diff --git a/2014/3xxx/CVE-2014-3004.json b/2014/3xxx/CVE-2014-3004.json index 79723878487c..57ecf0ba4a90 100644 --- a/2014/3xxx/CVE-2014-3004.json +++ b/2014/3xxx/CVE-2014-3004.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-3004", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2014-3004", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document." + "lang":"eng", + "value":"The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html", - "refsource": "MISC", - "url": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html" + "name":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html", + "refsource":"MISC", + "url":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html" }, { - "name": "openSUSE-SU-2014:0822", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html" + "name":"openSUSE-SU-2014:0822", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html" }, { - "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811", - "refsource": "MISC", - "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811" + "name":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811", + "refsource":"MISC", + "url":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811" }, { - "name": "20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2014/May/142" + "name":"20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2014/May/142" }, { - "name": "59427", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59427" + "name":"59427", + "refsource":"SECUNIA", + "url":"http://secunia.com/advisories/59427" }, { - "name": "67676", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/67676" + "name":"67676", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/67676" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2014/3xxx/CVE-2014-3596.json b/2014/3xxx/CVE-2014-3596.json index 40c7e2ff6f0c..3bdc1ee5fb60 100644 --- a/2014/3xxx/CVE-2014-3596.json +++ b/2014/3xxx/CVE-2014-3596.json @@ -1,131 +1,135 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2014-3596", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2014-3596", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2014/08/20/2" + "name":"[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack", + "refsource":"MLIST", + "url":"http://www.openwall.com/lists/oss-security/2014/08/20/2" }, { - "name": "https://issues.apache.org/jira/browse/AXIS-2905", - "refsource": "MISC", - "url": "https://issues.apache.org/jira/browse/AXIS-2905" + "name":"https://issues.apache.org/jira/browse/AXIS-2905", + "refsource":"MISC", + "url":"https://issues.apache.org/jira/browse/AXIS-2905" }, { - "name": "apache-axis-cve20143596-spoofing(95377)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95377" + "name":"apache-axis-cve20143596-spoofing(95377)", + "refsource":"XF", + "url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95377" }, { - "name": "1030745", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1030745" + "name":"1030745", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1030745" }, { - "name": "61222", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/61222" + "name":"61222", + "refsource":"SECUNIA", + "url":"http://secunia.com/advisories/61222" }, { - "name": "RHSA-2014:1193", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-1193.html" + "name":"RHSA-2014:1193", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2014-1193.html" }, { - "name": "69295", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/69295" + "name":"69295", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/69295" }, { - "name": "http://linux.oracle.com/errata/ELSA-2014-1193.html", - "refsource": "CONFIRM", - "url": "http://linux.oracle.com/errata/ELSA-2014-1193.html" + "name":"http://linux.oracle.com/errata/ELSA-2014-1193.html", + "refsource":"CONFIRM", + "url":"http://linux.oracle.com/errata/ELSA-2014-1193.html" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1497", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1497", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1526", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1526", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", - "url": "https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", + "url":"https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index b3206ebeb22f..94d77ed6d947 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -1,196 +1,200 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-9251", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2015-9251", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/jquery/jquery/issues/2432", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/issues/2432" + "name":"https://github.com/jquery/jquery/issues/2432", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/issues/2432" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", - "refsource": "MISC", - "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" + "name":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", + "refsource":"MISC", + "url":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" }, { - "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" + "name":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" }, { - "name": "https://snyk.io/vuln/npm:jquery:20150627", - "refsource": "MISC", - "url": "https://snyk.io/vuln/npm:jquery:20150627" + "name":"https://snyk.io/vuln/npm:jquery:20150627", + "refsource":"MISC", + "url":"https://snyk.io/vuln/npm:jquery:20150627" }, { - "name": "https://github.com/jquery/jquery/pull/2588", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/pull/2588" + "name":"https://github.com/jquery/jquery/pull/2588", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/pull/2588" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "105658", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105658" + "name":"105658", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105658" }, { - "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", - "refsource": "MISC", - "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" + "name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", + "refsource":"MISC", + "url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" }, { - "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", - "refsource": "MISC", - "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" + "name":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", + "refsource":"MISC", + "url":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "BUGTRAQ", - "name": "20190509 dotCMS v5.1.1 Vulnerabilities", - "url": "https://seclists.org/bugtraq/2019/May/18" + "refsource":"BUGTRAQ", + "name":"20190509 dotCMS v5.1.1 Vulnerabilities", + "url":"https://seclists.org/bugtraq/2019/May/18" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", - "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", + "url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/11" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/11" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 Vulnerabilities", - "url": "http://seclists.org/fulldisclosure/2019/May/10" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 Vulnerabilities", + "url":"http://seclists.org/fulldisclosure/2019/May/10" }, { - "refsource": "FULLDISC", - "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/13" + "refsource":"FULLDISC", + "name":"20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/13" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", - "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", + "url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-user] 20190811 Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-dev] 20190811 Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-user] 20190813 Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", - "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E" + "refsource":"MLIST", + "name":"[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", + "url":"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", - "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" + "refsource":"MLIST", + "name":"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", + "url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/0xxx/CVE-2016-0701.json b/2016/0xxx/CVE-2016-0701.json index 3b314e5c4a42..f56cc5398914 100644 --- a/2016/0xxx/CVE-2016-0701.json +++ b/2016/0xxx/CVE-2016-0701.json @@ -1,151 +1,155 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-0701", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-0701", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "FEDORA-2016-527018d2ff", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html" + "name":"FEDORA-2016-527018d2ff", + "refsource":"FEDORA", + "url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "1034849", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1034849" + "name":"1034849", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1034849" }, { - "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2" + "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2" }, { - "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648" + "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821" }, { - "name": "http://www.openssl.org/news/secadv/20160128.txt", - "refsource": "CONFIRM", - "url": "http://www.openssl.org/news/secadv/20160128.txt" + "name":"http://www.openssl.org/news/secadv/20160128.txt", + "refsource":"CONFIRM", + "url":"http://www.openssl.org/news/secadv/20160128.txt" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893" }, { - "name": "GLSA-201601-05", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201601-05" + "name":"GLSA-201601-05", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201601-05" }, { - "name": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html", - "refsource": "MISC", - "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html" + "name":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html", + "refsource":"MISC", + "url":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html" }, { - "name": "82233", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/82233" + "name":"82233", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/82233" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us" + "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us" }, { - "name": "91787", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91787" + "name":"91787", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91787" }, { - "name": "VU#257823", - "refsource": "CERT-VN", - "url": "https://www.kb.cert.org/vuls/id/257823" + "name":"VU#257823", + "refsource":"CERT-VN", + "url":"https://www.kb.cert.org/vuls/id/257823" }, { - "name": "openSUSE-SU-2016:0637", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" + "name":"openSUSE-SU-2016:0637", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { - "name": "USN-2883-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2883-1" + "name":"USN-2883-1", + "refsource":"UBUNTU", + "url":"http://www.ubuntu.com/usn/USN-2883-1" }, { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource":"CONFIRM", + "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1000xxx/CVE-2016-1000031.json b/2016/1000xxx/CVE-2016-1000031.json index f07321783070..d47eec226f10 100644 --- a/2016/1000xxx/CVE-2016-1000031.json +++ b/2016/1000xxx/CVE-2016-1000031.json @@ -1,141 +1,145 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-1000031", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2016-1000031", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution" + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution" } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "93604", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93604" + "name":"93604", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93604" }, { - "name": "https://security.netapp.com/advisory/ntap-20190212-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190212-0001/" + "name":"https://security.netapp.com/advisory/ntap-20190212-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190212-0001/" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://issues.apache.org/jira/browse/WW-4812", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/WW-4812" + "name":"https://issues.apache.org/jira/browse/WW-4812", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/WW-4812" }, { - "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/", - "refsource": "MISC", - "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/" + "name":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/", + "refsource":"MISC", + "url":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/" }, { - "name": "https://www.tenable.com/security/research/tra-2016-30", - "refsource": "MISC", - "url": "https://www.tenable.com/security/research/tra-2016-30" + "name":"https://www.tenable.com/security/research/tra-2016-30", + "refsource":"MISC", + "url":"https://www.tenable.com/security/research/tra-2016-30" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "https://www.tenable.com/security/research/tra-2016-12", - "refsource": "MISC", - "url": "https://www.tenable.com/security/research/tra-2016-12" + "name":"https://www.tenable.com/security/research/tra-2016-12", + "refsource":"MISC", + "url":"https://www.tenable.com/security/research/tra-2016-12" }, { - "name": "https://issues.apache.org/jira/browse/FILEUPLOAD-279", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/FILEUPLOAD-279" + "name":"https://issues.apache.org/jira/browse/FILEUPLOAD-279", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/FILEUPLOAD-279" }, { - "name": "https://www.tenable.com/security/research/tra-2016-23", - "refsource": "MISC", - "url": "https://www.tenable.com/security/research/tra-2016-23" + "name":"https://www.tenable.com/security/research/tra-2016-23", + "refsource":"MISC", + "url":"https://www.tenable.com/security/research/tra-2016-23" }, { - "name": "[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E" + "name":"[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", - "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1399", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1399", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "MISC" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"MISC" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1xxx/CVE-2016-1181.json b/2016/1xxx/CVE-2016-1181.json index becc64b305aa..a3a791fa79a1 100644 --- a/2016/1xxx/CVE-2016-1181.json +++ b/2016/1xxx/CVE-2016-1181.json @@ -1,151 +1,155 @@ + { - "CVE_data_meta": { - "ASSIGNER": "vultures@jpcert.or.jp", - "ID": "CVE-2016-1181", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"vultures@jpcert.or.jp", + "ID":"CVE-2016-1181", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "JVNDB-2016-000096", - "refsource": "JVNDB", - "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096" + "name":"JVNDB-2016-000096", + "refsource":"JVNDB", + "url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20180629-0006/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180629-0006/" + "name":"https://security.netapp.com/advisory/ntap-20180629-0006/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180629-0006/" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", - "refsource": "CONFIRM", - "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" + "name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", + "refsource":"CONFIRM", + "url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538" }, { - "name": "91068", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91068" + "name":"91068", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91068" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "1036056", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036056" + "name":"1036056", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036056" }, { - "name": "JVN#03188560", - "refsource": "JVN", - "url": "http://jvn.jp/en/jp/JVN03188560/index.html" + "name":"JVN#03188560", + "refsource":"JVN", + "url":"http://jvn.jp/en/jp/JVN03188560/index.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "91787", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91787" + "name":"91787", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91787" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-1181", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181" + "name":"https://security-tracker.debian.org/tracker/CVE-2016-1181", + "refsource":"CONFIRM", + "url":"https://security-tracker.debian.org/tracker/CVE-2016-1181" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1xxx/CVE-2016-1182.json b/2016/1xxx/CVE-2016-1182.json index ec7d7d1fb857..dc08f37bdd83 100644 --- a/2016/1xxx/CVE-2016-1182.json +++ b/2016/1xxx/CVE-2016-1182.json @@ -1,146 +1,150 @@ + { - "CVE_data_meta": { - "ASSIGNER": "vultures@jpcert.or.jp", - "ID": "CVE-2016-1182", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"vultures@jpcert.or.jp", + "ID":"CVE-2016-1182", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "JVNDB-2016-000097", - "refsource": "JVNDB", - "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097" + "name":"JVNDB-2016-000097", + "refsource":"JVNDB", + "url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097" }, { - "name": "JVN#65044642", - "refsource": "JVN", - "url": "http://jvn.jp/en/jp/JVN65044642/index.html" + "name":"JVN#65044642", + "refsource":"JVN", + "url":"http://jvn.jp/en/jp/JVN65044642/index.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20180629-0006/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180629-0006/" + "name":"https://security.netapp.com/advisory/ntap-20180629-0006/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180629-0006/" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", - "refsource": "CONFIRM", - "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" + "name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8", + "refsource":"CONFIRM", + "url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "1036056", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036056" + "name":"1036056", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036056" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540" }, { - "name": "91067", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91067" + "name":"91067", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91067" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "91787", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/91787" + "name":"91787", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/91787" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-1182", - "refsource": "CONFIRM", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-1182" + "name":"https://security-tracker.debian.org/tracker/CVE-2016-1182", + "refsource":"CONFIRM", + "url":"https://security-tracker.debian.org/tracker/CVE-2016-1182" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/2xxx/CVE-2016-2183.json b/2016/2xxx/CVE-2016-2183.json index 5c68d5902bcc..33552d46ffb8 100644 --- a/2016/2xxx/CVE-2016-2183.json +++ b/2016/2xxx/CVE-2016-2183.json @@ -1,416 +1,420 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-2183", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-2183", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2017:3113", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3113" + "name":"RHSA-2017:3113", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3113" }, { - "name": "RHSA-2017:0338", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" + "name":"RHSA-2017:0338", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html" }, { - "name": "https://www.tenable.com/security/tns-2016-20", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-20" + "name":"https://www.tenable.com/security/tns-2016-20", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-20" }, { - "name": "https://sweet32.info/", - "refsource": "MISC", - "url": "https://sweet32.info/" + "name":"https://sweet32.info/", + "refsource":"MISC", + "url":"https://sweet32.info/" }, { - "name": "http://www.splunk.com/view/SP-CAAAPUE", - "refsource": "CONFIRM", - "url": "http://www.splunk.com/view/SP-CAAAPUE" + "name":"http://www.splunk.com/view/SP-CAAAPUE", + "refsource":"CONFIRM", + "url":"http://www.splunk.com/view/SP-CAAAPUE" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" + "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" }, { - "name": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "refsource": "MISC", - "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" + "name":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", + "refsource":"MISC", + "url":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + "name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { - "name": "GLSA-201612-16", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-16" + "name":"GLSA-201612-16", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201612-16" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { - "name": "https://access.redhat.com/articles/2548661", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/articles/2548661" + "name":"https://access.redhat.com/articles/2548661", + "refsource":"CONFIRM", + "url":"https://access.redhat.com/articles/2548661" }, { - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource": "CONFIRM", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource":"CONFIRM", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" }, { - "name": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", - "refsource": "MISC", - "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" + "name":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue", + "refsource":"MISC", + "url":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" }, { - "name": "http://www.splunk.com/view/SP-CAAAPSV", - "refsource": "CONFIRM", - "url": "http://www.splunk.com/view/SP-CAAAPSV" + "name":"http://www.splunk.com/view/SP-CAAAPSV", + "refsource":"CONFIRM", + "url":"http://www.splunk.com/view/SP-CAAAPSV" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" }, { - "name": "RHSA-2017:3240", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3240" + "name":"RHSA-2017:3240", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3240" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { - "name": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "refsource": "MISC", - "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" + "name":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", + "refsource":"MISC", + "url":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { - "name": "https://www.tenable.com/security/tns-2016-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-16" + "name":"https://www.tenable.com/security/tns-2016-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-16" }, { - "name": "RHSA-2017:2709", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2709" + "name":"RHSA-2017:2709", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2709" }, { - "name": "92630", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/92630" + "name":"92630", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/92630" }, { - "name": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "refsource": "MISC", - "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/" + "name":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/", + "refsource":"MISC", + "url":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" }, { - "name": "https://www.tenable.com/security/tns-2016-21", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-21" + "name":"https://www.tenable.com/security/tns-2016-21", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-21" }, { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171", + "refsource":"CONFIRM", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" + "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { - "name": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/" + "name":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "RHSA-2017:3239", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3239" + "name":"RHSA-2017:3239", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3239" }, { - "name": "https://access.redhat.com/security/cve/cve-2016-2183", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/cve/cve-2016-2183" + "name":"https://access.redhat.com/security/cve/cve-2016-2183", + "refsource":"CONFIRM", + "url":"https://access.redhat.com/security/cve/cve-2016-2183" }, { - "name": "GLSA-201701-65", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-65" + "name":"GLSA-201701-65", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201701-65" }, { - "name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "refsource": "MISC", - "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" + "name":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", + "refsource":"MISC", + "url":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { - "name": "1036696", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036696" + "name":"1036696", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036696" }, { - "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource": "MISC", - "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + "name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource":"MISC", + "url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { - "name": "https://security.netapp.com/advisory/ntap-20160915-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20160915-0001/" + "name":"https://security.netapp.com/advisory/ntap-20160915-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20160915-0001/" }, { - "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + "name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" }, { - "name": "GLSA-201707-01", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201707-01" + "name":"GLSA-201707-01", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201707-01" }, { - "name": "95568", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95568" + "name":"95568", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/95568" }, { - "name": "RHSA-2017:3114", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3114" + "name":"RHSA-2017:3114", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3114" }, { - "name": "https://bto.bluecoat.com/security-advisory/sa133", - "refsource": "CONFIRM", - "url": "https://bto.bluecoat.com/security-advisory/sa133" + "name":"https://bto.bluecoat.com/security-advisory/sa133", + "refsource":"CONFIRM", + "url":"https://bto.bluecoat.com/security-advisory/sa133" }, { - "name": "https://www.tenable.com/security/tns-2017-09", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2017-09" + "name":"https://www.tenable.com/security/tns-2017-09", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2017-09" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" }, { - "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + "name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" }, { - "name": "RHSA-2017:1216", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1216" + "name":"RHSA-2017:1216", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1216" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name": "RHSA-2017:2710", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2710" + "name":"RHSA-2017:2710", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2710" }, { - "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + "name":"https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20170119-0001/" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" }, { - "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", - "refsource": "MLIST", - "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" + "name":"[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", + "refsource":"MLIST", + "url":"https://www.ietf.org/mail-archive/web/tls/current/msg04560.html" }, { - "name": "RHSA-2018:2123", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2123" + "name":"RHSA-2018:2123", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2123" }, { - "name": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "refsource": "MISC", - "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" + "name":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", + "refsource":"MISC", + "url":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/" }, { - "name": "RHSA-2017:0337", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" + "name":"RHSA-2017:0337", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html" }, { - "name": "RHSA-2017:2708", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2708" + "name":"RHSA-2017:2708", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2708" }, { - "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "refsource": "CONFIRM", - "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" + "name":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "refsource":"CONFIRM", + "url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" }, { - "name": "RHSA-2017:0336", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" + "name":"RHSA-2017:0336", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html" }, { - "name": "SUSE-SU-2016:2470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + "name":"SUSE-SU-2016:2470", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" + "name":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { - "name": "RHSA-2017:0462", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html" + "name":"RHSA-2017:0462", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0462.html" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" }, { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource":"CONFIRM", + "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1245", - "url": "https://access.redhat.com/errata/RHSA-2019:1245" + "refsource":"REDHAT", + "name":"RHSA-2019:1245", + "url":"https://access.redhat.com/errata/RHSA-2019:1245" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2859", - "url": "https://access.redhat.com/errata/RHSA-2019:2859" + "refsource":"REDHAT", + "name":"RHSA-2019:2859", + "url":"https://access.redhat.com/errata/RHSA-2019:2859" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/4xxx/CVE-2016-4000.json b/2016/4xxx/CVE-2016-4000.json index 8f85ab1a4824..d14fa3d327ac 100644 --- a/2016/4xxx/CVE-2016-4000.json +++ b/2016/4xxx/CVE-2016-4000.json @@ -1,126 +1,130 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-4000", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2016-4000", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security-tracker.debian.org/tracker/CVE-2016-4000", - "refsource": "MISC", - "url": "https://security-tracker.debian.org/tracker/CVE-2016-4000" + "name":"https://security-tracker.debian.org/tracker/CVE-2016-4000", + "refsource":"MISC", + "url":"https://security-tracker.debian.org/tracker/CVE-2016-4000" }, { - "name": "https://hg.python.org/jython/rev/d06e29d100c0", - "refsource": "CONFIRM", - "url": "https://hg.python.org/jython/rev/d06e29d100c0" + "name":"https://hg.python.org/jython/rev/d06e29d100c0", + "refsource":"CONFIRM", + "url":"https://hg.python.org/jython/rev/d06e29d100c0" }, { - "name": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451", - "refsource": "MISC", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451" + "name":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451", + "refsource":"MISC", + "url":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451" }, { - "name": "http://bugs.jython.org/issue2454", - "refsource": "CONFIRM", - "url": "http://bugs.jython.org/issue2454" + "name":"http://bugs.jython.org/issue2454", + "refsource":"CONFIRM", + "url":"http://bugs.jython.org/issue2454" }, { - "name": "DSA-3893", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3893" + "name":"DSA-3893", + "refsource":"DEBIAN", + "url":"http://www.debian.org/security/2017/dsa-3893" }, { - "name": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS", - "refsource": "CONFIRM", - "url": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS" + "name":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS", + "refsource":"CONFIRM", + "url":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS" }, { - "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859", - "refsource": "CONFIRM", - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859" + "name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859", + "refsource":"CONFIRM", + "url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "GLSA-201710-28", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201710-28" + "name":"GLSA-201710-28", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201710-28" }, { - "name": "105647", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105647" + "name":"105647", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105647" }, { - "refsource": "MLIST", - "name": "[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version", - "url": "https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E" + "refsource":"MLIST", + "name":"[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version", + "url":"https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/5xxx/CVE-2016-5019.json b/2016/5xxx/CVE-2016-5019.json index b90044ca0833..31042e39f0f2 100644 --- a/2016/5xxx/CVE-2016-5019.json +++ b/2016/5xxx/CVE-2016-5019.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-5019", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-5019", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string." + "lang":"eng", + "value":"CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { - "name": "[myfaces-users] 20160929 Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability", - "refsource": "MLIST", - "url": "http://mail-archives.apache.org/mod_mbox/myfaces-users/201609.mbox/%3CCAM1yOjYM%2BEW3mLUfX0pNAVLfUFRAw-Bhvkp3UE5%3DEQzR8Yxsfw%40mail.gmail.com%3E" + "name":"[myfaces-users] 20160929 Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability", + "refsource":"MLIST", + "url":"http://mail-archives.apache.org/mod_mbox/myfaces-users/201609.mbox/%3CCAM1yOjYM%2BEW3mLUfX0pNAVLfUFRAw-Bhvkp3UE5%3DEQzR8Yxsfw%40mail.gmail.com%3E" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html", - "refsource": "MISC", - "url": "http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html" + "name":"http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html", + "refsource":"MISC", + "url":"http://packetstormsecurity.com/files/138920/Apache-MyFaces-Trinidad-Information-Disclosure.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "https://issues.apache.org/jira/browse/TRINIDAD-2542", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/TRINIDAD-2542" + "name":"https://issues.apache.org/jira/browse/TRINIDAD-2542", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/TRINIDAD-2542" }, { - "name": "93236", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93236" + "name":"93236", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93236" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name": "1037633", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1037633" + "name":"1037633", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1037633" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/6xxx/CVE-2016-6306.json b/2016/6xxx/CVE-2016-6306.json index 46a86ab1721e..6e91b63493c1 100644 --- a/2016/6xxx/CVE-2016-6306.json +++ b/2016/6xxx/CVE-2016-6306.json @@ -1,201 +1,205 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2016-6306", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2016-6306", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20160922.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20160922.txt" + "name":"https://www.openssl.org/news/secadv/20160922.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20160922.txt" }, { - "name": "https://www.tenable.com/security/tns-2016-20", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-20" + "name":"https://www.tenable.com/security/tns-2016-20", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-20" }, { - "name": "RHSA-2018:2185", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2185" + "name":"RHSA-2018:2185", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2185" }, { - "name": "RHSA-2018:2186", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2186" + "name":"RHSA-2018:2186", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2186" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "93153", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93153" + "name":"93153", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93153" }, { - "name": "RHSA-2016:1940", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html" + "name":"RHSA-2016:1940", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2016-1940.html" }, { - "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + "name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { - "name": "GLSA-201612-16", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-16" + "name":"GLSA-201612-16", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201612-16" }, { - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource": "CONFIRM", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource":"CONFIRM", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" }, { - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", - "refsource": "CONFIRM", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", + "refsource":"CONFIRM", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" }, { - "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource": "CONFIRM", - "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + "name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource":"CONFIRM", + "url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { - "name": "1036885", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1036885" + "name":"1036885", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1036885" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { - "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { - "name": "https://www.tenable.com/security/tns-2016-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-16" + "name":"https://www.tenable.com/security/tns-2016-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-16" }, { - "name": "https://www.tenable.com/security/tns-2016-21", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2016-21" + "name":"https://www.tenable.com/security/tns-2016-21", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2016-21" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + "name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { - "name": "https://bto.bluecoat.com/security-advisory/sa132", - "refsource": "CONFIRM", - "url": "https://bto.bluecoat.com/security-advisory/sa132" + "name":"https://bto.bluecoat.com/security-advisory/sa132", + "refsource":"CONFIRM", + "url":"https://bto.bluecoat.com/security-advisory/sa132" }, { - "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" + "name":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { - "name": "FreeBSD-SA-16:26", - "refsource": "FREEBSD", - "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" + "name":"FreeBSD-SA-16:26", + "refsource":"FREEBSD", + "url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" }, { - "name": "SUSE-SU-2016:2470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + "name":"SUSE-SU-2016:2470", + "refsource":"SUSE", + "url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { - "name": "RHSA-2018:2187", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2187" + "name":"RHSA-2018:2187", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2187" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + "name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource":"CONFIRM", + "url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" }, { - "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource": "CONFIRM", - "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + "name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource":"CONFIRM", + "url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/6xxx/CVE-2016-6814.json b/2016/6xxx/CVE-2016-6814.json index 64faaa88f751..32ae83e5b3e0 100644 --- a/2016/6xxx/CVE-2016-6814.json +++ b/2016/6xxx/CVE-2016-6814.json @@ -1,122 +1,126 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_PUBLIC": "2018-01-15T00:00:00", - "ID": "CVE-2016-6814", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "DATE_PUBLIC":"2018-01-15T00:00:00", + "ID":"CVE-2016-6814", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ + { + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"RHSA-2017:2596", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2596" }, { - "name": "RHSA-2017:2596", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2596" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E", + "refsource":"MISC", + "url":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E" }, { - "name": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E", - "refsource": "MISC", - "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E" + "name":"RHSA-2017:0868", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:0868" }, { - "name": "RHSA-2017:0868", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:0868" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"RHSA-2017:2486", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2486" }, { - "name": "RHSA-2017:2486", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2486" + "name":"RHSA-2017:0272", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0272.html" }, { - "name": "RHSA-2017:0272", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html" + "name":"95429", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/95429" }, { - "name": "95429", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95429" + "name":"1039600", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1039600" }, { - "name": "1039600", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1039600" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/8xxx/CVE-2016-8610.json b/2016/8xxx/CVE-2016-8610.json index 67f7537e5ff2..ec2fa830e6db 100644 --- a/2016/8xxx/CVE-2016-8610.json +++ b/2016/8xxx/CVE-2016-8610.json @@ -1,186 +1,190 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2016-10-24T00:00:00", - "ID": "CVE-2016-8610", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "DATE_PUBLIC":"2016-10-24T00:00:00", + "ID":"CVE-2016-8610", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "All 0.9.8" + "version_value":"All 0.9.8" }, { - "version_value": "All 1.0.1" + "version_value":"All 1.0.1" }, { - "version_value": "1.0.2 through 1.0.2h" + "version_value":"1.0.2 through 1.0.2h" }, { - "version_value": "1.1.0" + "version_value":"1.1.0" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-400" + "lang":"eng", + "value":"CWE-400" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "93841", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/93841" + "name":"93841", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/93841" }, { - "name": "RHSA-2017:1659", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" + "name":"RHSA-2017:1659", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-1659.html" }, { - "name": "RHSA-2017:1658", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1658" + "name":"RHSA-2017:1658", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1658" }, { - "name": "https://security.netapp.com/advisory/ntap-20171130-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20171130-0001/" + "name":"https://security.netapp.com/advisory/ntap-20171130-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20171130-0001/" }, { - "name": "RHSA-2017:1801", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1801" + "name":"RHSA-2017:1801", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1801" }, { - "name": "RHSA-2017:0286", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html" + "name":"RHSA-2017:0286", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html" }, { - "name": "RHSA-2017:1413", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1413" + "name":"RHSA-2017:1413", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1413" }, { - "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87", - "refsource": "CONFIRM", - "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87" + "name":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87", + "refsource":"CONFIRM", + "url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87" }, { - "name": "RHSA-2017:2494", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2494" + "name":"RHSA-2017:2494", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2494" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" }, { - "name": "FreeBSD-SA-16:35", - "refsource": "FREEBSD", - "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" + "name":"FreeBSD-SA-16:35", + "refsource":"FREEBSD", + "url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" }, { - "name": "RHSA-2017:1414", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1414" + "name":"RHSA-2017:1414", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1414" }, { - "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2016/q4/224" + "name":"[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", + "refsource":"MLIST", + "url":"http://seclists.org/oss-sec/2016/q4/224" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" }, { - "name": "https://security.360.cn/cve/CVE-2016-8610/", - "refsource": "MISC", - "url": "https://security.360.cn/cve/CVE-2016-8610/" + "name":"https://security.360.cn/cve/CVE-2016-8610/", + "refsource":"MISC", + "url":"https://security.360.cn/cve/CVE-2016-8610/" }, { - "name": "RHSA-2017:0574", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html" + "name":"RHSA-2017:0574", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-0574.html" }, { - "name": "DSA-3773", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2017/dsa-3773" + "name":"DSA-3773", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2017/dsa-3773" }, { - "name": "RHSA-2017:1415", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + "name":"RHSA-2017:1415", + "refsource":"REDHAT", + "url":"http://rhn.redhat.com/errata/RHSA-2017-1415.html" }, { - "name": "1037084", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1037084" + "name":"1037084", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1037084" }, { - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", - "refsource": "CONFIRM", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", + "refsource":"CONFIRM", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" }, { - "name": "RHSA-2017:1802", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1802" + "name":"RHSA-2017:1802", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1802" }, { - "name": "RHSA-2017:2493", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2493" + "name":"RHSA-2017:2493", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2493" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/1000xxx/CVE-2017-1000376.json b/2017/1000xxx/CVE-2017-1000376.json index a07bd991ce7b..fb689a1f36b8 100644 --- a/2017/1000xxx/CVE-2017-1000376.json +++ b/2017/1000xxx/CVE-2017-1000376.json @@ -1,72 +1,76 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-1000376", - "REQUESTER": "qsa@qualys.com", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2017-1000376", + "REQUESTER":"qsa@qualys.