mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 10:41:46 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
23d7002d77
commit
fea3073771
@ -76,6 +76,16 @@
|
||||
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
|
||||
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://codereview.qt-project.org/#/c/236691/",
|
||||
"url": "https://codereview.qt-project.org/#/c/236691/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-17305",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +34,28 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.uipath.com/product/release-notes/uipath-v2018.1.7",
|
||||
"url": "https://www.uipath.com/product/release-notes/uipath-v2018.1.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -138,6 +138,11 @@
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2019:1190",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x?",
|
||||
"url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -53,6 +53,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2019/04/10/6"
|
||||
},
|
||||
{
|
||||
"refsource": "BID",
|
||||
"name": "107869",
|
||||
"url": "http://www.securityfocus.com/bid/107869"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -53,6 +53,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2019/04/10/6"
|
||||
},
|
||||
{
|
||||
"refsource": "BID",
|
||||
"name": "107869",
|
||||
"url": "http://www.securityfocus.com/bid/107869"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -53,6 +53,11 @@
|
||||
"refsource": "CERT-VN",
|
||||
"name": "VU#192371",
|
||||
"url": "https://www.kb.cert.org/vuls/id/192371"
|
||||
},
|
||||
{
|
||||
"refsource": "BID",
|
||||
"name": "107868",
|
||||
"url": "http://www.securityfocus.com/bid/107868"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-5672",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-5672",
|
||||
"ASSIGNER": "psirt@nvidia.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Nvidia",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jetson TX1 and TX2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "< R28.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Denial of Service, Information Disclosure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
|
||||
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "NVIDIA Linux for Tegra (L4T) contains a vulnerability where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-5673",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-5673",
|
||||
"ASSIGNER": "psirt@nvidia.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Nvidia",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jetson TX1 and TX2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "R28.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Denial of Service, Information Disclosure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
|
||||
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "NVIDIA Tegra kernel driver contains a vulnerability in the ARM System Memory Management Unit (SMMU) where an improper check for a fault condition causes transactions to be discarded, which may lead to denial of service. The updates apply to all versions prior to and including R28.3."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** DISPUTED ** Third parties claim/state this is not an issue because PostgreSQL functionality for \u2018COPY TO/FROM PROGRAM\u2019 is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the \u2018COPY FROM PROGRAM\u2019. Furthermore, members in 'pg_read_server_files' can run commands only if either the 'pg_execute_server_program' role or superuser are granted."
|
||||
"value": "** DISPUTED ** In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for \u2018COPY TO/FROM PROGRAM\u2019 is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the \u2018COPY FROM PROGRAM\u2019. Furthermore, members in 'pg_read_server_files' can run commands only if either the 'pg_execute_server_program' role or superuser are granted."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user