",
"url": "http://www.securityfocus.com/bid/108898"
}
]
}

10
2018/20xxx/CVE-2018-20843.json
View File

@ -76,6 +76,16 @@
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226"
},
{
"refsource": "UBUNTU",
"name": "USN-4040-1",
"url": "https://usn.ubuntu.com/4040-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4040-2",
"url": "https://usn.ubuntu.com/4040-2/"
}
]
}

62
2018/20xxx/CVE-2018-20845.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf"
}
]
}
}

62
2018/20xxx/CVE-2018-20846.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc"
}
]
}
}

72
2018/20xxx/CVE-2018-20847.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845"
},
{
"url": "https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949"
},
{
"url": "https://github.com/uclouvain/openjpeg/issues/431",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/issues/431"
}
]
}
}

5
2018/2xxx/CVE-2018-2011.json
View File

@ -21,6 +21,11 @@
"name": "ibm-api-cve20182011-info-disc (155150)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
},
{
"refsource": "BID",
"name": "108907",
"url": "http://www.securityfocus.com/bid/108907"
}
]
},

5
2018/2xxx/CVE-2018-2013.json
View File

@ -79,6 +79,11 @@
"name": "ibm-api-cve20182013-info-disc (155193)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155193"
},
{
"refsource": "BID",
"name": "108907",
"url": "http://www.securityfocus.com/bid/108907"
}
]
},

5
2018/7xxx/CVE-2018-7587.json
View File

@ -56,6 +56,11 @@
"name": "https://github.com/xiaoqx/pocs/tree/master/cimg",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/cimg"
},
{
"refsource": "UBUNTU",
"name": "USN-4039-1",
"url": "https://usn.ubuntu.com/4039-1/"
}
]
}

5
2018/7xxx/CVE-2018-7588.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/xiaoqx/pocs/tree/master/cimg",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/cimg"
},
{
"refsource": "UBUNTU",
"name": "USN-4039-1",
"url": "https://usn.ubuntu.com/4039-1/"
}
]
}

5
2018/7xxx/CVE-2018-7589.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/xiaoqx/pocs/tree/master/cimg",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/cimg"
},
{
"refsource": "UBUNTU",
"name": "USN-4039-1",
"url": "https://usn.ubuntu.com/4039-1/"
}
]
}

65
2019/10xxx/CVE-2019-10133.json
View File

@ -4,15 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10133",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moodle",
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133",
"refsource": "CONFIRM"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=386523",
"name": "https://moodle.org/mod/forum/discuss.php?d=386523",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
}
}

65
2019/10xxx/CVE-2019-10134.json
View File

@ -4,15 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10134",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moodle",
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134",
"refsource": "CONFIRM"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=386524",
"name": "https://moodle.org/mod/forum/discuss.php?d=386524",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
]
]
}
}

68
2019/10xxx/CVE-2019-10154.json
View File

@ -4,15 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moodle",
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7"
},
{
"version_value": "3.6.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154",
"refsource": "CONFIRM"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=386521",
"name": "https://moodle.org/mod/forum/discuss.php?d=386521",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
}
}

68
2019/10xxx/CVE-2019-10164.json
View File

@ -4,15 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PostgreSQL",
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "10.9"
},
{
"version_value": "11.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164",
"refsource": "CONFIRM"
},
{
"url": "https://www.postgresql.org/about/news/1949/",
"refsource": "MISC",
"name": "https://www.postgresql.org/about/news/1949/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
}
}

5
2019/11xxx/CVE-2019-11091.json
View File

@ -83,6 +83,11 @@
"refsource": "BUGTRAQ",
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"refsource": "CONFIRM",
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
}
]
},

2
2019/11xxx/CVE-2019-11272.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of “null”.\n"
"value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \u201cnull\u201d."
}
]
},

5
2019/11xxx/CVE-2019-11372.json
View File

@ -96,6 +96,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-b7cf3236fb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJYASICJ2VUUNGHDBB62FGYQN2SNITM5/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1629",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00069.html"
}
]
}

5
2019/11xxx/CVE-2019-11373.json
View File

@ -96,6 +96,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-b7cf3236fb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJYASICJ2VUUNGHDBB62FGYQN2SNITM5/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1629",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00069.html"
}
]
}

5
2019/11xxx/CVE-2019-11477.json
View File

@ -166,6 +166,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1602",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"refsource": "CONFIRM",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
}
]
},