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." + "lang":"eng", + "value":"libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource": "MISC", - "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + "name":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource":"MISC", + "url":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" }, { - "name": "https://access.redhat.com/security/cve/CVE-2017-1000376", - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/cve/CVE-2017-1000376" + "name":"https://access.redhat.com/security/cve/CVE-2017-1000376", + "refsource":"CONFIRM", + "url":"https://access.redhat.com/security/cve/CVE-2017-1000376" }, { - "name": "DSA-3889", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3889" + "name":"DSA-3889", + "refsource":"DEBIAN", + "url":"http://www.debian.org/security/2017/dsa-3889" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/12xxx/CVE-2017-12626.json b/2017/12xxx/CVE-2017-12626.json index 9c7752f4a58e..5bc4084a3444 100644 --- a/2017/12xxx/CVE-2017-12626.json +++ b/2017/12xxx/CVE-2017-12626.json @@ -1,82 +1,86 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-01-26T00:00:00", - "ID": "CVE-2017-12626", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-01-26T00:00:00", + "ID":"CVE-2017-12626", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache POI", - "version": { - "version_data": [ + "product_name":"Apache POI", + "version":{ + "version_data":[ { - "version_value": "< 3.17" + "version_value":"< 3.17" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)." + "lang":"eng", + "value":"Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Denial of Service Vulnerabilities" + "lang":"eng", + "value":"Denial of Service Vulnerabilities" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2018:1322", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1322" + "name":"RHSA-2018:1322", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:1322" }, { - "name": "[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E" + "name":"[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E" }, { - "name": "102879", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102879" + "name":"102879", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/102879" }, { - "refsource": "MLIST", - "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", - "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/14xxx/CVE-2017-14735.json b/2017/14xxx/CVE-2017-14735.json index 61f6750c6db8..4b6a6a022cdf 100644 --- a/2017/14xxx/CVE-2017-14735.json +++ b/2017/14xxx/CVE-2017-14735.json @@ -1,81 +1,85 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-14735", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2017-14735", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL." + "lang":"eng", + "value":"OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://github.com/nahsra/antisamy/issues/10", - "refsource": "CONFIRM", - "url": "https://github.com/nahsra/antisamy/issues/10" + "name":"https://github.com/nahsra/antisamy/issues/10", + "refsource":"CONFIRM", + "url":"https://github.com/nahsra/antisamy/issues/10" }, { - "name": "105656", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105656" + "name":"105656", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105656" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/15xxx/CVE-2017-15708.json b/2017/15xxx/CVE-2017-15708.json index 428d5d9dd019..48dca6c11edf 100644 --- a/2017/15xxx/CVE-2017-15708.json +++ b/2017/15xxx/CVE-2017-15708.json @@ -1,82 +1,86 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2017-12-10T00:00:00", - "ID": "CVE-2017-15708", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2017-12-10T00:00:00", + "ID":"CVE-2017-15708", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Synapse", - "version": { - "version_data": [ + "product_name":"Apache Synapse", + "version":{ + "version_data":[ { - "version_value": "3.0.0" + "version_value":"3.0.0" }, { - "version_value": "2.1.0" + "version_value":"2.1.0" }, { - "version_value": "2.0.0" + "version_value":"2.0.0" }, { - "version_value": "1.2" + "version_value":"1.2" }, { - "version_value": "1.1.2" + "version_value":"1.1.2" }, { - "version_value": "1.1.1" + "version_value":"1.1.1" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version." + "lang":"eng", + "value":"In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Remote Code Execution Vulnerability" + "lang":"eng", + "value":"Remote Code Execution Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "102154", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102154" + "name":"102154", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/102154" }, { - "name": "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E" + "name":"[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/15xxx/CVE-2017-15906.json b/2017/15xxx/CVE-2017-15906.json index e833bd5d6d86..713ede0c9db8 100644 --- a/2017/15xxx/CVE-2017-15906.json +++ b/2017/15xxx/CVE-2017-15906.json @@ -1,91 +1,95 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-15906", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2017-15906", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." + "lang":"eng", + "value":"The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssh.com/txt/release-7.6", - "refsource": "CONFIRM", - "url": "https://www.openssh.com/txt/release-7.6" + "name":"https://www.openssh.com/txt/release-7.6", + "refsource":"CONFIRM", + "url":"https://www.openssh.com/txt/release-7.6" }, { - "name": "101552", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/101552" + "name":"101552", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/101552" }, { - "name": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19", - "refsource": "CONFIRM", - "url": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19" + "name":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19", + "refsource":"CONFIRM", + "url":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19" }, { - "name": "GLSA-201801-05", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201801-05" + "name":"GLSA-201801-05", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201801-05" }, { - "name": "https://security.netapp.com/advisory/ntap-20180423-0004/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180423-0004/" + "name":"https://security.netapp.com/advisory/ntap-20180423-0004/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180423-0004/" }, { - "name": "RHSA-2018:0980", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0980" + "name":"RHSA-2018:0980", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:0980" }, { - "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + "name":"[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 0fa1fef0de6d..e6c50dc4c934 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -1,316 +1,320 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2017-5645", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "ID":"CVE-2017-5645", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Log4j", - "version": { - "version_data": [ + "product_name":"Apache Log4j", + "version":{ + "version_data":[ { - "version_value": "All versions between 2.0-alpha1 and 2.8.1" + "version_value":"All versions between 2.0-alpha1 and 2.8.1" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Remote Code Execution." + "lang":"eng", + "value":"Remote Code Execution." } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2017:2888", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2888" + "name":"RHSA-2017:2888", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2888" }, { - "name": "RHSA-2017:2809", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2809" + "name":"RHSA-2017:2809", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2809" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { - "name": "97702", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/97702" + "name":"97702", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/97702" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "1041294", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041294" + "name":"1041294", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041294" }, { - "name": "RHSA-2017:2810", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2810" + "name":"RHSA-2017:2810", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2810" }, { - "name": "RHSA-2017:1801", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1801" + "name":"RHSA-2017:1801", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1801" }, { - "name": "RHSA-2017:2889", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2889" + "name":"RHSA-2017:2889", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2889" }, { - "name": "RHSA-2017:2635", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2635" + "name":"RHSA-2017:2635", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2635" }, { - "name": "RHSA-2017:2638", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2638" + "name":"RHSA-2017:2638", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2638" }, { - "name": "https://security.netapp.com/advisory/ntap-20181107-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181107-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181107-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181107-0002/" }, { - "name": "RHSA-2017:1417", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1417" + "name":"RHSA-2017:1417", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1417" }, { - "name": "RHSA-2017:2423", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2423" + "name":"RHSA-2017:2423", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2423" }, { - "name": "RHSA-2017:2808", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2808" + "name":"RHSA-2017:2808", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2808" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { - "name": "1040200", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1040200" + "name":"1040200", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1040200" }, { - "name": "RHSA-2017:2636", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2636" + "name":"RHSA-2017:2636", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2636" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "RHSA-2017:3399", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3399" + "name":"RHSA-2017:3399", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3399" }, { - "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + "name":"https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20180726-0002/" }, { - "name": "RHSA-2017:2637", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2637" + "name":"RHSA-2017:2637", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2637" }, { - "name": "RHSA-2017:3244", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3244" + "name":"RHSA-2017:3244", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3244" }, { - "name": "https://issues.apache.org/jira/browse/LOG4J2-1863", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/LOG4J2-1863" + "name":"https://issues.apache.org/jira/browse/LOG4J2-1863", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/LOG4J2-1863" }, { - "name": "RHSA-2017:3400", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3400" + "name":"RHSA-2017:3400", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:3400" }, { - "name": "RHSA-2017:2633", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2633" + "name":"RHSA-2017:2633", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2633" }, { - "name": "RHSA-2017:2811", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2811" + "name":"RHSA-2017:2811", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:2811" }, { - "name": "RHSA-2017:1802", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1802" + "name":"RHSA-2017:1802", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2017:1802" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1545", - "url": "https://access.redhat.com/errata/RHSA-2019:1545" + "refsource":"REDHAT", + "name":"RHSA-2019:1545", + "url":"https://access.redhat.com/errata/RHSA-2019:1545" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" + "refsource":"MLIST", + "name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", - "url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E" + "refsource":"MLIST", + "name":"[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", + "url":"https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E" + "refsource":"MLIST", + "name":"[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "http://www.openwall.com/lists/oss-security/2019/12/19/2" + "refsource":"MLIST", + "name":"[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"http://www.openwall.com/lists/oss-security/2019/12/19/2" }, { - "refsource": "MLIST", - "name": "[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E" + "refsource":"MLIST", + "name":"[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", - "url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E" + "refsource":"MLIST", + "name":"[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url":"https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", - "url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", - "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", - "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url":"https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/0xxx/CVE-2018-0734.json b/2018/0xxx/CVE-2018-0734.json index e3acfa04ab20..e56bf1f79833 100644 --- a/2018/0xxx/CVE-2018-0734.json +++ b/2018/0xxx/CVE-2018-0734.json @@ -1,212 +1,216 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2018-10-30", - "ID": "CVE-2018-0734", - "STATE": "PUBLIC", - "TITLE": "Timing attack against DSA" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2018-10-30", + "ID":"CVE-2018-0734", + "STATE":"PUBLIC", + "TITLE":"Timing attack against DSA" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" + "version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" }, { - "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" + "version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { - "version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)" + "version_value":"Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Samuel Weiser" + "lang":"eng", + "value":"Samuel Weiser" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Constant time issue" + "lang":"eng", + "value":"Constant time issue" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "USN-3840-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3840-1/" + "name":"USN-3840-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3840-1/" }, { - "name": "DSA-4355", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4355" + "name":"DSA-4355", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4355" }, { - "name": "https://security.netapp.com/advisory/ntap-20181105-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181105-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181105-0002/" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" }, { - "name": "https://www.tenable.com/security/tns-2018-17", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-17" + "name":"https://www.tenable.com/security/tns-2018-17", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-17" }, { - "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name": "https://www.tenable.com/security/tns-2018-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-16" + "name":"https://www.tenable.com/security/tns-2018-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-16" }, { - "name": "105758", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105758" + "name":"105758", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105758" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7" }, { - "name": "DSA-4348", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4348" + "name":"DSA-4348", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4348" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac" }, { - "name": "https://www.openssl.org/news/secadv/20181030.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20181030.txt" + "name":"https://www.openssl.org/news/secadv/20181030.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20181030.txt" }, { - "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + "name":"https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190118-0002/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190423-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190423-0002/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1547", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1547", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1814", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1814", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2304", - "url": "https://access.redhat.com/errata/RHSA-2019:2304" + "refsource":"REDHAT", + "name":"RHSA-2019:2304", + "url":"https://access.redhat.com/errata/RHSA-2019:2304" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-db06efdea1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-db06efdea1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-00c25b9379", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-00c25b9379", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9a0a7c0986", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9a0a7c0986", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3700", - "url": "https://access.redhat.com/errata/RHSA-2019:3700" + "refsource":"REDHAT", + "name":"RHSA-2019:3700", + "url":"https://access.redhat.com/errata/RHSA-2019:3700" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3933", - "url": "https://access.redhat.com/errata/RHSA-2019:3933" + "refsource":"REDHAT", + "name":"RHSA-2019:3933", + "url":"https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3935", - "url": "https://access.redhat.com/errata/RHSA-2019:3935" + "refsource":"REDHAT", + "name":"RHSA-2019:3935", + "url":"https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3932", - "url": "https://access.redhat.com/errata/RHSA-2019:3932" + "refsource":"REDHAT", + "name":"RHSA-2019:3932", + "url":"https://access.redhat.com/errata/RHSA-2019:3932" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/0xxx/CVE-2018-0735.json b/2018/0xxx/CVE-2018-0735.json index e92d501fdff6..b6c38d1c5c92 100644 --- a/2018/0xxx/CVE-2018-0735.json +++ b/2018/0xxx/CVE-2018-0735.json @@ -1,144 +1,148 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2018-10-29", - "ID": "CVE-2018-0735", - "STATE": "PUBLIC", - "TITLE": "Timing attack against ECDSA signature generation" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2018-10-29", + "ID":"CVE-2018-0735", + "STATE":"PUBLIC", + "TITLE":"Timing attack against ECDSA signature generation" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" + "version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { - "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" + "version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Samuel Weiser" + "lang":"eng", + "value":"Samuel Weiser" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Constant time issue" + "lang":"eng", + "value":"Constant time issue" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "105750", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105750" + "name":"105750", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105750" }, { - "name": "USN-3840-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3840-1/" + "name":"USN-3840-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3840-1/" }, { - "name": "https://security.netapp.com/advisory/ntap-20181105-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181105-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181105-0002/" }, { - "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name": "1041986", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041986" + "name":"1041986", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041986" }, { - "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + "name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { - "name": "DSA-4348", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4348" + "name":"DSA-4348", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4348" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { - "name": "https://www.openssl.org/news/secadv/20181029.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20181029.txt" + "name":"https://www.openssl.org/news/secadv/20181029.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20181029.txt" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3700", - "url": "https://access.redhat.com/errata/RHSA-2019:3700" + "refsource":"REDHAT", + "name":"RHSA-2019:3700", + "url":"https://access.redhat.com/errata/RHSA-2019:3700" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000030.json b/2018/1000xxx/CVE-2018-1000030.json index 7992612e6a59..7261e56d6f8c 100644 --- a/2018/1000xxx/CVE-2018-1000030.json +++ b/2018/1000xxx/CVE-2018-1000030.json @@ -1,104 +1,108 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_ASSIGNED": "2018-02-02", - "ID": "CVE-2018-1000030", - "REQUESTER": "tylerp96@gmail.com", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "DATE_ASSIGNED":"2018-02-02", + "ID":"CVE-2018-1000030", + "REQUESTER":"tylerp96@gmail.