admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-05 15:01:04 +00:00
parent 5e24219442
commit d2aaa105a2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
28 changed files with 659 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/12xxx/CVE-2019-12217.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12218.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12220.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12221.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12222.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
} }
] ]
} }

66
2019/12xxx/CVE-2019-12223.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-12223",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-12223",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/",
"refsource": "MISC",
"name": "https://www.hanwha-security.com/en/products/video-recorder/nvr/ch4/SRN-472S/overview/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd",
"url": "https://medium.com/@noe.dustin/samsung-webviewer-remote-dos-vulberability-cve-2019-12223-5f4afbc83fbd"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82",
"url": "https://gist.github.com/dustinnoe/66f91573a0080c9fb2c21819d8805a82"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12384.json
View File

@ -106,6 +106,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12814.json
View File

@ -166,6 +166,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12855.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2019-d480909528", "name": "FEDORA-2019-d480909528",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2068",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html"
} }
] ]
} }

5
2019/13xxx/CVE-2019-13173.json
View File

@ -71,6 +71,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:1907", "name": "openSUSE-SU-2019:1907",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00052.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00052.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4123-1",
"url": "https://usn.ubuntu.com/4123-1/"
} }
] ]
} }

10
2019/13xxx/CVE-2019-13616.json
View File

@ -56,6 +56,16 @@
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538", "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538" "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2071",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
} }
] ]
} }

5
2019/14xxx/CVE-2019-14379.json
View File

@ -106,6 +106,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
} }
] ]
} }

5
2019/14xxx/CVE-2019-14439.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
} }
] ]
} }

5
2019/14xxx/CVE-2019-14809.json
View File

@ -86,6 +86,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:2056", "name": "openSUSE-SU-2019:2056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2072",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
} }
] ]
} }

62
2019/15xxx/CVE-2019-15937.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.pengutronix.de/cgit/barebox/commit/net/nfs.c?h=next&id=84986ca024462058574432b5483f4bf9136c538d",
"refsource": "MISC",
"name": "https://git.pengutronix.de/cgit/barebox/commit/net/nfs.c?h=next&id=84986ca024462058574432b5483f4bf9136c538d"
}
]
}
}

62
2019/15xxx/CVE-2019-15938.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.pengutronix.de/cgit/barebox/commit/fs/nfs.c?h=next&id=574ce994016107ad8ab0f845a785f28d7eaa5208",
"refsource": "MISC",
"name": "https://git.pengutronix.de/cgit/barebox/commit/fs/nfs.c?h=next&id=574ce994016107ad8ab0f845a785f28d7eaa5208"
}
]
}
}

232
2019/4xxx/CVE-2019-4149.json
View File

@ -1,118 +1,118 @@
{ {
"data_type" : "CVE", "data_type": "CVE",
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2019-4149", "ID": "CVE-2019-4149",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"DATE_PUBLIC" : "2019-08-30T00:00:00" "DATE_PUBLIC": "2019-08-30T00:00:00"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "18.0.0.0" "version_value": "18.0.0.0"
}, },
{ {
"version_value" : "18.0.0.2" "version_value": "18.0.0.2"
} }
] ]
}, },
"product_name" : "Business Automation Workflow" "product_name": "Business Automation Workflow"
}, },
{ {
"product_name" : "Business Process Manager", "product_name": "Business Process Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.6.0.0" "version_value": "8.6.0.0"
}, },
{ {
"version_value" : "8.5.6.0" "version_value": "8.5.6.0"
}, },
{ {
"version_value" : "8.5.6.0CF2" "version_value": "8.5.6.0CF2"
}, },
{ {
"version_value" : "8.5.7.0" "version_value": "8.5.7.0"
}, },
{ {
"version_value" : "8.5.7.0CF2017.06" "version_value": "8.5.7.0CF2017.06"
}, },
{ {
"version_value" : "8.6.0.0CF2018.03" "version_value": "8.6.0.0CF2018.03"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"AC" : "L",
"UI" : "R",
"AV" : "N",
"I" : "L",
"PR" : "L",
"A" : "N",
"S" : "C",
"C" : "L"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10885104",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10885104",
"title" : "IBM Security Bulletin 885104 (Business Automation Workflow)"
},
{
"name" : "ibm-baw-cve20194149-xss (158415)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158415",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"description" : { "data_version": "4.0",
"description_data" : [ "impact": {
{ "cvssv3": {
"value" : "IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.", "BM": {
"lang" : "eng" "SCORE": "5.400",
} "AC": "L",
] "UI": "R",
} "AV": "N",
} "I": "L",
"PR": "L",
"A": "N",
"S": "C",
"C": "L"
},
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10885104",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10885104",
"title": "IBM Security Bulletin 885104 (Business Automation Workflow)"
},
{
"name": "ibm-baw-cve20194149-xss (158415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158415",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.",
"lang": "eng"
}
]
}
}

