admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 19:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-26 04:02:10 +00:00
parent aba0dac8ae
commit ef60c07ae7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
34 changed files with 530 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
2011/3xxx/CVE-2011-3630.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3630", "ID": "CVE-2011-3630",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hardlink",
"product": {
"product_data": [
{
"product_name": "hardlink",
"version": {
"version_data": [
{
"version_value": "before 0.1.2"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3630",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3630"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-3630",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-3630"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/10/20/6",
"url": "https://www.openwall.com/lists/oss-security/2011/10/20/6"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516"
} }
] ]
} }

65
2011/3xxx/CVE-2011-3631.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3631", "ID": "CVE-2011-3631",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hardlink",
"version": {
"version_data": [
{
"version_value": "0.3.0"
}
]
}
}
]
},
"vendor_name": "hardlink"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3631",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3631"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3631",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3631"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-3631",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-3631"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516"
} }
] ]
} }

75
2011/3xxx/CVE-2011-3632.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3632", "ID": "CVE-2011-3632",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hardlink",
"product": {
"product_data": [
{
"product_name": "hardlink",
"version": {
"version_data": [
{
"version_value": "before 0.1.2"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3632",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3632"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3632",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3632"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-3632",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-3632"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/10/20/6",
"url": "https://www.openwall.com/lists/oss-security/2011/10/20/6"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/10/15/2",
"url": "https://www.openwall.com/lists/oss-security/2011/10/15/2"
} }
] ]
} }

70
2011/4xxx/CVE-2011-4076.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4076", "ID": "CVE-2011-4076",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nova",
"version": {
"version_data": [
{
"version_value": "2014.1.3-11"
}
]
}
}
]
},
"vendor_name": "nova"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4076",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4076"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-4076",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-4076"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/868360",
"url": "https://bugs.launchpad.net/nova/+bug/868360"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/10/25/4",
"url": "https://www.openwall.com/lists/oss-security/2011/10/25/4"
} }
] ]
} }

5
2019/17xxx/CVE-2019-17427.json
View File

@ -66,6 +66,11 @@
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update", "name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"url": "https://seclists.org/bugtraq/2019/Nov/31" "url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"refsource": "UBUNTU",
"name": "USN-4200-1",
"url": "https://usn.ubuntu.com/4200-1/"
} }
] ]
} }

5
2019/18xxx/CVE-2019-18890.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.debian.org/security/2019/dsa-4574", "name": "https://www.debian.org/security/2019/dsa-4574",
"url": "https://www.debian.org/security/2019/dsa-4574" "url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"refsource": "UBUNTU",
"name": "USN-4200-1",
"url": "https://usn.ubuntu.com/4200-1/"
} }
] ]
} }

18
2019/19xxx/CVE-2019-19269.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19269",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2019/19xxx/CVE-2019-19270.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/proftpd/proftpd/issues/859",
"refsource": "MISC",
"name": "https://github.com/proftpd/proftpd/issues/859"
}
]
}
}

62
2019/19xxx/CVE-2019-19271.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/proftpd/proftpd/issues/860",
"refsource": "MISC",
"name": "https://github.com/proftpd/proftpd/issues/860"
}
]
}
}

62
2019/19xxx/CVE-2019-19272.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/proftpd/proftpd/issues/858",
"refsource": "MISC",
"name": "https://github.com/proftpd/proftpd/issues/858"
}
]
}
}