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE." + "lang":"eng", + "value":"Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": "3.6", - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"LOCAL", + "availabilityImpact":"LOW", + "baseScore":"3.6", + "baseSeverity":"LOW", + "confidentialityImpact":"LOW", + "integrityImpact":"NONE", + "privilegesRequired":"LOW", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "refsource": "MISC", - "url": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view" + "name":"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", + "refsource":"MISC", + "url":"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view" }, { - "name": "USN-3817-2", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-2/" + "name":"USN-3817-2", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-2/" }, { - "name": "GLSA-201811-02", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201811-02" + "name":"GLSA-201811-02", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201811-02" }, { - "name": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0", - "refsource": "MISC", - "url": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" + "name":"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0", + "refsource":"MISC", + "url":"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" }, { - "name": "USN-3817-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-1/" + "name":"USN-3817-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-1/" }, { - "name": "https://bugs.python.org/issue31530", - "refsource": "CONFIRM", - "url": "https://bugs.python.org/issue31530" + "name":"https://bugs.python.org/issue31530", + "refsource":"CONFIRM", + "url":"https://bugs.python.org/issue31530" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11039.json b/2018/11xxx/CVE-2018-11039.json index c1dbfd21760d..98328c3228e9 100644 --- a/2018/11xxx/CVE-2018-11039.json +++ b/2018/11xxx/CVE-2018-11039.json @@ -1,98 +1,102 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-06-14T04:00:00.000Z", - "ID": "CVE-2018-11039", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-06-14T04:00:00.000Z", + "ID":"CVE-2018-11039", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "affected": "<", - "version_name": "5.0.x", - "version_value": "5.0.7" + "affected":"<", + "version_name":"5.0.x", + "version_value":"5.0.7" }, { - "affected": "<", - "version_name": "4.3.x ", - "version_value": "4.3.18" + "affected":"<", + "version_name":"4.3.x ", + "version_value":"4.3.18" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack." + "lang":"eng", + "value":"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Cross Site Tracing" + "lang":"eng", + "value":"Cross Site Tracing" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://pivotal.io/security/cve-2018-11039", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-11039" + "name":"https://pivotal.io/security/cve-2018-11039", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-11039" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "BID", - "name": "107984", - "url": "http://www.securityfocus.com/bid/107984" + "refsource":"BID", + "name":"107984", + "url":"http://www.securityfocus.com/bid/107984" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11040.json b/2018/11xxx/CVE-2018-11040.json index 8957eb8f951f..0ceb4e9d4394 100644 --- a/2018/11xxx/CVE-2018-11040.json +++ b/2018/11xxx/CVE-2018-11040.json @@ -1,93 +1,97 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-06-14T04:00:00.000Z", - "ID": "CVE-2018-11040", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-06-14T04:00:00.000Z", + "ID":"CVE-2018-11040", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "affected": "<", - "version_name": "5.0.x", - "version_value": "5.0.7" + "affected":"<", + "version_name":"5.0.x", + "version_value":"5.0.7" }, { - "affected": "<", - "version_name": "4.3.x ", - "version_value": "4.3.18" + "affected":"<", + "version_name":"4.3.x ", + "version_value":"4.3.18" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests." + "lang":"eng", + "value":"Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "JSONP enabled by default in MappingJackson2JsonView" + "lang":"eng", + "value":"JSONP enabled by default in MappingJackson2JsonView" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://pivotal.io/security/cve-2018-11040", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-11040" + "name":"https://pivotal.io/security/cve-2018-11040", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-11040" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11054.json b/2018/11xxx/CVE-2018-11054.json index 238f3f09fee5..bc3f89d5108d 100644 --- a/2018/11xxx/CVE-2018-11054.json +++ b/2018/11xxx/CVE-2018-11054.json @@ -1,87 +1,91 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11054", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11054", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "=", - "version_value": "4.1.6" + "affected":"=", + "version_value":"4.1.6" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "integer overflow vulnerability" + "lang":"eng", + "value":"integer overflow vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11055.json b/2018/11xxx/CVE-2018-11055.json index d5a7e43129ab..241c08c90e4c 100644 --- a/2018/11xxx/CVE-2018-11055.json +++ b/2018/11xxx/CVE-2018-11055.json @@ -1,91 +1,95 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11055", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11055", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.11" + "affected":"<", + "version_value":"4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 4.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"LOCAL", + "availabilityImpact":"NONE", + "baseScore":4.4, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"HIGH", + "integrityImpact":"NONE", + "privilegesRequired":"HIGH", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" + "lang":"eng", + "value":"Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11056.json b/2018/11xxx/CVE-2018-11056.json index d055343e44cb..7db2223da067 100644 --- a/2018/11xxx/CVE-2018-11056.json +++ b/2018/11xxx/CVE-2018-11056.json @@ -1,105 +1,109 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11056", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11056", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" }, { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Crypto-C Micro Edition", - "version": { - "version_data": [ + "product_name":"BSAFE Crypto-C Micro Edition", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.5.3" + "affected":"<", + "version_value":"4.0.5.3" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":6.5, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " + "lang":"eng", + "value":"Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11057.json b/2018/11xxx/CVE-2018-11057.json index 12d42232e35e..2c4d63f9e797 100644 --- a/2018/11xxx/CVE-2018-11057.json +++ b/2018/11xxx/CVE-2018-11057.json @@ -1,91 +1,95 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11057", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11057", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.11" + "affected":"<", + "version_value":"4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":5.9, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"HIGH", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Covert Timing Channel vulnerability" + "lang":"eng", + "value":"Covert Timing Channel vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11058.json b/2018/11xxx/CVE-2018-11058.json index be385cff6045..56f787a0ac28 100644 --- a/2018/11xxx/CVE-2018-11058.json +++ b/2018/11xxx/CVE-2018-11058.json @@ -1,107 +1,111 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11058", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-11058", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name":"BSAFE Micro Edition Suite", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.11" + "affected":"<", + "version_value":"4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected":"<", + "version_value":"4.1.6.1" } ] } }, { - "product_name": "BSAFE Crypto-C Micro Edition", - "version": { - "version_data": [ + "product_name":"BSAFE Crypto-C Micro Edition", + "version":{ + "version_data":[ { - "affected": "<", - "version_value": "4.0.5.3" + "affected":"<", + "version_value":"4.0.5.3" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name":"RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Buffer Over-Read vulnerability" + "lang":"eng", + "value":"Buffer Over-Read vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource":"FULLDISC", + "url":"http://seclists.org/fulldisclosure/2018/Aug/46" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "108106", - "url": "http://www.securityfocus.com/bid/108106" + "refsource":"BID", + "name":"108106", + "url":"http://www.securityfocus.com/bid/108106" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11307.json b/2018/11xxx/CVE-2018-11307.json index 0d83390c1214..5cfbd3ed8b52 100644 --- a/2018/11xxx/CVE-2018-11307.json +++ b/2018/11xxx/CVE-2018-11307.json @@ -1,146 +1,150 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11307", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-11307", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", - "refsource": "MISC", - "name": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" + "url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525", + "refsource":"MISC", + "name":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525" }, { - "refsource": "CONFIRM", - "name": "https://access.redhat.com/errata/RHSA-2019:0782", - "url": "https://access.redhat.com/errata/RHSA-2019:0782" + "refsource":"CONFIRM", + "name":"https://access.redhat.com/errata/RHSA-2019:0782", + "url":"https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2032", - "url": "https://github.com/FasterXML/jackson-databind/issues/2032" + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2032", + "url":"https://github.com/FasterXML/jackson-databind/issues/2032" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1822", - "url": "https://access.redhat.com/errata/RHSA-2019:1822" + "refsource":"REDHAT", + "name":"RHSA-2019:1822", + "url":"https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1823", - "url": "https://access.redhat.com/errata/RHSA-2019:1823" + "refsource":"REDHAT", + "name":"RHSA-2019:1823", + "url":"https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2804", - "url": "https://access.redhat.com/errata/RHSA-2019:2804" + "refsource":"REDHAT", + "name":"RHSA-2019:2804", + "url":"https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "MLIST", - "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0", - "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0", + "url":"https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3002", - "url": "https://access.redhat.com/errata/RHSA-2019:3002" + "refsource":"REDHAT", + "name":"RHSA-2019:3002", + "url":"https://access.redhat.com/errata/RHSA-2019:3002" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3140", - "url": "https://access.redhat.com/errata/RHSA-2019:3140" + "refsource":"REDHAT", + "name":"RHSA-2019:3140", + "url":"https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3892", - "url": "https://access.redhat.com/errata/RHSA-2019:3892" + "refsource":"REDHAT", + "name":"RHSA-2019:3892", + "url":"https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4037", - "url": "https://access.redhat.com/errata/RHSA-2019:4037" + "refsource":"REDHAT", + "name":"RHSA-2019:4037", + "url":"https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index daafcc6a270f..fd99ec76aa53 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -1,106 +1,110 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2018-11759", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "ID":"CVE-2018-11759", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat Connectors", - "version": { - "version_data": [ + "product_name":"Apache Tomcat Connectors", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" + "version_value":"Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." + "lang":"eng", + "value":"The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Information Disclosure" + "lang":"eng", + "value":"Information Disclosure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "DSA-4357", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4357" + "name":"DSA-4357", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4357" }, { - "name": "RHSA-2019:0367", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0367" + "name":"RHSA-2019:0367", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0367" }, { - "name": "105888", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105888" + "name":"105888", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105888" }, { - "name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", - "refsource": "MISC", - "url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" + "name":"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", + "refsource":"MISC", + "url":"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" }, { - "name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" + "name":"[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html" }, { - "name": "RHSA-2019:0366", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0366" + "name":"RHSA-2019:0366", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0366" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11784.json b/2018/11xxx/CVE-2018-11784.json index 6f5dfb729666..b0efcc5a6bbd 100644 --- a/2018/11xxx/CVE-2018-11784.json +++ b/2018/11xxx/CVE-2018-11784.json @@ -1,218 +1,222 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-10-03T00:00:00", - "ID": "CVE-2018-11784", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-10-03T00:00:00", + "ID":"CVE-2018-11784", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "9.0.0.M1 to 9.0.11" + "version_value":"9.0.0.M1 to 9.0.11" }, { - "version_value": "8.5.0 to 8.5.33" + "version_value":"8.5.0 to 8.5.33" }, { - "version_value": "7.0.23 to 7.0.90" + "version_value":"7.0.23 to 7.0.90" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Open Redirect" + "lang":"eng", + "value":"Open Redirect" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E" + "name":"[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E" }, { - "name": "https://security.netapp.com/advisory/ntap-20181014-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181014-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181014-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181014-0002/" }, { - "name": "105524", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105524" + "name":"105524", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105524" }, { - "name": "RHSA-2019:0131", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0131" + "name":"RHSA-2019:0131", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0131" }, { - "name": "RHSA-2019:0485", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0485" + "name":"RHSA-2019:0485", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0485" }, { - "name": "RHSA-2019:0130", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0130" + "name":"RHSA-2019:0130", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0130" }, { - "name": "[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html" + "name":"[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html" }, { - "name": "USN-3787-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3787-1/" + "name":"USN-3787-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3787-1/" }, { - "name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html" + "name":"[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2018-b18f9dd65b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/" + "refsource":"FEDORA", + "name":"FEDORA-2018-b18f9dd65b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1547", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1547", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1529", - "url": "https://access.redhat.com/errata/RHSA-2019:1529" + "refsource":"REDHAT", + "name":"RHSA-2019:1529", + "url":"https://access.redhat.com/errata/RHSA-2019:1529" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1814", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1814", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4596", - "url": "https://www.debian.org/security/2019/dsa-4596" + "refsource":"DEBIAN", + "name":"DSA-4596", + "url":"https://www.debian.org/security/2019/dsa-4596" }, { - "refsource": "BUGTRAQ", - "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/43" + "refsource":"BUGTRAQ", + "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/14xxx/CVE-2018-14718.json b/2018/14xxx/CVE-2018-14718.json index 9131c81350f9..f657552ee755 100644 --- a/2018/14xxx/CVE-2018-14718.json +++ b/2018/14xxx/CVE-2018-14718.json @@ -1,211 +1,215 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-14718", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-14718", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + "name":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" }, { - "name": "https://github.com/FasterXML/jackson-databind/issues/2097", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/issues/2097" + "name":"https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/issues/2097" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" + "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" }, { - "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + "name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" }, { - "refsource": "MLIST", - "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url":"https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url":"https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "MLIST", - "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", - "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E" + "refsource":"MLIST", + "name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url":"https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0782", - "url": "https://access.redhat.com/errata/RHSA-2019:0782" + "refsource":"REDHAT", + "name":"RHSA-2019:0782", + "url":"https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource": "BID", - "name": "106601", - "url": "http://www.securityfocus.com/bid/106601" + "refsource":"BID", + "name":"106601", + "url":"http://www.securityfocus.com/bid/106601" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0877", - "url": "https://access.redhat.com/errata/RHSA-2019:0877" + "refsource":"REDHAT", + "name":"RHSA-2019:0877", + "url":"https://access.redhat.com/errata/RHSA-2019:0877" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" + "refsource":"REDHAT", + "name":"RHBA-2019:0959", + "url":"https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource": "DEBIAN", - "name": "DSA-4452", - "url": "https://www.debian.org/security/2019/dsa-4452" + "refsource":"DEBIAN", + "name":"DSA-4452", + "url":"https://www.debian.org/security/2019/dsa-4452" }, { - "refsource": "BUGTRAQ", - "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/May/68" + "refsource":"BUGTRAQ", + "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/May/68" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1782", - "url": "https://access.redhat.com/errata/RHSA-2019:1782" + "refsource":"REDHAT", + "name":"RHSA-2019:1782", + "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1797", - "url": "https://access.redhat.com/errata/RHSA-2019:1797" + "refsource":"REDHAT", + "name":"RHSA-2019:1797", + "url":"https://access.redhat.com/errata/RHSA-2019:1797" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1822", - "url": "https://access.redhat.com/errata/RHSA-2019:1822" + "refsource":"REDHAT", + "name":"RHSA-2019:1822", + "url":"https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1823", - "url": "https://access.redhat.com/errata/RHSA-2019:1823" + "refsource":"REDHAT", + "name":"RHSA-2019:1823", + "url":"https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2804", - "url": "https://access.redhat.com/errata/RHSA-2019:2804" + "refsource":"REDHAT", + "name":"RHSA-2019:2804", + "url":"https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3002", - "url": "https://access.redhat.com/errata/RHSA-2019:3002" + "refsource":"REDHAT", + "name":"RHSA-2019:3002", + "url":"https://access.redhat.com/errata/RHSA-2019:3002" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3140", - "url": "https://access.redhat.com/errata/RHSA-2019:3140" + "refsource":"REDHAT", + "name":"RHSA-2019:3140", + "url":"https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3892", - "url": "https://access.redhat.com/errata/RHSA-2019:3892" + "refsource":"REDHAT", + "name":"RHSA-2019:3892", + "url":"https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4037", - "url": "https://access.redhat.com/errata/RHSA-2019:4037" + "refsource":"REDHAT", + "name":"RHSA-2019:4037", + "url":"https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/15xxx/CVE-2018-15473.json b/2018/15xxx/CVE-2018-15473.json index 8a69e3b1cd98..3d789ff1c175 100644 --- a/2018/15xxx/CVE-2018-15473.json +++ b/2018/15xxx/CVE-2018-15473.json @@ -1,136 +1,140 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-15473", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-15473", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "GLSA-201810-03", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201810-03" + "name":"GLSA-201810-03", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201810-03" }, { - "name": "1041487", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041487" + "name":"1041487", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041487" }, { - "name": "45233", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45233/" + "name":"45233", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45233/" }, { - "name": "https://bugs.debian.org/906236", - "refsource": "MISC", - "url": "https://bugs.debian.org/906236" + "name":"https://bugs.debian.org/906236", + "refsource":"MISC", + "url":"https://bugs.debian.org/906236" }, { - "name": "45210", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45210/" + "name":"45210", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45210/" }, { - "name": "https://security.netapp.com/advisory/ntap-20181101-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181101-0001/" + "name":"https://security.netapp.com/advisory/ntap-20181101-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181101-0001/" }, { - "name": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", - "refsource": "MISC", - "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" + "name":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0", + "refsource":"MISC", + "url":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { - "name": "USN-3809-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3809-1/" + "name":"USN-3809-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3809-1/" }, { - "name": "[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" + "name":"[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { - "name": "105140", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105140" + "name":"105140", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105140" }, { - "name": "DSA-4280", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4280" + "name":"DSA-4280", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4280" }, { - "name": "45939", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45939/" + "name":"45939", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45939/" }, { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011", + "refsource":"CONFIRM", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011" }, { - "name": "http://www.openwall.com/lists/oss-security/2018/08/15/5", - "refsource": "MISC", - "url": "http://www.openwall.com/lists/oss-security/2018/08/15/5" + "name":"http://www.openwall.com/lists/oss-security/2018/08/15/5", + "refsource":"MISC", + "url":"http://www.openwall.com/lists/oss-security/2018/08/15/5" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0711", - "url": "https://access.redhat.com/errata/RHSA-2019:0711" + "refsource":"REDHAT", + "name":"RHSA-2019:0711", + "url":"https://access.redhat.com/errata/RHSA-2019:0711" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2143", - "url": "https://access.redhat.com/errata/RHSA-2019:2143" + "refsource":"REDHAT", + "name":"RHSA-2019:2143", + "url":"https://access.redhat.com/errata/RHSA-2019:2143" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index