admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-23 20:01:18 +00:00
parent bfa41a9942
commit dd651d4dff
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 354 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2019/0xxx/CVE-2019-0190.json
View File

@ -1,81 +1,82 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2019-01-22T00:00:00",
"ID":"CVE-2019-0190",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2019-0190",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache HTTP Server",
"version":{
"version_data":[
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value":"Apache HTTP Server 2.4.37"
"version_value": "Apache HTTP Server 2.4.37"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts."
"lang": "eng",
"value": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"remote DoS"
"lang": "eng",
"value": "remote DoS"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource":"CONFIRM",
"url":"https://httpd.apache.org/security/vulnerabilities_24.html"
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name":"106743",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106743"
"name": "106743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106743"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190125-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190125-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190125-0001/"
},
{
"refsource":"GENTOO",
"name":"GLSA-201903-21",
"url":"https://security.gentoo.org/glsa/201903-21"
"refsource": "GENTOO",
"name": "GLSA-201903-21",
"url": "https://security.gentoo.org/glsa/201903-21"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

56
2019/10xxx/CVE-2019-10711.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-10711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware (until Webware version V1.0.1) allows attackers to view an RTSP stream by connecting to the stream with hidden credentials (guest or user) that are neither displayed nor configurable in the camera's CamHi or keye mobile management application. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/",
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/"
}
]
}

2
2019/11xxx/CVE-2019-11072.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c."
"value": "** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states \"The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.\""
}
]
},

175
2019/1xxx/CVE-2019-1559.json
View File

@ -1,155 +1,156 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2019-02-26",
"ID":"CVE-2019-1559",
"STATE":"PUBLIC",
"TITLE":"0-byte record padding oracle"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2019-02-26",
"ID": "CVE-2019-1559",
"STATE": "PUBLIC",
"TITLE": "0-byte record padding oracle"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
"version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
"lang": "eng",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
"lang": "eng",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Moderate",
"value":"Moderate"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Padding Oracle"
"lang": "eng",
"value": "Padding Oracle"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://security.netapp.com/advisory/ntap-20190301-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190301-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190301-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190301-0002/"
"name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"name":"107174",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/107174"
"name": "107174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name":"GLSA-201903-10",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-10"
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"name":"USN-3899-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3899-1/"
"name": "USN-3899-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name":"[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name":"https://www.openssl.org/news/secadv/20190226.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20190226.txt"
"name": "https://www.openssl.org/news/secadv/20190226.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"name":"DSA-4400",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4400"
"name": "DSA-4400",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"refsource":"CONFIRM",
"name":"https://support.f5.com/csp/article/K18549143",
"url":"https://support.f5.com/csp/article/K18549143"
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K18549143",
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"refsource":"CONFIRM",
"name":"https://www.tenable.com/security/tns-2019-02",
"url":"https://www.tenable.com/security/tns-2019-02"
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-02",
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1076",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1076",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1105",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1105",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1173",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1173",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1175",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1175",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190423-0002/",
"url":"https://security.netapp.com/advisory/ntap-20190423-0002/"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
}
]
}

99
2019/3xxx/CVE-2019-3772.json
View File

@ -1,89 +1,90 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"DATE_PUBLIC":"2019-01-15T20:30:16.000Z",
"ID":"CVE-2019-3772",
"STATE":"PUBLIC",
"TITLE":"Spring Integration XML External Entity Injection (XXE) "
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-01-15T20:30:16.000Z",
"ID": "CVE-2019-3772",
"STATE": "PUBLIC",
"TITLE": "Spring Integration XML External Entity Injection (XXE) "
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Spring Integration",
"version":{
"version_data":[
"product_name": "Spring Integration",
"version": {
"version_data": [
{
"affected":"<",
"version_name":"5.0",
"version_value":"v5.0.10.RELEASE"
"affected": "<",
"version_name": "5.0",
"version_value": "v5.0.10.RELEASE"
},
{
"affected":"<",
"version_name":"5.1",
"version_value":"v5.1.1.RELEASE"
"affected": "<",
"version_name": "5.1",
"version_value": "v5.1.1.RELEASE"
},
{
"affected":"<",
"version_name":"4.3",
"version_value":"v4.3.18.RELEASE"
"affected": "<",
"version_name": "4.3",
"version_value": "v4.3.18.RELEASE"
}
]
}
}
]
},
"vendor_name":"Spring"
"vendor_name": "Spring"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
"lang": "eng",
"value": "Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
}
]
},
"impact":null,
"problemtype":{
"problemtype_data":[
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-611: XML External Entities (XXE)"
"lang": "eng",
"value": "CWE-611: XML External Entities (XXE)"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://pivotal.io/security/cve-2019-3772",
"refsource":"CONFIRM",
"url":"https://pivotal.io/security/cve-2019-3772"
"name": "https://pivotal.io/security/cve-2019-3772",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3772"
},
{
"refsource":"BID",
"name":"106749",
"url":"http://www.securityfocus.com/bid/106749"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "BID",
"name": "106749",
"url": "http://www.securityfocus.com/bid/106749"
}
]
},
"source":{
"discovery":"UNKNOWN"
"source": {
"discovery": "UNKNOWN"
}
}

123
2019/3xxx/CVE-2019-3822.json
View File

@ -1,115 +1,116 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2019-3822",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3822",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"curl",
"version":{
"version_data":[
"product_name": "curl",
"version": {
"version_data": [
{
"version_value":"7.64.0"
"version_value": "7.64.0"
}
]
}
}
]
},
"vendor_name":"The curl Project"
"vendor_name": "The curl Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header."
"lang": "eng",
"value": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version":"3.0"
"vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-121"
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"GLSA-201903-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-03"
"name": "GLSA-201903-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822"
},
{
"name":"DSA-4386",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4386"
"name": "DSA-4386",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name":"https://curl.haxx.se/docs/CVE-2019-3822.html",
"refsource":"MISC",
"url":"https://curl.haxx.se/docs/CVE-2019-3822.html"
"name": "https://curl.haxx.se/docs/CVE-2019-3822.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2019-3822.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name":"USN-3882-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3882-1/"
"name": "USN-3882-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name":"106950",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106950"
"name": "106950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106950"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"CONFIRM",
"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

117
2019/3xxx/CVE-2019-3823.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2019-3823",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3823",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"curl",
"version":{
"version_data":[
"product_name": "curl",
"version": {
"version_data": [
{
"version_value":"7.64.0"
"version_value": "7.64.0"
}
]
}
}
]
},
"vendor_name":"The curl Project"
"vendor_name": "The curl Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller."
"lang": "eng",
"value": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version":"3.0"
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-125"
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"GLSA-201903-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-03"
"name": "GLSA-201903-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"name":"DSA-4386",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4386"
"name": "DSA-4386",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823"
},
{
"name":"https://curl.haxx.se/docs/CVE-2019-3823.html",
"refsource":"MISC",
"url":"https://curl.haxx.se/docs/CVE-2019-3823.html"
"name": "https://curl.haxx.se/docs/CVE-2019-3823.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2019-3823.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name":"USN-3882-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3882-1/"
"name": "USN-3882-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name":"106950",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106950"
"name": "106950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106950"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}