5
2019/11xxx/CVE-2019-11478.json
View File

@ -160,6 +160,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1602",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"refsource": "CONFIRM",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
}
]
},

5
2019/11xxx/CVE-2019-11479.json
View File

@ -164,6 +164,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1602",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"refsource": "CONFIRM",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008"
}
]
},

63
2019/11xxx/CVE-2019-11583.json
View File

@ -1,17 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-06-24T00:00:00",
"ID": "CVE-2019-11583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_value": "8.1.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by \"Epic Name\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JSWSERVER-20111",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JSWSERVER-20111"
},
{
"refsource": "BID",
"name": "108901",
"url": "http://www.securityfocus.com/bid/108901"
}
]
}

5
2019/12xxx/CVE-2019-12346.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss/",
"url": "https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss/"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9397",
"url": "https://wpvulndb.com/vulnerabilities/9397"
}
]
}

5
2019/12xxx/CVE-2019-12450.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1650",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html"
}
]
}

5
2019/12xxx/CVE-2019-12735.json
View File

@ -131,6 +131,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K93144355",
"url": "https://support.f5.com/csp/article/K93144355"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1619",
"url": "https://access.redhat.com/errata/RHSA-2019:1619"
}
]
}

5
2019/12xxx/CVE-2019-12900.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4038-2",
"url": "https://usn.ubuntu.com/4038-2/"
}
]
}

5
2019/12xxx/CVE-2019-12972.json
View File

@ -61,6 +61,11 @@
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031",
"refsource": "MISC",
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"refsource": "BID",
"name": "108903",
"url": "http://www.securityfocus.com/bid/108903"
}
]
}

72
2019/12xxx/CVE-2019-12973.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503"
},
{
"url": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3",
"refsource": "MISC",
"name": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3"
},
{
"refsource": "BID",
"name": "108900",
"url": "http://www.securityfocus.com/bid/108900"
}
]
}
}

62
2019/12xxx/CVE-2019-12974.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/1515",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1515"
}
]
}
}

62
2019/12xxx/CVE-2019-12975.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/1517",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1517"
}
]
}
}

62
2019/12xxx/CVE-2019-12976.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/1520",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1520"
}
]
}
}

62
2019/12xxx/CVE-2019-12977.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the WriteJP2Image function in coders/jp2.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/1518",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1518"
}
]
}
}

62
2019/12xxx/CVE-2019-12978.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the ReadPANGOImage function in coders/pango.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/1519",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1519"
}
]
}
}

62
2019/12xxx/CVE-2019-12979.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/1522",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1522"
}
]
}
}

62
2019/12xxx/CVE-2019-12980.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe",
"refsource": "MISC",
"name": "https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe"
}
]
}
}

62
2019/12xxx/CVE-2019-12981.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ming (aka libming) 0.4.8 has an \"fill overflow\" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9",
"refsource": "MISC",
"name": "https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9"
}
]
}
}

62
2019/12xxx/CVE-2019-12982.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9",
"refsource": "MISC",
"name": "https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9"
}
]
}
}

18
2019/12xxx/CVE-2019-12983.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12983",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11884. Reason: This candidate is a reservation duplicate of CVE-2019-11884. Notes: All CVE users should reference CVE-2019-11884 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

72
2019/12xxx/CVE-2019-12984.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13"
},
{
"refsource": "BID",
"name": "108905",
"url": "http://www.securityfocus.com/bid/108905"
}
]
}
}

18
2019/12xxx/CVE-2019-12985.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12986.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12987.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12988.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12989.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12989",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12990.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12991.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12991",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12992.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12992",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/1xxx/CVE-2019-1559.json
View File

@ -166,6 +166,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1432",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1637",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
}
]
}

80
2019/1xxx/CVE-2019-1619.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-06-26T16:00:00-0700",
"ID": "CVE-2019-1619",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cisco Data Center Network Manager Authentication Bypass Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "11.1(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190626 Cisco Data Center Network Manager Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-bypass"
},
{
"refsource": "BID",
"name": "108902",
"url": "http://www.securityfocus.com/bid/108902"
}
]
},
"source": {
"advisory": "cisco-sa-20190626-dcnm-bypass",
"defect": [
[
"CSCvo64641"
]
],
"discovery": "INTERNAL"
}
}