a977123eaee6..3e6552b9738f 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -1,160 +1,164 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-10-16T07:00:00.000Z", - "ID": "CVE-2018-15756", - "STATE": "PUBLIC", - "TITLE": "DoS Attack via Range Requests" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-10-16T07:00:00.000Z", + "ID":"CVE-2018-15756", + "STATE":"PUBLIC", + "TITLE":"DoS Attack via Range Requests" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring framework", - "version": { - "version_data": [ + "product_name":"Spring framework", + "version":{ + "version_data":[ { - "affected": "=", - "version_name": "5.1", - "version_value": "5.1" + "affected":"=", + "version_name":"5.1", + "version_value":"5.1" }, { - "affected": "<=", - "version_name": "5.0.0", - "version_value": "5.0.9" + "affected":"<=", + "version_name":"5.0.0", + "version_value":"5.0.9" }, { - "affected": "<=", - "version_name": "4.3", - "version_value": "4.3.19" + "affected":"<=", + "version_name":"4.3", + "version_value":"4.3.19" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Numeric Range Comparison Without Minimum Check" + "lang":"eng", + "value":"Numeric Range Comparison Without Minimum Check" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "105703", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105703" + "name":"105703", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105703" }, { - "name": "https://pivotal.io/security/cve-2018-15756", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-15756" + "name":"https://pivotal.io/security/cve-2018-15756", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-15756" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", - "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url":"https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "discovery": "UNKNOWN" + "source":{ + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15769.json b/2018/15xxx/CVE-2018-15769.json index cf1cc9a9c24b..d3dd72909174 100644 --- a/2018/15xxx/CVE-2018-15769.json +++ b/2018/15xxx/CVE-2018-15769.json @@ -1,76 +1,80 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-15769", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "ID":"CVE-2018-15769", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used." + "lang":"eng", + "value":"RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "105929", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105929" + "name":"105929", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105929" }, { - "name": "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", - "refsource": "FULLDISC", - "url": "https://seclists.org/fulldisclosure/2018/Nov/37" + "name":"20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", + "refsource":"FULLDISC", + "url":"https://seclists.org/fulldisclosure/2018/Nov/37" }, { - "name": "1042057", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1042057" + "name":"1042057", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1042057" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/16xxx/CVE-2018-16395.json b/2018/16xxx/CVE-2018-16395.json index 4371d45988b2..e813c12b16f6 100644 --- a/2018/16xxx/CVE-2018-16395.json +++ b/2018/16xxx/CVE-2018-16395.json @@ -1,146 +1,150 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16395", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-16395", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" }, { - "name": "RHSA-2018:3738", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3738" + "name":"RHSA-2018:3738", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3738" }, { - "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" + "name":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" }, { - "name": "RHSA-2018:3729", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3729" + "name":"RHSA-2018:3729", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3729" }, { - "name": "https://hackerone.com/reports/387250", - "refsource": "MISC", - "url": "https://hackerone.com/reports/387250" + "name":"https://hackerone.com/reports/387250", + "refsource":"MISC", + "url":"https://hackerone.com/reports/387250" }, { - "name": "RHSA-2018:3730", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3730" + "name":"RHSA-2018:3730", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3730" }, { - "name": "RHSA-2018:3731", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3731" + "name":"RHSA-2018:3731", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3731" }, { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" }, { - "name": "DSA-4332", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4332" + "name":"DSA-4332", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4332" }, { - "name": "USN-3808-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3808-1/" + "name":"USN-3808-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3808-1/" }, { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" }, { - "name": "https://security.netapp.com/advisory/ntap-20190221-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190221-0002/" + "name":"https://security.netapp.com/advisory/ntap-20190221-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190221-0002/" }, { - "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", - "refsource": "CONFIRM", - "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" + "name":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", + "refsource":"CONFIRM", + "url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" }, { - "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" + "name":"[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" }, { - "name": "1042105", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1042105" + "name":"1042105", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1042105" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1771", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1771", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1948", - "url": "https://access.redhat.com/errata/RHSA-2019:1948" + "refsource":"REDHAT", + "name":"RHSA-2019:1948", + "url":"https://access.redhat.com/errata/RHSA-2019:1948" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2565", - "url": "https://access.redhat.com/errata/RHSA-2019:2565" + "refsource":"REDHAT", + "name":"RHSA-2019:2565", + "url":"https://access.redhat.com/errata/RHSA-2019:2565" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index 6a58f66aad8f..1d47db46c73c 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -1,152 +1,156 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2019-01-22T00:00:00", - "ID": "CVE-2018-17189", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2019-01-22T00:00:00", + "ID":"CVE-2018-17189", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.17 to 2.4.37" + "version_value":"2.4.17 to 2.4.37" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "mod_http2, DoS via slow request bodies" + "lang":"eng", + "value":"mod_http2, DoS via slow request bodies" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource": "CONFIRM", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource":"CONFIRM", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "name": "106685", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106685" + "name":"106685", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106685" }, { - "name": "https://security.netapp.com/advisory/ntap-20190125-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" + "name":"https://security.netapp.com/advisory/ntap-20190125-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190125-0001/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-0300c36537", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" + "refsource":"FEDORA", + "name":"FEDORA-2019-0300c36537", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-133a8a7cb5", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-133a8a7cb5", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" }, { - "refsource": "GENTOO", - "name": "GLSA-201903-21", - "url": "https://security.gentoo.org/glsa/201903-21" + "refsource":"GENTOO", + "name":"GLSA-201903-21", + "url":"https://security.gentoo.org/glsa/201903-21" }, { - "refsource": "BUGTRAQ", - "name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", - "url": "https://seclists.org/bugtraq/2019/Apr/5" + "refsource":"BUGTRAQ", + "name":"20190403 [SECURITY] [DSA 4422-1] apache2 security update", + "url":"https://seclists.org/bugtraq/2019/Apr/5" }, { - "refsource": "UBUNTU", - "name": "USN-3937-1", - "url": "https://usn.ubuntu.com/3937-1/" + "refsource":"UBUNTU", + "name":"USN-3937-1", + "url":"https://usn.ubuntu.com/3937-1/" }, { - "refsource": "DEBIAN", - "name": "DSA-4422", - "url": "https://www.debian.org/security/2019/dsa-4422" + "refsource":"DEBIAN", + "name":"DSA-4422", + "url":"https://www.debian.org/security/2019/dsa-4422" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" + "refsource":"CONFIRM", + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3933", - "url": "https://access.redhat.com/errata/RHSA-2019:3933" + "refsource":"REDHAT", + "name":"RHSA-2019:3933", + "url":"https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3935", - "url": "https://access.redhat.com/errata/RHSA-2019:3935" + "refsource":"REDHAT", + "name":"RHSA-2019:3935", + "url":"https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3932", - "url": "https://access.redhat.com/errata/RHSA-2019:3932" + "refsource":"REDHAT", + "name":"RHSA-2019:3932", + "url":"https://access.redhat.com/errata/RHSA-2019:3932" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4126", - "url": "https://access.redhat.com/errata/RHSA-2019:4126" + "refsource":"REDHAT", + "name":"RHSA-2019:4126", + "url":"https://access.redhat.com/errata/RHSA-2019:4126" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index 87e070ba0f1b..c65d8dd4c6cf 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -1,221 +1,225 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-19362", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-19362", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/FasterXML/jackson-databind/issues/2186", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/issues/2186" + "name":"https://github.com/FasterXML/jackson-databind/issues/2186", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/issues/2186" }, { - "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + "name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" }, { - "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" + "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" }, { - "name": "https://issues.apache.org/jira/browse/TINKERPOP-2121", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121" + "name":"https://issues.apache.org/jira/browse/TINKERPOP-2121", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/TINKERPOP-2121" }, { - "name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", - "refsource": "CONFIRM", - "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" + "name":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", + "refsource":"CONFIRM", + "url":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" }, { - "refsource": "MLIST", - "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities", - "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E" + "refsource":"MLIST", + "name":"[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities", + "url":"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities", - "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities", + "url":"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", - "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", + "url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0782", - "url": "https://access.redhat.com/errata/RHSA-2019:0782" + "refsource":"REDHAT", + "name":"RHSA-2019:0782", + "url":"https://access.redhat.com/errata/RHSA-2019:0782" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0877", - "url": "https://access.redhat.com/errata/RHSA-2019:0877" + "refsource":"REDHAT", + "name":"RHSA-2019:0877", + "url":"https://access.redhat.com/errata/RHSA-2019:0877" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" + "refsource":"REDHAT", + "name":"RHBA-2019:0959", + "url":"https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource": "DEBIAN", - "name": "DSA-4452", - "url": "https://www.debian.org/security/2019/dsa-4452" + "refsource":"DEBIAN", + "name":"DSA-4452", + "url":"https://www.debian.org/security/2019/dsa-4452" }, { - "refsource": "BUGTRAQ", - "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/May/68" + "refsource":"BUGTRAQ", + "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/May/68" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1782", - "url": "https://access.redhat.com/errata/RHSA-2019:1782" + "refsource":"REDHAT", + "name":"RHSA-2019:1782", + "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1797", - "url": "https://access.redhat.com/errata/RHSA-2019:1797" + "refsource":"REDHAT", + "name":"RHSA-2019:1797", + "url":"https://access.redhat.com/errata/RHSA-2019:1797" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "107985", - "url": "http://www.securityfocus.com/bid/107985" + "refsource":"BID", + "name":"107985", + "url":"http://www.securityfocus.com/bid/107985" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1822", - "url": "https://access.redhat.com/errata/RHSA-2019:1822" + "refsource":"REDHAT", + "name":"RHSA-2019:1822", + "url":"https://access.redhat.com/errata/RHSA-2019:1822" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1823", - "url": "https://access.redhat.com/errata/RHSA-2019:1823" + "refsource":"REDHAT", + "name":"RHSA-2019:1823", + "url":"https://access.redhat.com/errata/RHSA-2019:1823" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2804", - "url": "https://access.redhat.com/errata/RHSA-2019:2804" + "refsource":"REDHAT", + "name":"RHSA-2019:2804", + "url":"https://access.redhat.com/errata/RHSA-2019:2804" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3002", - "url": "https://access.redhat.com/errata/RHSA-2019:3002" + "refsource":"REDHAT", + "name":"RHSA-2019:3002", + "url":"https://access.redhat.com/errata/RHSA-2019:3002" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3140", - "url": "https://access.redhat.com/errata/RHSA-2019:3140" + "refsource":"REDHAT", + "name":"RHSA-2019:3140", + "url":"https://access.redhat.com/errata/RHSA-2019:3140" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3892", - "url": "https://access.redhat.com/errata/RHSA-2019:3892" + "refsource":"REDHAT", + "name":"RHSA-2019:3892", + "url":"https://access.redhat.com/errata/RHSA-2019:3892" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4037", - "url": "https://access.redhat.com/errata/RHSA-2019:4037" + "refsource":"REDHAT", + "name":"RHSA-2019:4037", + "url":"https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1060.json b/2018/1xxx/CVE-2018-1060.json index a2bb58911248..44371dc31606 100644 --- a/2018/1xxx/CVE-2018-1060.json +++ b/2018/1xxx/CVE-2018-1060.json @@ -1,175 +1,179 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2018-1060", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert@redhat.com", + "ID":"CVE-2018-1060", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "python", - "version": { - "version_data": [ + "product_name":"python", + "version":{ + "version_data":[ { - "version_value": "python 2.7.15" + "version_value":"python 2.7.15" }, { - "version_value": "python 3.4.9" + "version_value":"python 3.4.9" }, { - "version_value": "python 3.5.6" + "version_value":"python 3.5.6" }, { - "version_value": "python 3.7.0" + "version_value":"python 3.7.0" } ] } } ] }, - "vendor_name": "[UNKNOWN]" + "vendor_name":"[UNKNOWN]" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." } ] }, - "impact": { - "cvss": [ + "impact":{ + "cvss":[ [ { - "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" + "vectorString":"4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version":"3.0" } ] ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-20" + "lang":"eng", + "value":"CWE-20" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "DSA-4306", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4306" + "name":"DSA-4306", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4306" }, { - "name": "1042001", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1042001" + "name":"1042001", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1042001" }, { - "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" + "name":"[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" }, { - "name": "https://bugs.python.org/issue32981", - "refsource": "CONFIRM", - "url": "https://bugs.python.org/issue32981" + "name":"https://bugs.python.org/issue32981", + "refsource":"CONFIRM", + "url":"https://bugs.python.org/issue32981" }, { - "name": "USN-3817-2", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-2/" + "name":"USN-3817-2", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-2/" }, { - "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "refsource": "CONFIRM", - "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" + "name":"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "refsource":"CONFIRM", + "url":"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" }, { - "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "refsource": "CONFIRM", - "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" + "name":"https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "refsource":"CONFIRM", + "url":"https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" }, { - "name": "RHSA-2018:3505", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3505" + "name":"RHSA-2018:3505", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3505" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060" + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "refsource":"CONFIRM", + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060" }, { - "name": "RHSA-2018:3041", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3041" + "name":"RHSA-2018:3041", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3041" }, { - "name": "DSA-4307", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4307" + "name":"DSA-4307", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4307" }, { - "name": "USN-3817-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3817-1/" + "name":"USN-3817-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3817-1/" }, { - "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + "name":"[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6e1938a3c5", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6e1938a3c5", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf725dd20b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf725dd20b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-51f1e08207", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" + "refsource":"FEDORA", + "name":"FEDORA-2019-51f1e08207", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0327", - "url": "https://access.redhat.com/errata/RHBA-2019:0327" + "refsource":"REDHAT", + "name":"RHBA-2019:0327", + "url":"https://access.redhat.com/errata/RHBA-2019:0327" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1260", - "url": "https://access.redhat.com/errata/RHSA-2019:1260" + "refsource":"REDHAT", + "name":"RHSA-2019:1260", + "url":"https://access.redhat.com/errata/RHSA-2019:1260" }, { - "refsource": "CONFIRM", - "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us", - "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us" + "refsource":"CONFIRM", + "name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us", + "url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3725", - "url": "https://access.redhat.com/errata/RHSA-2019:3725" + "refsource":"REDHAT", + "name":"RHSA-2019:3725", + "url":"https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1257.json b/2018/1xxx/CVE-2018-1257.json index fdd798ad4eac..0a8ff049f00d 100644 --- a/2018/1xxx/CVE-2018-1257.json +++ b/2018/1xxx/CVE-2018-1257.json @@ -1,97 +1,101 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-05-09T00:00:00", - "ID": "CVE-2018-1257", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-05-09T00:00:00", + "ID":"CVE-2018-1257", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "version_value": "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17" + "version_value":"5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack." + "lang":"eng", + "value":"Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "ReDoS" + "lang":"eng", + "value":"ReDoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "104260", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104260" + "name":"104260", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/104260" }, { - "name": "RHSA-2018:1809", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1809" + "name":"RHSA-2018:1809", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:1809" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "https://pivotal.io/security/cve-2018-1257", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-1257" + "name":"https://pivotal.io/security/cve-2018-1257", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-1257" }, { - "name": "RHSA-2018:3768", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3768" + "name":"RHSA-2018:3768", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3768" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1258.json b/2018/1xxx/CVE-2018-1258.json index f3a282fc06ab..9004ab64f6d8 100644 --- a/2018/1xxx/CVE-2018-1258.json +++ b/2018/1xxx/CVE-2018-1258.json @@ -1,113 +1,117 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-05-09T00:00:00", - "ID": "CVE-2018-1258", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secure@dell.com", + "DATE_PUBLIC":"2018-05-09T00:00:00", + "ID":"CVE-2018-1258", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Spring Framework", - "version": { - "version_data": [ + "product_name":"Spring Framework", + "version":{ + "version_data":[ { - "affected": "=", - "version_value": "5.0.5" + "affected":"=", + "version_value":"5.0.5" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name":"Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted." + "lang":"eng", + "value":"Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Authorization Bypass" + "lang":"eng", + "value":"Authorization