admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-16 18:00:57 +00:00
parent bb69dda5c5
commit f47947a841
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 721 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2019/10xxx/CVE-2019-10071.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_value": "Apache Tapestry 5.4.0 to 5.4.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[tapestry-users] 20190913 CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43@%3Cusers.tapestry.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead."
}
]
}

5
2019/11xxx/CVE-2019-11184.json
View File

@ -48,6 +48,11 @@
"refsource": "CONFIRM",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html"
},
{
"refsource": "MISC",
"name": "https://arxiv.org/abs/1909.04841",
"url": "https://arxiv.org/abs/1909.04841"
}
]
},

5
2019/13xxx/CVE-2019-13140.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://twitter.com/GerardFuguet/status/1169298861782896642",
"url": "https://twitter.com/GerardFuguet/status/1169298861782896642"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154494/Inteno-IOPSYS-Gateway-3DES-Key-Extraction-Improper-Access.html",
"url": "http://packetstormsecurity.com/files/154494/Inteno-IOPSYS-Gateway-3DES-Key-Extraction-Improper-Access.html"
}
]
}

2
2019/15xxx/CVE-2019-15052.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The HTTP client in the Build tool in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007."
"value": "The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007."
}
]
},

5
2019/15xxx/CVE-2019-15107.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html",
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
}
]
}

67
2019/15xxx/CVE-2019-15734.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64711",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64711"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/",
"url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"
}
]
}
}

67
2019/15xxx/CVE-2019-15736.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51401",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51401"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/",
"url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"
}
]
}
}

67
2019/15xxx/CVE-2019-15737.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/42733",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/42733"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/",
"url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"
}
]
}
}

70
2019/15xxx/CVE-2019-15738.json Normal file
View File

@ -0,0 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63124",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63124"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/",
"url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

67
2019/15xxx/CVE-2019-15739.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64033",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64033"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/",
"url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"
}
]
}
}

67
2019/15xxx/CVE-2019-15740.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/61390",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/61390"
},
{
"url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"
}
]
}
}

67
2019/15xxx/CVE-2019-15741.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4380",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4380"
},
{
"url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"
}
]
}
}

5
2019/16xxx/CVE-2019-16275.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass",
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
}
]
}

67
2019/16xxx/CVE-2019-16370.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gradle/gradle/pull/10543",
"refsource": "MISC",
"name": "https://github.com/gradle/gradle/pull/10543"
},
{
"url": "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f",
"refsource": "MISC",
"name": "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f"
}
]
}
}

62
2019/16xxx/CVE-2019-16371.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1930",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1930"
}
]
}
}

5
2019/1xxx/CVE-2019-1253.json
View File

@ -142,6 +142,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
}
]
}

48
2019/8xxx/CVE-2019-8368.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8368",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenEMR v5.0.1-6 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/openemr-5-0-16-remote-code-execution-cross-site-scripting",
"url": "https://know.bishopfox.com/advisories/openemr-5-0-16-remote-code-execution-cross-site-scripting"
}
]
}

2
2019/9xxx/CVE-2019-9039.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters \u201cstartkey\u201d and \u201cendkey\u201d of the \u201c_all_docs\u201d endpoint."
"value": "In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway\u2019s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters \"startkey\" and \"endkey\" on the \"_all_docs\" endpoint. By issuing nested queries with CPU-intensive operations they may have been able to cause increased resource usage and denial of service conditions. The _all_docs endpoint is not required for Couchbase Mobile replication and external access to this REST endpoint has been blocked to mitigate this issue. This issue has been fixed in versions 2.5.0 and 2.1.3."
}
]
},