80
2019/1xxx/CVE-2019-1620.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-06-26T16:00:00-0700",
"ID": "CVE-2019-1620",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "11.2(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190626 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex"
},
{
"refsource": "BID",
"name": "108906",
"url": "http://www.securityfocus.com/bid/108906"
}
]
},
"source": {
"advisory": "cisco-sa-20190626-dcnm-codex",
"defect": [
[
"CSCvo64647"
]
],
"discovery": "INTERNAL"
}
}

80
2019/1xxx/CVE-2019-1621.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-06-26T16:00:00-0700",
"ID": "CVE-2019-1621",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cisco Data Center Network Manager Arbitrary File Download Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "11.2(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190626 Cisco Data Center Network Manager Arbitrary File Download Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld"
},
{
"refsource": "BID",
"name": "108904",
"url": "http://www.securityfocus.com/bid/108904"
}
]
},
"source": {
"advisory": "cisco-sa-20190626-dcnm-file-dwnld",
"defect": [
[
"CSCvo64651"
]
],
"discovery": "INTERNAL"
}
}

80
2019/1xxx/CVE-2019-1622.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-06-26T16:00:00-0700",
"ID": "CVE-2019-1622",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cisco Data Center Network Manager Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "11.2(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190626 Cisco Data Center Network Manager Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-infodiscl"
},
{
"refsource": "BID",
"name": "108908",
"url": "http://www.securityfocus.com/bid/108908"
}
]
},
"source": {
"advisory": "cisco-sa-20190626-dcnm-infodiscl",
"defect": [
[
"CSCvo64654"
]
],
"discovery": "INTERNAL"
}
}

5
2019/1xxx/CVE-2019-1897.json
View File

@ -73,6 +73,11 @@
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos"
},
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-29",
"url": "https://www.tenable.com/security/research/tra-2019-29"
},
{
"refsource": "BID",
"name": "108848",

5
2019/1xxx/CVE-2019-1898.json
View File

@ -73,6 +73,11 @@
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess"
},
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-29",
"url": "https://www.tenable.com/security/research/tra-2019-29"
},
{
"refsource": "BID",
"name": "108865",

5
2019/1xxx/CVE-2019-1899.json
View File

@ -73,6 +73,11 @@
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis"
},
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-29",
"url": "https://www.tenable.com/security/research/tra-2019-29"
},
{
"refsource": "BID",
"name": "108867",

109
2019/3xxx/CVE-2019-3569.json
View File

@ -1,8 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-06-01",
"ID": "CVE-2019-3569",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "4.8.1"
},
{
"version_affected": "=",
"version_value": "4.8.0"
},
{
"version_affected": "!=>",
"version_value": "4.7.1"
},
{
"version_affected": "=",
"version_value": "4.7.0"
},
{
"version_affected": "!=>",
"version_value": "4.6.1"
},
{
"version_affected": "=",
"version_value": "4.6.0"
},
{
"version_affected": "!=>",
"version_value": "4.5.1"
},
{
"version_affected": "=",
"version_value": "4.5.0"
},
{
"version_affected": "!=>",
"version_value": "4.4.1"
},
{
"version_affected": "=",
"version_value": "4.4.0"
},
{
"version_affected": "!=>",
"version_value": "4.3.1"
},
{
"version_affected": ">=",
"version_value": "4.0.0"
},
{
"version_affected": "!=>",
"version_value": "3.30.6"
},
{
"version_affected": "<=",
"version_value": "3.30.5"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +88,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Files or Directories Accessible to External Parties (CWE-552)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed",
"refsource": "MISC",
"url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"
},
{
"name": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html",
"refsource": "MISC",
"url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
}
]
}

5
2019/3xxx/CVE-2019-3828.json
View File

@ -64,6 +64,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1125",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1635",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"
}
]
},

5
2019/3xxx/CVE-2019-3860.json
View File

@ -88,6 +88,11 @@
"refsource": "BUGTRAQ",
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1640",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html"
}
]
},

113
2019/4xxx/CVE-2019-4224.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4224",
"STATE": "RESERVED"
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"S": "U",
"PR": "L",
"AV": "N",
"C": "L",
"UI": "N",
"SCORE": "6.300",
"I": "L",
"AC": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.",
"lang": "eng"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2019-4224",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-pure-cve20194224-sql-injection (159240)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0"
}