Bypass" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "104222", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104222" + "name":"104222", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/104222" }, { - "name": "1041888", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041888" + "name":"1041888", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041888" }, { - "name": "1041896", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041896" + "name":"1041896", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041896" }, { - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource":"CONFIRM", + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + "name":"https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181018-0002/" }, { - "name": "https://pivotal.io/security/cve-2018-1258", - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-1258" + "name":"https://pivotal.io/security/cve-2018-1258", + "refsource":"CONFIRM", + "url":"https://pivotal.io/security/cve-2018-1258" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2413", - "url": "https://access.redhat.com/errata/RHSA-2019:2413" + "refsource":"REDHAT", + "name":"RHSA-2019:2413", + "url":"https://access.redhat.com/errata/RHSA-2019:2413" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/20xxx/CVE-2018-20684.json b/2018/20xxx/CVE-2018-20684.json index 65272d33daa7..e56c39f2696b 100644 --- a/2018/20xxx/CVE-2018-20684.json +++ b/2018/20xxx/CVE-2018-20684.json @@ -1,81 +1,85 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-20684", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-20684", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp." + "lang":"eng", + "value":"In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "106526", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106526" + "name":"106526", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106526" }, { - "name": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54", - "refsource": "MISC", - "url": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54" + "name":"https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54", + "refsource":"MISC", + "url":"https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54" }, { - "name": "https://winscp.net/eng/docs/history", - "refsource": "MISC", - "url": "https://winscp.net/eng/docs/history" + "name":"https://winscp.net/eng/docs/history", + "refsource":"MISC", + "url":"https://winscp.net/eng/docs/history" }, { - "name": "https://winscp.net/tracker/1675", - "refsource": "MISC", - "url": "https://winscp.net/tracker/1675" + "name":"https://winscp.net/tracker/1675", + "refsource":"MISC", + "url":"https://winscp.net/tracker/1675" }, { - "name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", - "refsource": "MISC", - "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" + "name":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", + "refsource":"MISC", + "url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/5xxx/CVE-2018-5407.json b/2018/5xxx/CVE-2018-5407.json index 73825b67eb1c..ca8c0bc149f1 100644 --- a/2018/5xxx/CVE-2018-5407.json +++ b/2018/5xxx/CVE-2018-5407.json @@ -1,186 +1,190 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cert@cert.org", - "ID": "CVE-2018-5407", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cert@cert.org", + "ID":"CVE-2018-5407", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Processors supporting Simultaneous Multi-Threading", - "version": { - "version_data": [ + "product_name":"Processors supporting Simultaneous Multi-Threading", + "version":{ + "version_data":[ { - "version_value": "N/A" + "version_value":"N/A" } ] } } ] }, - "vendor_name": "N/A" + "vendor_name":"N/A" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-200" + "lang":"eng", + "value":"CWE-200" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "RHSA-2019:0483", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2019:0483" + "name":"RHSA-2019:0483", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2019:0483" }, { - "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource": "CONFIRM", - "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + "name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource":"CONFIRM", + "url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { - "name": "https://security.netapp.com/advisory/ntap-20181126-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" + "name":"https://security.netapp.com/advisory/ntap-20181126-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20181126-0001/" }, { - "name": "USN-3840-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3840-1/" + "name":"USN-3840-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3840-1/" }, { - "name": "DSA-4355", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4355" + "name":"DSA-4355", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4355" }, { - "name": "https://www.tenable.com/security/tns-2018-17", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-17" + "name":"https://www.tenable.com/security/tns-2018-17", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-17" }, { - "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource": "CONFIRM", - "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + "name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource":"CONFIRM", + "url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { - "name": "GLSA-201903-10", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201903-10" + "name":"GLSA-201903-10", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201903-10" }, { - "name": "https://www.tenable.com/security/tns-2018-16", - "refsource": "CONFIRM", - "url": "https://www.tenable.com/security/tns-2018-16" + "name":"https://www.tenable.com/security/tns-2018-16", + "refsource":"CONFIRM", + "url":"https://www.tenable.com/security/tns-2018-16" }, { - "name": "45785", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45785/" + "name":"45785", + "refsource":"EXPLOIT-DB", + "url":"https://www.exploit-db.com/exploits/45785/" }, { - "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + "name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { - "name": "https://github.com/bbbrumley/portsmash", - "refsource": "MISC", - "url": "https://github.com/bbbrumley/portsmash" + "name":"https://github.com/bbbrumley/portsmash", + "refsource":"MISC", + "url":"https://github.com/bbbrumley/portsmash" }, { - "name": "DSA-4348", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4348" + "name":"DSA-4348", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2018/dsa-4348" }, { - "name": "105897", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105897" + "name":"105897", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/105897" }, { - "name": "https://eprint.iacr.org/2018/1060.pdf", - "refsource": "MISC", - "url": "https://eprint.iacr.org/2018/1060.pdf" + "name":"https://eprint.iacr.org/2018/1060.pdf", + "refsource":"MISC", + "url":"https://eprint.iacr.org/2018/1060.pdf" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0651", - "url": "https://access.redhat.com/errata/RHSA-2019:0651" + "refsource":"REDHAT", + "name":"RHSA-2019:0651", + "url":"https://access.redhat.com/errata/RHSA-2019:0651" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0652", - "url": "https://access.redhat.com/errata/RHSA-2019:0652" + "refsource":"REDHAT", + "name":"RHSA-2019:0652", + "url":"https://access.redhat.com/errata/RHSA-2019:0652" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2125", - "url": "https://access.redhat.com/errata/RHSA-2019:2125" + "refsource":"REDHAT", + "name":"RHSA-2019:2125", + "url":"https://access.redhat.com/errata/RHSA-2019:2125" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3933", - "url": "https://access.redhat.com/errata/RHSA-2019:3933" + "refsource":"REDHAT", + "name":"RHSA-2019:3933", + "url":"https://access.redhat.com/errata/RHSA-2019:3933" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3935", - "url": "https://access.redhat.com/errata/RHSA-2019:3935" + "refsource":"REDHAT", + "name":"RHSA-2019:3935", + "url":"https://access.redhat.com/errata/RHSA-2019:3935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3932", - "url": "https://access.redhat.com/errata/RHSA-2019:3932" + "refsource":"REDHAT", + "name":"RHSA-2019:3932", + "url":"https://access.redhat.com/errata/RHSA-2019:3932" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/6xxx/CVE-2018-6829.json b/2018/6xxx/CVE-2018-6829.json index 49e39b3c7e3a..fbce92b39f66 100644 --- a/2018/6xxx/CVE-2018-6829.json +++ b/2018/6xxx/CVE-2018-6829.json @@ -1,71 +1,75 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6829", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2018-6829", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation." + "lang":"eng", + "value":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "refsource": "MISC", - "url": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki" + "name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "refsource":"MISC", + "url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki" }, { - "name": "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "refsource": "MISC", - "url": "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html" + "name":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "refsource":"MISC", + "url":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html" }, { - "name": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "refsource": "MISC", - "url": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal" + "name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "refsource":"MISC", + "url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8032.json b/2018/8xxx/CVE-2018-8032.json index ca3b59b75fcf..657c28e6ed77 100644 --- a/2018/8xxx/CVE-2018-8032.json +++ b/2018/8xxx/CVE-2018-8032.json @@ -1,82 +1,86 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-07-08T00:00:00", - "ID": "CVE-2018-8032", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-07-08T00:00:00", + "ID":"CVE-2018-8032", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache Axis", - "version": { - "version_data": [ + "product_name":"Apache Axis", + "version":{ + "version_data":[ { - "version_value": "1.x up to and including 1.4" + "version_value":"1.x up to and including 1.4" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services." + "lang":"eng", + "value":"Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Cross-site Scripting" + "lang":"eng", + "value":"Cross-site Scripting" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://issues.apache.org/jira/browse/AXIS-2924", - "refsource": "CONFIRM", - "url": "https://issues.apache.org/jira/browse/AXIS-2924" + "name":"https://issues.apache.org/jira/browse/AXIS-2924", + "refsource":"CONFIRM", + "url":"https://issues.apache.org/jira/browse/AXIS-2924" }, { - "name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "refsource": "MLIST", - "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E" + "name":"[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "refsource":"MLIST", + "url":"http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "url":"https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", - "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E" + "refsource":"MLIST", + "name":"[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", + "url":"https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8039.json b/2018/8xxx/CVE-2018-8039.json index c8bee9673903..ceadcc90477f 100644 --- a/2018/8xxx/CVE-2018-8039.json +++ b/2018/8xxx/CVE-2018-8039.json @@ -1,140 +1,144 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2018-06-28T00:00:00", - "ID": "CVE-2018-8039", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@apache.org", + "DATE_PUBLIC":"2018-06-28T00:00:00", + "ID":"CVE-2018-8039", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Apache CXF", - "version": { - "version_data": [ + "product_name":"Apache CXF", + "version":{ + "version_data":[ { - "version_value": "prior to 3.1.16" + "version_value":"prior to 3.1.16" }, { - "version_value": "3.2.x prior to 3.2.5" + "version_value":"3.2.x prior to 3.2.5" } ] } } ] }, - "vendor_name": "Apache Software Foundation" + "vendor_name":"Apache Software Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Improper Validation of Certificate with Host Mismatch" + "lang":"eng", + "value":"Improper Validation of Certificate with Host Mismatch" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", - "refsource": "CONFIRM", - "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" + "name":"https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", + "refsource":"CONFIRM", + "url":"https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" }, { - "name": "RHSA-2018:2428", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2428" + "name":"RHSA-2018:2428", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2428" }, { - "name": "RHSA-2018:3817", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3817" + "name":"RHSA-2018:3817", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3817" }, { - "name": "RHSA-2018:2643", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2643" + "name":"RHSA-2018:2643", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2643" }, { - "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", - "refsource": "MLIST", - "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" + "name":"[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", + "refsource":"MLIST", + "url":"https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" }, { - "name": "106357", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106357" + "name":"106357", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106357" }, { - "name": "RHSA-2018:2279", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2279" + "name":"RHSA-2018:2279", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2279" }, { - "name": "RHSA-2018:2424", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2424" + "name":"RHSA-2018:2424", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2424" }, { - "name": "RHSA-2018:2276", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2276" + "name":"RHSA-2018:2276", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2276" }, { - "name": "RHSA-2018:2423", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2423" + "name":"RHSA-2018:2423", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2423" }, { - "name": "RHSA-2018:2425", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2425" + "name":"RHSA-2018:2425", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2425" }, { - "name": "RHSA-2018:2277", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2277" + "name":"RHSA-2018:2277", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:2277" }, { - "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", - "refsource": "CONFIRM", - "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" + "name":"http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", + "refsource":"CONFIRM", + "url":"http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" }, { - "name": "1041199", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1041199" + "name":"1041199", + "refsource":"SECTRACK", + "url":"http://www.securitytracker.com/id/1041199" }, { - "name": "RHSA-2018:3768", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3768" + "name":"RHSA-2018:3768", + "refsource":"REDHAT", + "url":"https://access.redhat.com/errata/RHSA-2018:3768" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index 93cedd7b58b1..38770a11a90f 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0199", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0199", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.14, 8.5.0 to 8.5.37" + "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.14, 8.5.0 to 8.5.37" } ] } @@ -30,172 +31,175 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS" + "lang":"eng", + "value":"DoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", - "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MISC", + "name":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", + "url":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", - "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190419-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190419-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190419-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190419-0001/" }, { - "refsource": "MLIST", - "name": "[tomee-commits] 20190528 [jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199", - "url": "https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-commits] 20190528 [jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199", + "url":"https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190620 Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190620 Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" + "refsource":"MLIST", + "name":"[announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-announce] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190620 svn commit: r1861711 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml", - "url": "https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190620 svn commit: r1861711 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml", + "url":"https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190620 [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", - "url": "https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" + "refsource":"MLIST", + "name":"[announce] 20190620 [SECURITY][CORRECTION] CVE-2019-10072 Apache Tomcat HTTP/2 DoS", + "url":"https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1a3f878d27", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1a3f878d27", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K17321505", - "url": "https://support.f5.com/csp/article/K17321505" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K17321505", + "url":"https://support.f5.com/csp/article/K17321505" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1673", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1673", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d66febb5df", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d66febb5df", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "107674", - "url": "http://www.securityfocus.com/bid/107674" + "refsource":"BID", + "name":"107674", + "url":"http://www.securityfocus.com/bid/107674" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1723", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1723", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1808", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1808", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "DEBIAN", - "name": "DSA-4596", - "url": "https://www.debian.org/security/2019/dsa-4596" + "refsource":"DEBIAN", + "name":"DSA-4596", + "url":"https://www.debian.org/security/2019/dsa-4596" }, { - "refsource": "BUGTRAQ", - "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/43" + "refsource":"BUGTRAQ", + "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." + "lang":"eng", + "value":"The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." } ] } diff --git a/2019/0xxx/CVE-2019-0215.json b/2019/0xxx/CVE-2019-0215.json index 9215abd1bc34..e64662ab29c4 100644 --- a/2019/0xxx/CVE-2019-0215.json +++ b/2019/0xxx/CVE-2019-0215.json @@ -1,28 +1,29 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0215", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0215", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.37" + "version_value":"2.4.37" }, { - "version_value": "2.4.38" + "version_value":"2.4.38" } ] } @@ -33,112 +34,115 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Access Control Bypass" + "lang":"eng", + "value":"Access Control Bypass" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MLIST", - "name": "[oss-security] 20190401 CVE-2019-0215: mod_ssl access control bypass", - "url": "http://www.openwall.com/lists/oss-security/2019/04/02/4" + "refsource":"MLIST", + "name":"[oss-security] 20190401 CVE-2019-0215: mod_ssl access control bypass", + "url":"http://www.openwall.com/lists/oss-security/2019/04/02/4" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190402 svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190402 svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "BID", - "name": "107667", - "url": "http://www.securityfocus.com/bid/107667" + "refsource":"BID", + "name":"107667", + "url":"http://www.securityfocus.com/bid/107667" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf7695b470", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf7695b470", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-119b14075a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" + "refsource":"FEDORA", + "name":"FEDORA-2019-119b14075a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { - "refsource": "MISC", - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource":"MISC", + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K59440504", - "url": "https://support.f5.com/csp/article/K59440504" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K59440504", + "url":"https://support.f5.com/csp/article/K59440504" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190423-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190423-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190423-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0980", - "url": "https://access.redhat.com/errata/RHSA-2019:0980" + "refsource":"REDHAT", + "name":"RHSA-2019:0980", + "url":"https://access.redhat.com/errata/RHSA-2019:0980" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a4ed7400f4", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a4ed7400f4", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb@%3Cdev.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb@%3Cdev.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190806 svn commit: r1864463 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190806 svn commit: r1864463 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", - "url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47@%3Cdev.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t", + "url":"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47@%3Cdev.