174
2019/4xxx/CVE-2019-4186.json
View File

@ -1,90 +1,90 @@
{ {
"references" : { "references": {
"reference_data" : [ "reference_data": [
{
"name" : "https://supportcontent.ibm.com/support/pages/node/1071966",
"refsource" : "CONFIRM",
"url" : "https://supportcontent.ibm.com/support/pages/node/1071966",
"title" : "IBM Security Bulletin 1071966 (Jazz for Service Management)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-jazz-cve20194186-header-injection (158976)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158976"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"SCORE" : "5.300",
"AV" : "N",
"UI" : "N",
"A" : "N",
"I" : "L",
"PR" : "N",
"C" : "N",
"S" : "U"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4186",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-27T00:00:00"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"product" : { "name": "https://supportcontent.ibm.com/support/pages/node/1071966",
"product_data" : [ "refsource": "CONFIRM",
{ "url": "https://supportcontent.ibm.com/support/pages/node/1071966",
"product_name" : "Jazz for Service Management", "title": "IBM Security Bulletin 1071966 (Jazz for Service Management)"
"version" : { },
"version_data" : [ {
{ "title": "X-Force Vulnerability Report",
"version_value" : "1.1.3" "name": "ibm-jazz-cve20194186-header-injection (158976)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158976"
}
}
]
},
"vendor_name" : "IBM"
} }
] ]
} },
} "data_version": "4.0",
} "impact": {
"cvssv3": {
"BM": {
"AC": "L",
"SCORE": "5.300",
"AV": "N",
"UI": "N",
"A": "N",
"I": "L",
"PR": "N",
"C": "N",
"S": "U"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4186",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-27T00:00:00"
},
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jazz for Service Management",
"version": {
"version_data": [
{
"version_value": "1.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

264
2019/4xxx/CVE-2019-4321.json
View File

@ -1,135 +1,135 @@
{ {
"references" : { "references": {
"reference_data" : [ "reference_data": [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10885901",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10885901",
"title" : "IBM Security Bulletin 885901 (Intelligent Operations Center)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201",
"name" : "ibm-ioc-cve20194321-info-disc (161201)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"AV" : "N",
"AC" : "H",
"SCORE" : "5.900",
"C" : "H",
"S" : "U",
"A" : "N",
"PR" : "N",
"I" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4321",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-08-30T00:00:00"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{ {
"product" : { "refsource": "CONFIRM",
"product_data" : [ "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885901",
{ "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901",
"version" : { "title": "IBM Security Bulletin 885901 (Intelligent Operations Center)"
"version_data" : [ },
{ {
"version_value" : "5.1.0" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201",
}, "name": "ibm-ioc-cve20194321-info-disc (161201)",
{ "refsource": "XF",
"version_value" : "5.1.0.1" "title": "X-Force Vulnerability Report"
},
{
"version_value" : "5.1.0.2"
},
{
"version_value" : "5.1.0.3"
},
{
"version_value" : "5.1.0.4"
},
{
"version_value" : "5.1.0.5"
},
{
"version_value" : "5.1.0.6"
},
{
"version_value" : "5.1.0.7"
},
{
"version_value" : "5.1.0.8"
},
{
"version_value" : "5.1.0.9"
},
{
"version_value" : "5.1.0.10"
},
{
"version_value" : "5.1.0.11"
},
{
"version_value" : "5.1.0.12"
},
{
"version_value" : "5.1.0.13"
},
{
"version_value" : "5.1.0.14"
},
{
"version_value" : "5.2.0"
}
]
},
"product_name" : "Intelligent Operations Center"
}
]
},
"vendor_name" : "IBM"
} }
] ]
} },
} "data_version": "4.0",
} "impact": {
"cvssv3": {
"BM": {
"UI": "N",
"AV": "N",
"AC": "H",
"SCORE": "5.900",
"C": "H",
"S": "U",
"A": "N",
"PR": "N",
"I": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4321",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-08-30T00:00:00"
},
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.1"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.5"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.1.0.7"
},
{
"version_value": "5.1.0.8"
},
{
"version_value": "5.1.0.9"
},
{
"version_value": "5.1.0.10"
},
{
"version_value": "5.1.0.11"
},
{
"version_value": "5.1.0.12"
},
{
"version_value": "5.1.0.13"
},
{
"version_value": "5.1.0.14"
},
{
"version_value": "5.2.0"
}
]
},
"product_name": "Intelligent Operations Center"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

5
2019/5xxx/CVE-2019-5051.json
View File

@ -53,6 +53,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
} }
] ]
}, },

10
2019/5xxx/CVE-2019-5052.json
View File

@ -58,6 +58,16 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2071",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
} }
] ]
}, },

10
2019/5xxx/CVE-2019-5057.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841" "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2071",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
} }
] ]
}, },

10
2019/5xxx/CVE-2019-5058.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842" "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2071",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
} }
] ]
}, },

10
2019/5xxx/CVE-2019-5059.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843" "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2071",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
} }
] ]
}, },

10
2019/5xxx/CVE-2019-5060.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844" "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2070",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2071",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
} }
] ]
}, },

5
2019/7xxx/CVE-2019-7635.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2071",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
} }
] ]
} }

5
2019/9xxx/CVE-2019-9512.json
View File

@ -183,6 +183,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:2056", "name": "openSUSE-SU-2019:2056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2072",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
} }
] ]
}, },

5
2019/9xxx/CVE-2019-9514.json
View File

@ -183,6 +183,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:2056", "name": "openSUSE-SU-2019:2056",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2072",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
} }
] ]
}, },