107
2019/4xxx/CVE-2019-4225.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4225",
"STATE": "RESERVED"
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242",
"name": "ibm-pure-cve20194225-info-disc (159242)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-4225",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"UI": "N",
"SCORE": "4.400",
"I": "N",
"AC": "L",
"A": "N",
"S": "U",
"PR": "H",
"AV": "L",
"C": "H"
}
}
}
}

105
2019/4xxx/CVE-2019-4234.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4234",
"STATE": "RESERVED"
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
},
"product_name": "PureApplication System"
}
]
}
}
]
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416",
"name": "ibm-pure-cve20194234-gain-access (159416)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2019-4234"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"C": "N",
"AV": "N",
"S": "U",
"PR": "L",
"A": "N",
"AC": "L",
"I": "L",
"UI": "N",
"SCORE": "4.300"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
}
}

109
2019/4xxx/CVE-2019-4235.json
View File

@ -1,18 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4235",
"STATE": "RESERVED"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AC": "H",
"I": "N",
"UI": "N",
"SCORE": "5.900",
"C": "H",
"AV": "N",
"S": "U",
"PR": "N",
"A": "N"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417."
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2019-4235",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"title": "IBM Security Bulletin 885602 (PureApplication System)"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-pure-cve20194235-info-disc (159417)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

105
2019/4xxx/CVE-2019-4241.json
View File

@ -1,17 +1,110 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4241",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ID": "CVE-2019-4241"
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467",
"name": "ibm-pure-cve20194241-auth-bypass (159467)",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
},
"product_name": "PureApplication System"
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"C": "H",
"AV": "L",
"S": "U",
"PR": "N",
"A": "H",
"AC": "L",
"I": "H",
"UI": "N",
"SCORE": "8.400"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467."
}
]
}

5
2019/4xxx/CVE-2019-4364.json
View File

@ -33,6 +33,11 @@
"refsource": "XF",
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"title": "X-Force Vulnerability Report"
},
{
"refsource": "BID",
"name": "108910",
"url": "http://www.securityfocus.com/bid/108910"
}
]
},

5
2019/4xxx/CVE-2019-4384.json
View File

@ -12,6 +12,11 @@
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162172"
},
{
"refsource": "BID",
"name": "108896",
"url": "http://www.securityfocus.com/bid/108896"
}
]
},

5
2019/4xxx/CVE-2019-4385.json
View File

@ -20,6 +20,11 @@
"title": "X-Force Vulnerability Report",
"name": "ibm-spectrum-cve20194385-info-disc (162173)",
"refsource": "XF"
},
{
"refsource": "BID",
"name": "108899",
"url": "http://www.securityfocus.com/bid/108899"
}
]
},

187
2019/6xxx/CVE-2019-6163.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "5.07.0084"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "5.07.0084"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27348",
"name": "https://support.lenovo.com/solutions/LEN-27348"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6166.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6167.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6168.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6169.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unencrypted downloads over FTP"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unencrypted downloads over FTP"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725",
"name": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}

10
2019/7xxx/CVE-2019-7637.json
View File

@ -86,6 +86,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1261",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1632",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1633",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html"
}
]
}

5
2019/7xxx/CVE-2019-7839.json
View File

@ -56,6 +56,11 @@
"refsource": "BUGTRAQ",
"name": "20190626 [SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener",
"url": "https://seclists.org/bugtraq/2019/Jun/38"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html"
}
]
},

5
2019/8xxx/CVE-2019-8457.json
View File

@ -78,6 +78,11 @@
"refsource": "UBUNTU",
"name": "USN-4019-2",
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1645",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html"
}
]
},

53
2019/9xxx/CVE-2019-9039.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9039",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters \u201cstartkey\u201d and \u201cendkey\u201d of the \u201c_all_docs\u201d endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docs.couchbase.com/sync-gateway/2.5/release-notes.html",
"url": "https://docs.couchbase.com/sync-gateway/2.5/release-notes.html"
},
{
"refsource": "MISC",
"name": "https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039/",
"url": "https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039/"
}
]
}

5
2019/9xxx/CVE-2019-9836.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://www.amd.com/en/corporate/product-security",
"url": "https://www.amd.com/en/corporate/product-security"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html",
"url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
}
]
}

10
2019/9xxx/CVE-2019-9928.json
View File

@ -86,6 +86,16 @@
"refsource": "DEBIAN",
"name": "DSA-4437",
"url": "https://www.debian.org/security/2019/dsa-4437"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1638",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00082.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1639",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html"
}
]
}