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", - "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" + "refsource":"MLIST", + "name":"[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions." + "lang":"eng", + "value":"In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions." } ] } diff --git a/2019/0xxx/CVE-2019-0221.json b/2019/0xxx/CVE-2019-0221.json index bed0c3c5f035..7c532a772b7d 100644 --- a/2019/0xxx/CVE-2019-0221.json +++ b/2019/0xxx/CVE-2019-0221.json @@ -1,31 +1,32 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0221", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0221", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.0.17" + "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.0.17" }, { - "version_value": "8.5.0 to 8.5.39" + "version_value":"8.5.0 to 8.5.39" }, { - "version_value": "7.0.0 to 7.0.93" + "version_value":"7.0.0 to 7.0.93" } ] } @@ -36,117 +37,120 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Cross-Site Scripting" + "lang":"eng", + "value":"Cross-Site Scripting" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E", - "url": "https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E", + "url":"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "FULLDISC", - "name": "20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221", - "url": "http://seclists.org/fulldisclosure/2019/May/50" + "refsource":"FULLDISC", + "name":"20190529 XSS in SSI printenv command - Apache Tomcat - CVE-2019-0221", + "url":"http://seclists.org/fulldisclosure/2019/May/50" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190530 [SECURITY] [DLA 1810-1] tomcat7 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190530 [SECURITY] [DLA 1810-1] tomcat7 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html" }, { - "refsource": "BID", - "name": "108545", - "url": "http://www.securityfocus.com/bid/108545" + "refsource":"BID", + "name":"108545", + "url":"http://www.securityfocus.com/bid/108545" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190606-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190606-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190606-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190606-0001/" }, { - "refsource": "MISC", - "name": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/", - "url": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/" + "refsource":"MISC", + "name":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/", + "url":"https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1a3f878d27", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1a3f878d27", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1673", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1673", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d66febb5df", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d66febb5df", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1808", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1808", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html" }, { - "refsource": "UBUNTU", - "name": "USN-4128-1", - "url": "https://usn.ubuntu.com/4128-1/" + "refsource":"UBUNTU", + "name":"USN-4128-1", + "url":"https://usn.ubuntu.com/4128-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4128-2", - "url": "https://usn.ubuntu.com/4128-2/" + "refsource":"UBUNTU", + "name":"USN-4128-2", + "url":"https://usn.ubuntu.com/4128-2/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "DEBIAN", - "name": "DSA-4596", - "url": "https://www.debian.org/security/2019/dsa-4596" + "refsource":"DEBIAN", + "name":"DSA-4596", + "url":"https://www.debian.org/security/2019/dsa-4596" }, { - "refsource": "BUGTRAQ", - "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/43" + "refsource":"BUGTRAQ", + "name":"20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website." + "lang":"eng", + "value":"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website." } ] } diff --git a/2019/0xxx/CVE-2019-0227.json b/2019/0xxx/CVE-2019-0227.json index 08538c3a9320..9feb55d4701c 100644 --- a/2019/0xxx/CVE-2019-0227.json +++ b/2019/0xxx/CVE-2019-0227.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0227", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0227", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Axis 1.4", - "version": { - "version_data": [ + "product_name":"Apache Axis 1.4", + "version":{ + "version_data":[ { - "version_value": "Apache Axis 1.4" + "version_value":"Apache Axis 1.4" } ] } @@ -30,37 +31,40 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "SSRF" + "lang":"eng", + "value":"SSRF" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/", - "url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/" + "refsource":"MISC", + "name":"https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/", + "url":"https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue." + "lang":"eng", + "value":"A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue." } ] } diff --git a/2019/0xxx/CVE-2019-0232.json b/2019/0xxx/CVE-2019-0232.json index 3a88bc62490c..c41c4eaf486f 100644 --- a/2019/0xxx/CVE-2019-0232.json +++ b/2019/0xxx/CVE-2019-0232.json @@ -1,31 +1,32 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-0232", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-0232", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Tomcat", - "version": { - "version_data": [ + "product_name":"Tomcat", + "version":{ + "version_data":[ { - "version_value": "9.0.0.M1 to 9.0.17" + "version_value":"9.0.0.M1 to 9.0.17" }, { - "version_value": "8.5.0 to 8.5.39" + "version_value":"8.5.0 to 8.5.39" }, { - "version_value": "7.0.0 to 7.0.93" + "version_value":"7.0.0 to 7.0.93" } ] } @@ -36,142 +37,145 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Remote Code Execution" + "lang":"eng", + "value":"Remote Code Execution" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html", - "url": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html" + "refsource":"MISC", + "name":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html", + "url":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html" }, { - "refsource": "MISC", - "name": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/", - "url": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/" + "refsource":"MISC", + "name":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/", + "url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/" }, { - "refsource": "MLIST", - "name": "[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows", - "url": "https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows", + "url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle", - "url": "https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle", + "url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle", - "url": "https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle", + "url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", - "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", + "url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle", - "url": "https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle", + "url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", - "url": "https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", + "url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", - "url": "https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E" + "refsource":"MLIST", + "name":"[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232", + "url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E" }, { - "refsource": "BID", - "name": "107906", - "url": "http://www.securityfocus.com/bid/107906" + "refsource":"BID", + "name":"107906", + "url":"http://www.securityfocus.com/bid/107906" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_17", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_17" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_17", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_17" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190419-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190419-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190419-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190419-0001/" }, { - "refsource": "MLIST", - "name": "[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", - "url": "https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E" + "refsource":"MLIST", + "name":"[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", + "url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784", - "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784" + "refsource":"CONFIRM", + "name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784", + "url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784" }, { - "refsource": "FULLDISC", - "name": "20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232", - "url": "http://seclists.org/fulldisclosure/2019/May/4" + "refsource":"FULLDISC", + "name":"20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232", + "url":"http://seclists.org/fulldisclosure/2019/May/4" }, { - "refsource": "MISC", - "name": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/" + "refsource":"MISC", + "name":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/", + "url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/" }, { - "refsource": "MISC", - "name": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/", - "url": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/" + "refsource":"MISC", + "name":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/", + "url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html", - "url": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html", + "url":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1712", - "url": "https://access.redhat.com/errata/RHSA-2019:1712" + "refsource":"REDHAT", + "name":"RHSA-2019:1712", + "url":"https://access.redhat.com/errata/RHSA-2019:1712" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)." + "lang":"eng", + "value":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)." } ] } diff --git a/2019/10xxx/CVE-2019-10072.json b/2019/10xxx/CVE-2019-10072.json index 2fc9c4952701..1c5f0a90e4ee 100644 --- a/2019/10xxx/CVE-2019-10072.json +++ b/2019/10xxx/CVE-2019-10072.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10072", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10072", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache Tomcat", - "version": { - "version_data": [ + "product_name":"Apache Tomcat", + "version":{ + "version_data":[ { - "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.19, 8.5.0 to 8.5.40" + "version_value":"Apache Tomcat 9.0.0.M1 to 9.0.19, 8.5.0 to 8.5.40" } ] } @@ -30,82 +31,85 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Denial of Service" + "lang":"eng", + "value":"Denial of Service" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", - "url": "https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" + "refsource":"MISC", + "name":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E", + "url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_29", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_29" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_29", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_29" }, { - "refsource": "BID", - "name": "108874", - "url": "http://www.securityfocus.com/bid/108874" + "refsource":"BID", + "name":"108874", + "url":"http://www.securityfocus.com/bid/108874" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0002/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K17321505", - "url": "https://support.f5.com/csp/article/K17321505" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K17321505", + "url":"https://support.f5.com/csp/article/K17321505" }, { - "refsource": "UBUNTU", - "name": "USN-4128-1", - "url": "https://usn.ubuntu.com/4128-1/" + "refsource":"UBUNTU", + "name":"USN-4128-1", + "url":"https://usn.ubuntu.com/4128-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4128-2", - "url": "https://usn.ubuntu.com/4128-2/" + "refsource":"UBUNTU", + "name":"USN-4128-2", + "url":"https://usn.ubuntu.com/4128-2/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2020:0038", - "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2020:0038", + "url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." + "lang":"eng", + "value":"The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." } ] } diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json index 47acaea3ca56..7180bcc0150f 100644 --- a/2019/10xxx/CVE-2019-10086.json +++ b/2019/10xxx/CVE-2019-10086.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10086", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10086", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Commons Beanutils", - "version": { - "version_data": [ + "product_name":"Apache Commons Beanutils", + "version":{ + "version_data":[ { - "version_value": "Apache Commons Beanutils 1.0 to 1.9.3" + "version_value":"Apache Commons Beanutils 1.0 to 1.9.3" } ] } @@ -30,122 +31,125 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Information Disclosure" + "lang":"eng", + "value":"Information Disclosure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MLIST", - "name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.", - "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e" + "refsource":"MLIST", + "name":"[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.", + "url":"http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR", - "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR", + "url":"https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2058", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2058", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html" }, { - "refsource": "MLIST", - "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", - "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E" + "refsource":"MLIST", + "name":"[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", + "url":"https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", - "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E" + "refsource":"MLIST", + "name":"[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.", + "url":"https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml", - "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E" + "refsource":"MLIST", + "name":"[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml", + "url":"https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix", - "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix", + "url":"https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", - "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E" + "refsource":"MLIST", + "name":"[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix", + "url":"https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-bcad44b5d6", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/" + "refsource":"FEDORA", + "name":"FEDORA-2019-bcad44b5d6", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-79b5790566", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-79b5790566", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4317", - "url": "https://access.redhat.com/errata/RHSA-2019:4317" + "refsource":"REDHAT", + "name":"RHSA-2019:4317", + "url":"https://access.redhat.com/errata/RHSA-2019:4317" }, { - "refsource": "REDHAT", - "name": "RHSA-2020:0057", - "url": "https://access.redhat.com/errata/RHSA-2020:0057" + "refsource":"REDHAT", + "name":"RHSA-2020:0057", + "url":"https://access.redhat.com/errata/RHSA-2020:0057" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean." + "lang":"eng", + "value":"In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean." } ] } diff --git a/2019/10xxx/CVE-2019-10088.json b/2019/10xxx/CVE-2019-10088.json index 5a1686157d23..67e23979ba87 100644 --- a/2019/10xxx/CVE-2019-10088.json +++ b/2019/10xxx/CVE-2019-10088.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10088", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10088", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tika", - "version": { - "version_data": [ + "product_name":"Apache Tika", + "version":{ + "version_data":[ { - "version_value": "1.7 to 1.21" + "version_value":"1.7 to 1.21" } ] } @@ -30,52 +31,55 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS/OOM" + "lang":"eng", + "value":"DoS/OOM" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", - "url": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", + "url":"https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190828-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190828-0004/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later." + "lang":"eng", + "value":"A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10092.json b/2019/10xxx/CVE-2019-10092.json index 0145cc466b9c..53853dba144b 100644 --- a/2019/10xxx/CVE-2019-10092.json +++ b/2019/10xxx/CVE-2019-10092.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10092", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10092", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.0 to 2.4.39" + "version_value":"2.4.0 to 2.4.39" } ] } @@ -30,52 +31,55 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Limited cross-site scriptingcross-site scripting in mod_proxy" + "lang":"eng", + "value":"Limited cross-site scriptingcross-site scripting in mod_proxy" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource":"MISC", + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", - "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", + "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "BUGTRAQ", - "name": "20191016 [SECURITY] [DSA 4509-3] apache2 security update", - "url": "https://seclists.org/bugtraq/2019/Oct/24" + "refsource":"BUGTRAQ", + "name":"20191016 [SECURITY] [DSA 4509-3] apache2 security update", + "url":"https://seclists.org/bugtraq/2019/Oct/24" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4126", - "url": "https://access.redhat.com/errata/RHSA-2019:4126" + "refsource":"REDHAT", + "name":"RHSA-2019:4126", + "url":"https://access.redhat.com/errata/RHSA-2019:4126" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed." + "lang":"eng", + "value":"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed." } ] } diff --git a/2019/10xxx/CVE-2019-10093.json b/2019/10xxx/CVE-2019-10093.json index 97197b1c1959..d7e8780fa3be 100644 --- a/2019/10xxx/CVE-2019-10093.json +++ b/2019/10xxx/CVE-2019-10093.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10093", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10093", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tika", - "version": { - "version_data": [ + "product_name":"Apache Tika", + "version":{ + "version_data":[ { - "version_value": "1.19 to 1.21" + "version_value":"1.19 to 1.21" } ] } @@ -30,52 +31,55 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS" + "lang":"eng", + "value":"DoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", - "url": "https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E", + "url":"https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190828-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190828-0004/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later." + "lang":"eng", + "value":"In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10094.json b/2019/10xxx/CVE-2019-10094.json index 883b13f4dc13..b03bd5b2c80b 100644 --- a/2019/10xxx/CVE-2019-10094.json +++ b/2019/10xxx/CVE-2019-10094.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10094", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10094", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache Tika", - "version": { - "version_data": [ + "product_name":"Apache Tika", + "version":{ + "version_data":[ { - "version_value": "1.7 to 1.21" + "version_value":"1.7 to 1.21" } ] } @@ -30,47 +31,50 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "DoS" + "lang":"eng", + "value":"DoS" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", - "url": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E" + "refsource":"CONFIRM", + "name":"https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", + "url":"https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", - "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", + "url":"https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later." + "lang":"eng", + "value":"A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later." } ] } diff --git a/2019/10xxx/CVE-2019-10098.json b/2019/10xxx/CVE-2019-10098.json index 8f3cf884e052..195bf77e75fa 100644 --- a/2019/10xxx/CVE-2019-10098.json +++ b/2019/10xxx/CVE-2019-10098.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10098", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-10098", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache HTTP Server", - "version": { - "version_data": [ + "product_name":"Apache HTTP Server", + "version":{ + "version_data":[ { - "version_value": "2.4.0 to 2.4.39" + "version_value":"2.4.0 to 2.4.39" } ] } @@ -30,37 +31,40 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "mod_rewrite CWE-601 open redirect" + "lang":"eng", + "value":"mod_rewrite CWE-601 open redirect" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://httpd.apache.org/security/vulnerabilities_24.html", - "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + "refsource":"MISC", + "name":"https://httpd.apache.org/security/vulnerabilities_24.html", + "url":"https://httpd.apache.org/security/vulnerabilities_24.