admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-27 16:01:12 +00:00
parent 55028909d4
commit fd6c4bc938
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 773 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2014/8xxx/CVE-2014-8161.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8161",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,93 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PostgreSQL Global Development Group",
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.19"
},
{
"version_value": "9.1.x before 9.1.15"
},
{
"version_value": "9.2.x before 9.2.10"
},
{
"version_value": "9.3.x before 9.3.6"
},
{
"version_value": "9.4.x before 9.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/about/news/1569/",
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"refsource": "CONFIRM",
"name": "http://www.debian.org/security/2015/dsa-3155",
"url": "http://www.debian.org/security/2015/dsa-3155"
}
]
}

65
2014/9xxx/CVE-2014-9481.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-9481",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Scribunto",
"product": {
"product_data": [
{
"product_name": "Scribunto",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/12/21/2",
"url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/03/13",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T73167",
"url": "https://phabricator.wikimedia.org/T73167"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
}
]
}

92
2015/0xxx/CVE-2015-0241.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0241",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,93 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PostgreSQL Global Development Group",
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.19"
},
{
"version_value": "9.1.x before 9.1.15"
},
{
"version_value": "9.2.x before 9.2.10"
},
{
"version_value": "9.3.x before 9.3.6"
},
{
"version_value": "9.4.x before 9.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/about/news/1569/",
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"refsource": "CONFIRM",
"name": "http://www.debian.org/security/2015/dsa-3155",
"url": "http://www.debian.org/security/2015/dsa-3155"
}
]
}

92
2015/0xxx/CVE-2015-0242.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0242",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,93 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PostgreSQL Global Development Group",
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.19"
},
{
"version_value": "9.1.x before 9.1.15"
},
{
"version_value": "9.2.x before 9.2.10"
},
{
"version_value": "9.3.x before 9.3.6"
},
{
"version_value": "9.4.x before 9.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/about/news/1569/",
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"refsource": "CONFIRM",
"name": "http://www.debian.org/security/2015/dsa-3155",
"url": "http://www.debian.org/security/2015/dsa-3155"
}
]
}

92
2015/0xxx/CVE-2015-0243.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0243",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,93 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PostgreSQL Global Development Group",
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.19"
},
{
"version_value": "9.1.x before 9.1.15"
},
{
"version_value": "9.2.x before 9.2.10"
},
{
"version_value": "9.3.x before 9.3.6"
},
{
"version_value": "9.4.x before 9.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/about/news/1569/",
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"refsource": "CONFIRM",
"name": "http://www.debian.org/security/2015/dsa-3155",
"url": "http://www.debian.org/security/2015/dsa-3155"
}
]
}

92
2015/0xxx/CVE-2015-0244.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0244",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,93 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PostgreSQL Global Development Group",
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.19"
},
{
"version_value": "9.1.x before 9.1.15"
},
{
"version_value": "9.2.x before 9.2.10"
},
{
"version_value": "9.3.x before 9.3.6"
},
{
"version_value": "9.4.x before 9.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html",
"url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.postgresql.org/about/news/1569/",
"url": "http://www.postgresql.org/about/news/1569/"
},
{
"refsource": "CONFIRM",
"name": "http://www.debian.org/security/2015/dsa-3155",
"url": "http://www.debian.org/security/2015/dsa-3155"
}
]
}

60
2015/0xxx/CVE-2015-0294.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0294",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptography"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GnuTLS",
"product": {
"product_data": [
{
"product_name": "GnuTLS",
"version": {
"version_data": [
{
"version_value": "before 3.3.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3191",
"url": "http://www.debian.org/security/2015/dsa-3191"
}
]
}

56
2015/3xxx/CVE-2015-3154.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3154",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,57 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CRLF Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zend Technologies",
"product": {
"product_data": [
{
"product_name": "Zend Framework",
"version": {
"version_data": [
{
"version_value": "before 1.12.12"
},
{
"version_value": "2.x before 2.3.8"
},
{
"version_value": "2.4.x before 2.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://framework.zend.com/security/advisory/ZF2015-04",
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
]
}

62
2019/17xxx/CVE-2019-17190.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\\Avast Software\\Browser\\Update\\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community",
"url": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community"
}
]
}
}

50
2019/1xxx/CVE-2019-1348.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-1348",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft Corporation",
"product": {
"product_data": [
{
"product_name": "Git",
"version": {
"version_data": [
{
"version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u",
"url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none."
"value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths."
}
]
}

50
2019/1xxx/CVE-2019-1353.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-1353",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft Corporation",
"product": {
"product_data": [
{
"product_name": "Git",
"version": {
"version_data": [
{
"version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u",
"url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none."
"value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active."
}
]
}