admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-09 19:01:00 +00:00
parent d56f0f438c
commit f737d9a048
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 333 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
2019/1020xxx/CVE-2019-1020017.json
View File

@ -8,7 +8,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Discourse",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -16,7 +16,16 @@
"version": {
"version_data": [
{
"version_value": "< v2.4.0.beta2"
"version_value": "< 2.3.0"
},
{
"version_value": "2.4.0.beta1"
},
{
"version_value": "2.4.0.beta2"
},
{
"version_value": "fixed in 2.4.0.beta3"
}
]
}
@ -34,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP."
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP."
}
]
},

15
2019/1020xxx/CVE-2019-1020018.json
View File

@ -8,7 +8,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Discourse",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -16,7 +16,16 @@
"version": {
"version_data": [
{
"version_value": "< v2.4.0.beta2"
"version_value": "< 2.3.0"
},
{
"version_value": "2.4.0.beta1"
},
{
"version_value": "2.4.0.beta2"
},
{
"version_value": "fixed in 2.4.0.beta3"
}
]
}
@ -34,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link."
"value": "Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link."
}
]
},

5
2019/15xxx/CVE-2019-15859.json
View File

@ -57,6 +57,11 @@
"refsource": "MISC",
"name": "https://www.socomec.com/single-circuit-multifunction-meters_en.html"
},
{
"refsource": "FULLDISC",
"name": "20191008 Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501",
"url": "http://seclists.org/fulldisclosure/2019/Oct/10"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154764/Socomec-DIRIS-A-40-Password-Disclosure.html",

72
2019/17xxx/CVE-2019-17092.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.openproject.org/release-notes/openproject-10-0-2/",
"url": "https://www.openproject.org/release-notes/openproject-10-0-2/"
},
{
"refsource": "CONFIRM",
"name": "https://www.openproject.org/release-notes/openproject-9-0-4/",
"url": "https://www.openproject.org/release-notes/openproject-9-0-4/"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!topic/openproject-security/tEsx0UXWxXA",
"url": "https://groups.google.com/forum/#!topic/openproject-security/tEsx0UXWxXA"
}
]
}
}

7
2019/17xxx/CVE-2019-17266.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "libsoup through 2.68.1 has a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy."
"value": "libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy."
}
]
},
@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1705054.html",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1705054.html"
},
{
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad",
"url": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad"
}
]
}

62
2019/17xxx/CVE-2019-17401.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libyal/liblnk/issues/40",
"refsource": "MISC",
"name": "https://github.com/libyal/liblnk/issues/40"
}
]
}
}

62
2019/17xxx/CVE-2019-17402.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Exiv2/exiv2/issues/1019",
"refsource": "MISC",
"name": "https://github.com/Exiv2/exiv2/issues/1019"
}
]
}
}

58
2019/5xxx/CVE-2019-5506.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5506",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5506",
"ASSIGNER": "security-alert@netapp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Clustered Data ONTAP",
"version": {
"version_data": [
{
"version_value": "9.0 and higher"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191009-0003/",
"url": "https://security.netapp.com/advisory/ntap-20191009-0003/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks."
}
]
}

58
2019/5xxx/CVE-2019-5507.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5507",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5507",
"ASSIGNER": "security-alert@netapp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SnapManager for Oracle",
"version": {
"version_data": [
{
"version_value": "before 3.4.2P1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191009-0004/",
"url": "https://security.netapp.com/advisory/ntap-20191009-0004/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information."
}
]
}