admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-09 18:00:45 +00:00
parent 5c0124d03e
commit fe76e98394
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 694 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2017/17xxx/CVE-2017-17023.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17023",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, \"Sophos IPSec Client\" 11.04 is a rebranded version of NCP \"Secure Entry Client\" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680",
"refsource": "MISC",
"name": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680"
},
{
"refsource": "CONFIRM",
"name": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf",
"url": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf"
}
]
}

55
2017/3xxx/CVE-2017-3139.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security-officer@isc.org",
"ID": "CVE-2017-3139",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "BIND",
"version": {
"version_data": [
{
"version_value": "shipped in Red Hat Enterprise Linux 6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://access.redhat.com/security/cve/cve-2017-3139",
"url": "https://access.redhat.com/security/cve/cve-2017-3139"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1447743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447743"
}
]
}

53
2018/14xxx/CVE-2018-14894.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14894",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.youtube.com/watch?v=B0VpK0poTco",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=B0VpK0poTco"
},
{
"url": "https://mustafakemalcan.com/cyberark-epm-file-block-bypass-cve-2018-14894/",
"refsource": "MISC",
"name": "https://mustafakemalcan.com/cyberark-epm-file-block-bypass-cve-2018-14894/"
}
]
}

53
2018/19xxx/CVE-2018-19586.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19586",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Silverpeas/Silverpeas-Core/blob/d8c3bbb0695a4907db013401bd16c6527e2b4f41/core-web/src/main/java/org/silverpeas/core/webapi/upload/FileUploadData.java#L89",
"refsource": "MISC",
"name": "https://github.com/Silverpeas/Silverpeas-Core/blob/d8c3bbb0695a4907db013401bd16c6527e2b4f41/core-web/src/main/java/org/silverpeas/core/webapi/upload/FileUploadData.java#L89"
},
{
"url": "https://www.bishopfox.com/news/2019/01/silverpeas-5-15-to-6-0-2-path-traversal/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/news/2019/01/silverpeas-5-15-to-6-0-2-path-traversal/"
}
]
}

53
2018/20xxx/CVE-2018-20698.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20698",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docs.search-guard.com/latest/changelog-kibana-6.x-16",
"url": "https://docs.search-guard.com/latest/changelog-kibana-6.x-16"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/floragunncom/search-guard-kibana-plugin/pull/140",
"url": "https://github.com/floragunncom/search-guard-kibana-plugin/pull/140"
}
]
}

5
2019/10xxx/CVE-2019-10876.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.openstack.org/ossa/OSSA-2019-002.html",
"url": "https://security.openstack.org/ossa/OSSA-2019-002.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190409 [OSSA-2019-002] neutron-openvswitch-agent: Unable to install new flows on compute nodes when having broken security group rules (CVE-2019-10876)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/09/2"
}
]
}

18
2019/11xxx/CVE-2019-11059.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11059",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

185
2019/1xxx/CVE-2019-1785.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2019-1785",
"STATE": "PUBLIC",
"TITLE": "Clam AntiVirus RAR Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClamAV",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.101.1"
},
{
"version_affected": "=",
"version_value": "0.101.0"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2019-1785",
"STATE": "PUBLIC",
"TITLE": "Clam AntiVirus RAR Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClamAV",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.101.1"
},
{
"version_affected": "=",
"version_value": "0.101.0"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CISCO",
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=12284"
}
]
},
"source": {
"defect": [
"12284"
],
"discovery": "EXTERNAL"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=12284",
"name": "https://bugzilla.clamav.net/show_bug.cgi?id=12284"
}
]
},
"source": {
"defect": [
"12284"
],
"discovery": "EXTERNAL"
}
}

5
2019/3xxx/CVE-2019-3795.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3795",
"name": "https://pivotal.io/security/cve-2019-3795"
},
{
"refsource": "BID",
"name": "107802",
"url": "http://www.securityfocus.com/bid/107802"
}
]
},

5
2019/4xxx/CVE-2019-4155.json
View File

@ -87,6 +87,11 @@
"title": "X-Force Vulnerability Report",
"name": "ibm-api-cve20194155-priv-escalation (158544)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158544"
},
{
"refsource": "BID",
"name": "107806",
"url": "http://www.securityfocus.com/bid/107806"
}
]
}

48
2019/6xxx/CVE-2019-6117.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6117",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://earthmanet.github.io/2019/01/05/Wordpress%20plugin%20Gallery%20Images%20Ape%201.6.14-Stored%20Cross-Site%20Scripting/",
"refsource": "MISC",
"name": "https://earthmanet.github.io/2019/01/05/Wordpress%20plugin%20Gallery%20Images%20Ape%201.6.14-Stored%20Cross-Site%20Scripting/"
}
]
}

48
2019/7xxx/CVE-2019-7174.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7174",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://alicangonullu.biz/konu/2",
"url": "https://alicangonullu.biz/konu/2"
}
]
}

146
2019/8xxx/CVE-2019-8990.json
View File

@ -1,91 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-09T16:00:00.000Z",
"ID": "CVE-2019-8990",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication"
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-09T16:00:00.000Z",
"ID": "CVE-2019-8990",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BusinessWorks",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BusinessWorks",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes.\n\nAffected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2."
}
]
"description_data": [
{
"lang": "eng",
"value": "The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource."
}
]
}
]
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
}
]
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"name": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks",
"refsource": "MISC",
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher.\n"
}
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher.\n"
}
],
"source": {
"discovery": "USER"
"discovery": "USER"
}
}
}

76
2019/9xxx/CVE-2019-9133.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-9133",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "KMPlayer Subtitles parser Heap Overflow Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KMPlayer",
"version": {
"version_data": [
{
"platform": "x86, x64",
"version_affected": "<",
"version_name": "KMPlayer",
"version_value": "2018.12.24.14"
}
]
}
}
]
},
"vendor_name": "Pandora.tv"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +38,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

75
2019/9xxx/CVE-2019-9134.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-9134",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Architectural Information System",
"version": {
"version_data": [
{
"platform": "x86, x84",
"version_affected": "<=",
"version_name": "Architectual Information system",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Solideo Systems Co,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +37,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34993",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34993"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}