admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-07 15:00:52 +00:00
parent 1cb62704b9
commit df7ef5c9c6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
16 changed files with 1001 additions and 689 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/13xxx/CVE-2018-13380.json
View File

@ -54,6 +54,11 @@
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-18-383",
"url": "https://fortiguard.com/advisory/FG-IR-18-383"
},
{
"refsource": "BID",
"name": "108681",
"url": "http://www.securityfocus.com/bid/108681"
}
]
},

5
2018/15xxx/CVE-2018-15587.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-3998-1",
"url": "https://usn.ubuntu.com/3998-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4457",
"url": "https://www.debian.org/security/2019/dsa-4457"
}
]
}

48
2018/5xxx/CVE-2018-5265.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5265",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.red4sec.com/cve/edgerouter_lite.txt",
"refsource": "MISC",
"name": "https://www.red4sec.com/cve/edgerouter_lite.txt"
}
]
}

53
2018/5xxx/CVE-2018-5798.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5798",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cloudera.com",
"refsource": "MISC",
"name": "https://www.cloudera.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
]
}

53
2018/6xxx/CVE-2018-6185.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6185",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is \"*\" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cloudera.com",
"refsource": "MISC",
"name": "https://www.cloudera.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
]
}

5
2019/10xxx/CVE-2019-10149.json
View File

@ -98,6 +98,11 @@
"refsource": "BID",
"name": "108679",
"url": "http://www.securityfocus.com/bid/108679"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1524",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html"
}
]
},

2
2019/12xxx/CVE-2019-12378.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash)."
"value": "** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue."
}
]
},

67
2019/12xxx/CVE-2019-12477.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12477",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/file/d/1ZVHn_bPE-3kqYd2D-3AJpXZdd4dlmzVh/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1ZVHn_bPE-3kqYd2D-3AJpXZdd4dlmzVh/view?usp=sharing"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153191/Supra-Smart-Cloud-TV-Remote-File-Inclusion.html",
"url": "http://packetstormsecurity.com/files/153191/Supra-Smart-Cloud-TV-Remote-File-Inclusion.html"
}
]
}

18
2019/12xxx/CVE-2019-12773.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

64
2019/8xxx/CVE-2019-8282.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-8282",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Sentinel LDK RTE",
"version": {
"version_data": [
{
"version_value": "7.91"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one."
}
]
}

64
2019/8xxx/CVE-2019-8283.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8283",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-8283",
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Sentinel LDK RTE",
"version": {
"version_data": [
{
"version_value": "7.91"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it."
}
]
}