admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-18 17:00:49 +00:00
parent 017fe00e5d
commit d2dfa64e8d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
13 changed files with 487 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2013/7xxx/CVE-2013-7285.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://x-stream.github.io/CVE-2013-7285.html", "name": "https://x-stream.github.io/CVE-2013-7285.html",
"url": "https://x-stream.github.io/CVE-2013-7285.html" "url": "https://x-stream.github.io/CVE-2013-7285.html"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
} }
] ]
} }

12
2018/1xxx/CVE-2018-1199.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com", "ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-01-29T00:00:00", "DATE_PUBLIC": "2018-01-29T00:00:00",
"ID": "CVE-2018-1199", "ID": "CVE-2018-1199",
"STATE": "PUBLIC" "STATE": "PUBLIC"
@ -73,6 +73,16 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)", "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E" "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
} }
] ]
} }

12
2018/1xxx/CVE-2018-1270.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com", "ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-04-05T00:00:00", "DATE_PUBLIC": "2018-04-05T00:00:00",
"ID": "CVE-2018-1270", "ID": "CVE-2018-1270",
"STATE": "PUBLIC" "STATE": "PUBLIC"
@ -92,6 +92,16 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)", "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E" "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
} }
] ]
} }

7
2018/1xxx/CVE-2018-1275.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com", "ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-04-09T00:00:00", "DATE_PUBLIC": "2018-04-09T00:00:00",
"ID": "CVE-2018-1275", "ID": "CVE-2018-1275",
"STATE": "PUBLIC" "STATE": "PUBLIC"
@ -102,6 +102,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar", "name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E" "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
} }
] ]
} }

67
2019/1010xxx/CVE-2019-1010065.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010065", "ID": "CVE-2019-1010065",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "vendor_name": "The Sleuth Kit",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product": {
"product_data": [
{
"product_name": "The Sleuth Kit",
"version": {
"version_data": [
{
"version_value": "\u2264 4.6.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://issuetracker.google.com/issues/77809383",
"refsource": "MISC",
"name": "https://issuetracker.google.com/issues/77809383"
},
{
"refsource": "MISC",
"name": "https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b",
"url": "https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b"
} }
] ]
} }

72
2019/1010xxx/CVE-2019-1010259.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010259", "ID": "CVE-2019-1010259",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "Salt",
"version": {
"version_data": [
{
"version_value": "2018.3, 2019.2 [fixed: 2018.3.4]"
}
]
}
}
]
},
"vendor_name": "SaltStack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt (https://github.com/saltstack/salt/blob/develop/salt/modules/mysql.py#L1462). The attack vector is: specially crafted password string. The fixed version is: 2018.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534",
"refsource": "MISC",
"name": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534"
},
{
"url": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a",
"refsource": "MISC",
"name": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a"
},
{
"url": "https://github.com/saltstack/salt/pull/51462",
"refsource": "MISC",
"name": "https://github.com/saltstack/salt/pull/51462"
} }
] ]
} }

62
2019/1010xxx/CVE-2019-1010261.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010261", "ID": "CVE-2019-1010261",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "Gitea",
"version": {
"version_data": [
{
"version_value": "1.7.0 and earlier [fixed: 1.7.1 and later]"
}
]
}
}
]
},
"vendor_name": "Gitea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/go-gitea/gitea/pull/5905",
"refsource": "MISC",
"name": "https://github.com/go-gitea/gitea/pull/5905"
} }
] ]
} }

67
2019/1010xxx/CVE-2019-1010262.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010262", "ID": "CVE-2019-1010262",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "scapy",
"version": {
"version_data": [
{
"version_value": "2.4.0 and earlier [fixed: after commit 0d7ae2b039f650a40e511d09eb961c782da025d9]"
}
]
}
}
]
},
"vendor_name": "scapy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: _RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap. The fixed version is: after commit 0d7ae2b039f650a40e511d09eb961c782da025d9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Services"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058",
"refsource": "MISC",
"name": "https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058"
},
{
"url": "https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/",
"refsource": "MISC",
"name": "https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/"
} }
] ]
} }

67
2019/1010xxx/CVE-2019-1010268.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010268", "ID": "CVE-2019-1010268",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "vendor_name": "Ladon",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product": {
"product_data": [
{
"product_name": "Ladon",
"version": {
"version_data": [
{
"version_value": "0.9.40 and previous (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/43113",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/43113"
},
{
"refsource": "MISC",
"name": "https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688",
"url": "https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688"
} }
] ]
} }

62
2019/11xxx/CVE-2019-11230.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-11230",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-11230",
"STATE": "PUBLIC"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.mcerlane.co.uk/CVE-2019-11230/",
"url": "http://www.mcerlane.co.uk/CVE-2019-11230/"
} }
] ]
} }

5
2019/13xxx/CVE-2019-13575.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9#diff-bb2b21ef7774df8687ff02b0284505c6", "name": "https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9#diff-bb2b21ef7774df8687ff02b0284505c6",
"url": "https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9#diff-bb2b21ef7774df8687ff02b0284505c6" "url": "https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9#diff-bb2b21ef7774df8687ff02b0284505c6"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9466",
"url": "https://wpvulndb.com/vulnerabilities/9466"
} }
] ]
} }

62
2019/13xxx/CVE-2019-13951.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gdnsd/gdnsd/issues/185",
"refsource": "MISC",
"name": "https://github.com/gdnsd/gdnsd/issues/185"
}
]
}
}

62
2019/13xxx/CVE-2019-13952.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gdnsd/gdnsd/issues/185",
"refsource": "MISC",
"name": "https://github.com/gdnsd/gdnsd/issues/185"
}
]
}
}