admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-16 19:01:06 +00:00
parent 23acfab143
commit e376328dc1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
17 changed files with 2518 additions and 2361 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/20xxx/CVE-2018-20007.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20007",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://forum.yeelight.com/",
"refsource": "MISC",
"name": "https://forum.yeelight.com/"
},
{
"refsource": "MISC",
"name": "https://payatu.com/yeelight-smart-ai-speaker-responsible-disclosure/",
"url": "https://payatu.com/yeelight-smart-ai-speaker-responsible-disclosure/"
}
]
}

6
2019/0xxx/CVE-2019-0957.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0958."
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958."
}
]
},
@ -63,7 +63,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0957"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0957",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0957"
}
]
}

6
2019/0xxx/CVE-2019-0958.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0957."
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957."
}
]
},
@ -63,7 +63,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958"
}
]
}

6
2019/0xxx/CVE-2019-0961.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882."
"value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0961"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0961",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0961"
}
]
}

6
2019/0xxx/CVE-2019-0963.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027."
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963"
}
]
}

6
2019/0xxx/CVE-2019-0971.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka \u0027Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'."
}
]
},
@ -63,7 +63,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
}
]
}

6
2019/0xxx/CVE-2019-0976.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default ââ¬Å“objââ¬Â), aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default \u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201cobj\u00c3\u00a2\u00e2\u201a\u00ac\u00c2\u009d), aka 'NuGet Package Manager Tampering Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976"
}
]
}

6
2019/0xxx/CVE-2019-0979.json
View File

@ -57,7 +57,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0872."
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872."
}
]
},
@ -76,7 +76,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
}
]
}

6
2019/0xxx/CVE-2019-0980.json
View File

@ -707,7 +707,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981."
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981."
}
]
},
@ -726,7 +726,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
}
]
}

6
2019/0xxx/CVE-2019-0981.json
View File

@ -707,7 +707,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980."
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980."
}
]
},
@ -726,7 +726,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
}
]
}

6
2019/0xxx/CVE-2019-0982.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'."
}
]
},
@ -56,7 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
}
]
}

6
2019/0xxx/CVE-2019-0995.json
View File

@ -106,7 +106,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka \u0027Internet Explorer Security Feature Bypass Vulnerability\u0027."
"value": "A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'."
}
]
},
@ -125,7 +125,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0995"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0995",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0995"
}
]
}

18
2019/12xxx/CVE-2019-12149.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12149",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

6
2019/1xxx/CVE-2019-1000.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the AzureàAD Connect server, aka \u0027Microsoft Azure AD Connect Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure\u00c3\u201a\u00c2 AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1000"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1000",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1000"
}
]
}

6
2019/1xxx/CVE-2019-1008.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027."
"value": "A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'."
}
]
},
@ -66,7 +66,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
}
]
}

78
2019/3xxx/CVE-2019-3839.json
View File

@ -1,18 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3839",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3839",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The ghostscript Project",
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "9.28"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839",
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59"
},
{
"refsource": "CONFIRM",
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.28 are vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
}
}