admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '01172019' of https://github.com/DellEMCProductSecurity/cvelist

Browse Source
This commit is contained in:
CVE Team 2019-01-18 16:31:28 -05:00
commit f68ac0b0ad
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 80 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
2018/15xxx/CVE-2018-15784.json
View File

@ -1,18 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15784",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-01-14T14:37:00.000Z",
"ID": "CVE-2018-15784",
"STATE": "PUBLIC",
"TITLE": "DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Networking OS10",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "10.4.3.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the servers certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}

19
2019/3xxx/CVE-2019-3772.json
View File

@ -1,18 +1 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3772",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-01-15T20:30:16.000Z","ID":"CVE-2019-3772","STATE":"PUBLIC","TITLE":"Spring Integration XML External Entity Injection (XXE) "},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Integration","version":{"version_data":[{"affected":"<","version_name":"5.0","version_value":"v5.0.10.RELEASE"},{"affected":"<","version_name":"5.1","version_value":"v5.1.1.RELEASE"},{"affected":"<","version_name":"4.3","version_value":"v4.3.18.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-611: XML External Entities (XXE)"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3772"}]},"impact":null}

19
2019/3xxx/CVE-2019-3773.json
View File

@ -1,18 +1 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3773",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-01-15T20:30:17.000Z","ID":"CVE-2019-3773","STATE":"PUBLIC","TITLE":"Spring Web Services XML External Entity Injection (XXE) "},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Web Services","version":{"version_data":[{"affected":"<","version_name":"3.0","version_value":"v3.0.4.RELEASE"},{"affected":"<","version_name":"2.4","version_value":"v2.4.3.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-611: XML External Entities (XXE)"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3773"}]},"impact":null}

19
2019/3xxx/CVE-2019-3774.json
View File

@ -1,18 +1 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3774",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-01-15T20:30:17.000Z","ID":"CVE-2019-3774","STATE":"PUBLIC","TITLE":"Spring Batch XML External Entity Injection (XXE) "},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Batch","version":{"version_data":[{"affected":"<","version_name":"4.0","version_value":"4.0.1.RELEASE"},{"affected":"<","version_name":"4.1","version_value":"4.1.0.RELEASE"},{"affected":"<","version_name":"3.0","version_value":"3.0.9.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-611: XML External Entities (XXE)"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3774"}]},"impact":null}