admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-10 15:00:47 +00:00
parent 13e49adeb7
commit e968efdda0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
13 changed files with 589 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2017/12xxx/CVE-2017-12652.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12652",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libpng before 1.6.32 does not properly check the length of chunks against the user limit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE",
"url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"
}
]
}

48
2017/6xxx/CVE-2017-6217.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6217",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/paypal/adaptivepayments-sdk-php/issues/87",
"refsource": "MISC",
"name": "https://github.com/paypal/adaptivepayments-sdk-php/issues/87"
}
]
}

53
2017/7xxx/CVE-2017-7189.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7189",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a",
"refsource": "MISC",
"name": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"
},
{
"refsource": "MISC",
"name": "https://bugs.php.net/bug.php?id=74192",
"url": "https://bugs.php.net/bug.php?id=74192"
}
]
}

48
2018/14xxx/CVE-2018-14831.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14831",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/feric/98180bad0a73716e143ff8dc03fda12f",
"refsource": "MISC",
"name": "https://gist.github.com/feric/98180bad0a73716e143ff8dc03fda12f"
}
]
}

53
2018/19xxx/CVE-2018-19493.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19493",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53037",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53037"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/",
"url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/"
}
]
}

53
2018/19xxx/CVE-2018-19494.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19494",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51262",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51262"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/",
"url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/"
}
]
}

53
2018/19xxx/CVE-2018-19495.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19495",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/8167",
"url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/8167"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/",
"url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/"
}
]
}

53
2018/19xxx/CVE-2018-19496.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19496",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51301",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51301"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/",
"url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/"
}
]
}

53
2018/19xxx/CVE-2018-19577.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19577",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52444",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52444"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/",
"url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/"
}
]
}

5
2018/20xxx/CVE-2018-20815.json
View File

@ -76,6 +76,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1723",
"url": "https://access.redhat.com/errata/RHSA-2019:1723"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1743",
"url": "https://access.redhat.com/errata/RHSA-2019:1743"
}
]
}

71
2019/12xxx/CVE-2019-12467.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12467",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "DEBIAN",
"name": "DSA-4460",
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"refsource": "BUGTRAQ",
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
"url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T209794",
"url": "https://phabricator.wikimedia.org/T209794"
}
]
}

76
2019/12xxx/CVE-2019-12468.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/",
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4460",
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"refsource": "BUGTRAQ",
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T197279",
"url": "https://phabricator.wikimedia.org/T197279"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
"url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
}
]
}

5
2019/3xxx/CVE-2019-3895.json
View File

@ -53,6 +53,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1683",
"url": "https://access.redhat.com/errata/RHSA-2019:1683"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1742",
"url": "https://access.redhat.com/errata/RHSA-2019:1742"
}
]
},