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL." + "lang":"eng", + "value":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL." } ] } diff --git a/2019/10xxx/CVE-2019-10246.json b/2019/10xxx/CVE-2019-10246.json index d2ac04f7b762..53eaace32647 100644 --- a/2019/10xxx/CVE-2019-10246.json +++ b/2019/10xxx/CVE-2019-10246.json @@ -1,85 +1,89 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@eclipse.org", - "ID": "CVE-2019-10246", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@eclipse.org", + "ID":"CVE-2019-10246", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Eclipse Jetty", - "version": { - "version_data": [ + "product_name":"Eclipse Jetty", + "version":{ + "version_data":[ { - "version_affected": "=", - "version_value": "9.2.27" + "version_affected":"=", + "version_value":"9.2.27" }, { - "version_affected": "=", - "version_value": "9.3.26" + "version_affected":"=", + "version_value":"9.3.26" }, { - "version_affected": "=", - "version_value": "9.4.16" + "version_affected":"=", + "version_value":"9.4.16" } ] } } ] }, - "vendor_name": "The Eclipse Foundation" + "vendor_name":"The Eclipse Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories." + "lang":"eng", + "value":"In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-213: Intentional Information Exposure" + "lang":"eng", + "value":"CWE-213: Intentional Information Exposure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", - "refsource": "CONFIRM", - "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576" + "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", + "refsource":"CONFIRM", + "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190509-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190509-0003/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/10xxx/CVE-2019-10247.json b/2019/10xxx/CVE-2019-10247.json index b375cd558423..b90e5d6447d0 100644 --- a/2019/10xxx/CVE-2019-10247.json +++ b/2019/10xxx/CVE-2019-10247.json @@ -1,113 +1,117 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@eclipse.org", - "ID": "CVE-2019-10247", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@eclipse.org", + "ID":"CVE-2019-10247", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Eclipse Jetty", - "version": { - "version_data": [ + "product_name":"Eclipse Jetty", + "version":{ + "version_data":[ { - "version_affected": "=", - "version_value": "7.x" + "version_affected":"=", + "version_value":"7.x" }, { - "version_affected": "=", - "version_value": "8.x" + "version_affected":"=", + "version_value":"8.x" }, { - "version_affected": "<=", - "version_value": "9.2.27" + "version_affected":"<=", + "version_value":"9.2.27" }, { - "version_affected": "<=", - "version_value": "9.3.26" + "version_affected":"<=", + "version_value":"9.3.26" }, { - "version_affected": "<=", - "version_value": "9.4.16" + "version_affected":"<=", + "version_value":"9.4.16" } ] } } ] }, - "vendor_name": "The Eclipse Foundation" + "vendor_name":"The Eclipse Foundation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context." + "lang":"eng", + "value":"In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-213: Intentional Information Exposure" + "lang":"eng", + "value":"CWE-213: Intentional Information Exposure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577", - "refsource": "CONFIRM", - "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577" + "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577", + "refsource":"CONFIRM", + "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190509-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190509-0003/" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", - "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", + "url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", - "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" + "refsource":"MLIST", + "name":"[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", + "url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index f6e31caa7123..cad2d750cd70 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -1,301 +1,305 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-11358", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-11358", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_19", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_19", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_19" }, { - "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", - "refsource": "MISC", - "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009" + "url":"https://backdropcms.org/security/backdrop-sa-core-2019-009", + "refsource":"MISC", + "name":"https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { - "url": "https://www.drupal.org/sa-core-2019-006", - "refsource": "MISC", - "name": "https://www.drupal.org/sa-core-2019-006" + "url":"https://www.drupal.org/sa-core-2019-006", + "refsource":"MISC", + "name":"https://www.drupal.org/sa-core-2019-006" }, { - "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", - "refsource": "MISC", - "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" + "url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", + "refsource":"MISC", + "name":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { - "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", - "refsource": "MISC", - "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" + "url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006", + "refsource":"MISC", + "name":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { - "url": "https://github.com/jquery/jquery/pull/4333", - "refsource": "MISC", - "name": "https://github.com/jquery/jquery/pull/4333" + "url":"https://github.com/jquery/jquery/pull/4333", + "refsource":"MISC", + "name":"https://github.com/jquery/jquery/pull/4333" }, { - "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", - "refsource": "MISC", - "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" + "url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", + "refsource":"MISC", + "name":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { - "refsource": "DEBIAN", - "name": "DSA-4434", - "url": "https://www.debian.org/security/2019/dsa-4434" + "refsource":"DEBIAN", + "name":"DSA-4434", + "url":"https://www.debian.org/security/2019/dsa-4434" }, { - "refsource": "BUGTRAQ", - "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", - "url": "https://seclists.org/bugtraq/2019/Apr/32" + "refsource":"BUGTRAQ", + "name":"20190421 [SECURITY] [DSA 4434-1] drupal7 security update", + "url":"https://seclists.org/bugtraq/2019/Apr/32" }, { - "refsource": "BID", - "name": "108023", - "url": "http://www.securityfocus.com/bid/108023" + "refsource":"BID", + "name":"108023", + "url":"http://www.securityfocus.com/bid/108023" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", - "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" + "refsource":"MLIST", + "name":"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", + "url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-eba8e44ee6", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" + "refsource":"FEDORA", + "name":"FEDORA-2019-eba8e44ee6", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1a3edd7e8a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1a3edd7e8a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7eaf0bbe7c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7eaf0bbe7c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-2a0ce0c58c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" + "refsource":"FEDORA", + "name":"FEDORA-2019-2a0ce0c58c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a06dffab1c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a06dffab1c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f563e66380", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f563e66380", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" }, { - "refsource": "BUGTRAQ", - "name": "20190509 dotCMS v5.1.1 Vulnerabilities", - "url": "https://seclists.org/bugtraq/2019/May/18" + "refsource":"BUGTRAQ", + "name":"20190509 dotCMS v5.1.1 Vulnerabilities", + "url":"https://seclists.org/bugtraq/2019/May/18" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", - "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", + "url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/11" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/11" }, { - "refsource": "FULLDISC", - "name": "20190510 dotCMS v5.1.1 Vulnerabilities", - "url": "http://seclists.org/fulldisclosure/2019/May/10" + "refsource":"FULLDISC", + "name":"20190510 dotCMS v5.1.1 Vulnerabilities", + "url":"http://seclists.org/fulldisclosure/2019/May/10" }, { - "refsource": "FULLDISC", - "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", - "url": "http://seclists.org/fulldisclosure/2019/May/13" + "refsource":"FULLDISC", + "name":"20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", + "url":"http://seclists.org/fulldisclosure/2019/May/13" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", - "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" + "refsource":"MLIST", + "name":"[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", + "url":"http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", - "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", + "url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1456", - "url": "https://access.redhat.com/errata/RHSA-2019:1456" + "refsource":"REDHAT", + "name":"RHSA-2019:1456", + "url":"https://access.redhat.com/errata/RHSA-2019:1456" }, { - "refsource": "DEBIAN", - "name": "DSA-4460", - "url": "https://www.debian.org/security/2019/dsa-4460" + "refsource":"DEBIAN", + "name":"DSA-4460", + "url":"https://www.debian.org/security/2019/dsa-4460" }, { - "refsource": "BUGTRAQ", - "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", - "url": "https://seclists.org/bugtraq/2019/Jun/12" + "refsource":"BUGTRAQ", + "name":"20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url":"https://seclists.org/bugtraq/2019/Jun/12" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MISC", - "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", - "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" + "refsource":"MISC", + "name":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", + "url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1839", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1839", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:1570", - "url": "https://access.redhat.com/errata/RHBA-2019:1570" + "refsource":"REDHAT", + "name":"RHBA-2019:1570", + "url":"https://access.redhat.com/errata/RHBA-2019:1570" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1872", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1872", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { - "refsource": "MLIST", - "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", - "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" + "refsource":"MLIST", + "name":"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", + "url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2587", - "url": "https://access.redhat.com/errata/RHSA-2019:2587" + "refsource":"REDHAT", + "name":"RHSA-2019:2587", + "url":"https://access.redhat.com/errata/RHSA-2019:2587" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3023", - "url": "https://access.redhat.com/errata/RHSA-2019:3023" + "refsource":"REDHAT", + "name":"RHSA-2019:3023", + "url":"https://access.redhat.com/errata/RHSA-2019:3023" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3024", - "url": "https://access.redhat.com/errata/RHSA-2019:3024" + "refsource":"REDHAT", + "name":"RHSA-2019:3024", + "url":"https://access.redhat.com/errata/RHSA-2019:3024" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index cf30c1f3f0ae..58384f03d5a4 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -1,244 +1,248 @@ + { - "CVE_data_meta": { - "AKA": "SACK Panic", - "ASSIGNER": "security@ubuntu.com", - "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", - "ID": "CVE-2019-11477", - "STATE": "PUBLIC", - "TITLE": "Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs" + "CVE_data_meta":{ + "AKA":"SACK Panic", + "ASSIGNER":"security@ubuntu.com", + "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", + "ID":"CVE-2019-11477", + "STATE":"PUBLIC", + "TITLE":"Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Linux kernel", - "version": { - "version_data": [ + "product_name":"Linux kernel", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "4.4", - "version_value": "4.4.182" + "version_affected":"<", + "version_name":"4.4", + "version_value":"4.4.182" }, { - "version_affected": "<", - "version_name": "4.9", - "version_value": "4.9.182" + "version_affected":"<", + "version_name":"4.9", + "version_value":"4.9.182" }, { - "version_affected": "<", - "version_name": "4.14", - "version_value": "4.14.127" + "version_affected":"<", + "version_name":"4.14", + "version_value":"4.14.127" }, { - "version_affected": "<", - "version_name": "4.19", - "version_value": "4.19.52" + "version_affected":"<", + "version_name":"4.19", + "version_value":"4.19.52" }, { - "version_affected": "<", - "version_name": "5.1", - "version_value": "5.1.11" + "version_affected":"<", + "version_name":"5.1", + "version_value":"5.1.11" } ] } } ] }, - "vendor_name": "Linux" + "vendor_name":"Linux" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Jonathan Looney from Netflix" + "lang":"eng", + "value":"Jonathan Looney from Netflix" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." } ] }, - "generator": { - "engine": "Vulnogram 0.0.7" + "generator":{ + "engine":"Vulnogram 0.0.7" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"HIGH", + "baseScore":7.5, + "baseSeverity":"HIGH", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-190 Integer Overflow or Wraparound" + "lang":"eng", + "value":"CWE-190 Integer Overflow or Wraparound" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { - "refsource": "MISC", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource":"MISC", + "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "MISC", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource":"MISC", + "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "MISC", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", - "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource":"MISC", + "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", + "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K78234183", - "url": "https://support.f5.com/csp/article/K78234183" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K78234183", + "url":"https://support.f5.com/csp/article/K78234183" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", - "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", + "url":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { - "refsource": "CONFIRM", - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource":"CONFIRM", + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource": "CERT-VN", - "name": "VU#905115", - "url": "https://www.kb.cert.org/vuls/id/905115" + "refsource":"CERT-VN", + "name":"VU#905115", + "url":"https://www.kb.cert.org/vuls/id/905115" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", - "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" + "refsource":"MLIST", + "name":"[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", + "url":"http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1594", - "url": "https://access.redhat.com/errata/RHSA-2019:1594" + "refsource":"REDHAT", + "name":"RHSA-2019:1594", + "url":"https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1602", - "url": "https://access.redhat.com/errata/RHSA-2019:1602" + "refsource":"REDHAT", + "name":"RHSA-2019:1602", + "url":"https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource": "CONFIRM", - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" + "refsource":"CONFIRM", + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource":"MLIST", + "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource": "CONFIRM", - "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", - "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" + "refsource":"CONFIRM", + "name":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html", + "url":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1699", - "url": "https://access.redhat.com/errata/RHSA-2019:1699" + "refsource":"REDHAT", + "name":"RHSA-2019:1699", + "url":"https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource":"CONFIRM", + "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource":"MISC", + "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", - "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", + "url":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + "refsource":"MLIST", + "name":"[oss-security] 20191023 Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" + "refsource":"MLIST", + "name":"[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { - "refsource": "CONFIRM", - "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", - "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" + "refsource":"CONFIRM", + "name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", + "url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "https://usn.ubuntu.com/4017-1", - "defect": [ + "source":{ + "advisory":"https://usn.ubuntu.com/4017-1", + "defect":[ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637" ], - "discovery": "UNKNOWN" + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index 1edf4ccc9ce4..fc83e8bbeab9 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -1,243 +1,247 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@ubuntu.com", - "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", - "ID": "CVE-2019-11478", - "STATE": "PUBLIC", - "TITLE": "SACK can cause extensive memory use via fragmented resend queue" + "CVE_data_meta":{ + "ASSIGNER":"security@ubuntu.com", + "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", + "ID":"CVE-2019-11478", + "STATE":"PUBLIC", + "TITLE":"SACK can cause extensive memory use via fragmented resend queue" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Linux kernel", - "version": { - "version_data": [ + "product_name":"Linux kernel", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "4.4", - "version_value": "4.4.182" + "version_affected":"<", + "version_name":"4.4", + "version_value":"4.4.182" }, { - "version_affected": "<", - "version_name": "4.9", - "version_value": "4.9.182" + "version_affected":"<", + "version_name":"4.9", + "version_value":"4.9.182" }, { - "version_affected": "<", - "version_name": "4.14", - "version_value": "4.14.127" + "version_affected":"<", + "version_name":"4.14", + "version_value":"4.14.127" }, { - "version_affected": "<", - "version_name": "4.19", - "version_value": "4.19.52" + "version_affected":"<", + "version_name":"4.19", + "version_value":"4.19.52" }, { - "version_affected": "<", - "version_name": "5.1", - "version_value": "5.1.11" + "version_affected":"<", + "version_name":"5.1", + "version_value":"5.1.11" } ] } } ] }, - "vendor_name": "Linux" + "vendor_name":"Linux" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Jonathan Looney from Netflix" + "lang":"eng", + "value":"Jonathan Looney from Netflix" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." } ] }, - "generator": { - "engine": "Vulnogram 0.0.7" + "generator":{ + "engine":"Vulnogram 0.0.7" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"LOW", + "baseScore":5.3, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-770 Allocation of Resources Without Limits or Throttling" + "lang":"eng", + "value":"CWE-770 Allocation of Resources Without Limits or Throttling" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource":"MISC", + "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "MISC", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource":"MISC", + "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "MISC", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", - "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource":"MISC", + "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", + "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K26618426", - "url": "https://support.f5.com/csp/article/K26618426" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K26618426", + "url":"https://support.f5.com/csp/article/K26618426" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", - "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", + "url":"http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { - "refsource": "CONFIRM", - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource":"CONFIRM", + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource": "CERT-VN", - "name": "VU#905115", - "url": "https://www.kb.cert.org/vuls/id/905115" + "refsource":"CERT-VN", + "name":"VU#905115", + "url":"https://www.kb.cert.org/vuls/id/905115" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1594", - "url": "https://access.redhat.com/errata/RHSA-2019:1594" + "refsource":"REDHAT", + "name":"RHSA-2019:1594", + "url":"https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1602", - "url": "https://access.redhat.com/errata/RHSA-2019:1602" + "refsource":"REDHAT", + "name":"RHSA-2019:1602", + "url":"https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource": "CONFIRM", - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" + "refsource":"CONFIRM", + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource":"MLIST", + "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource": "CONFIRM", - "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", - "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" + "refsource":"CONFIRM", + "name":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html", + "url":"http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1699", - "url": "https://access.redhat.com/errata/RHSA-2019:1699" + "refsource":"REDHAT", + "name":"RHSA-2019:1699", + "url":"https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource": "BUGTRAQ", - "name": "20190722 [SECURITY] [DSA 4484-1] linux security update", - "url": "https://seclists.org/bugtraq/2019/Jul/30" + "refsource":"BUGTRAQ", + "name":"20190722 [SECURITY] [DSA 4484-1] linux security update", + "url":"https://seclists.org/bugtraq/2019/Jul/30" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", - "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", + "url":"http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource":"CONFIRM", + "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource":"MISC", + "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", - "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", + "url":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + "refsource":"MLIST", + "name":"[oss-security] 20191023 Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", - "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" + "refsource":"MLIST", + "name":"[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url":"http://www.openwall.com/lists/oss-security/2019/10/29/3" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "https://usn.ubuntu.com/4017-1", - "defect": [ + "source":{ + "advisory":"https://usn.ubuntu.com/4017-1", + "defect":[ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638" ], - "discovery": "UNKNOWN" + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11479.json b/2019/11xxx/CVE-2019-11479.json index 0909cbc33146..3e0a74148567 100644 --- a/2019/11xxx/CVE-2019-11479.json +++ b/2019/11xxx/CVE-2019-11479.json @@ -1,231 +1,235 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security@ubuntu.com", - "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", - "ID": "CVE-2019-11479", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"security@ubuntu.com", + "DATE_PUBLIC":"2019-06-17T00:00:00.000Z", + "ID":"CVE-2019-11479", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "Linux kernel", - "version": { - "version_data": [ + "product_name":"Linux kernel", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "4.4", - "version_value": "4.4.182" + "version_affected":"<", + "version_name":"4.4", + "version_value":"4.4.182" }, { - "version_affected": "<", - "version_name": "4.9", - "version_value": "4.9.182" + "version_affected":"<", + "version_name":"4.9", + "version_value":"4.9.182" }, { - "version_affected": "<", - "version_name": "4.14", - "version_value": "4.14.127" + "version_affected":"<", + "version_name":"4.14", + "version_value":"4.14.127" }, { - "version_affected": "<", - "version_name": "4.19", - "version_value": "4.19.52" + "version_affected":"<", + "version_name":"4.19", + "version_value":"4.19.52" }, { - "version_affected": "<", - "version_name": "5.1", - "version_value": "5.1.11" + "version_affected":"<", + "version_name":"5.1", + "version_value":"5.1.11" } ] } } ] }, - "vendor_name": "Linux" + "vendor_name":"Linux" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Jonathan Looney from Netflix" + "lang":"eng", + "value":"Jonathan Looney from Netflix" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." } ] }, - "generator": { - "engine": "Vulnogram 0.0.7" + "generator":{ + "engine":"Vulnogram 0.0.7" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" + "impact":{ + "cvss":{ + "attackComplexity":"LOW", + "attackVector":"NETWORK", + "availabilityImpact":"LOW", + "baseScore":5.3, + "baseSeverity":"MEDIUM", + "confidentialityImpact":"NONE", + "integrityImpact":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "userInteraction":"NONE", + "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version":"3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-405 Asymmetric Resource Consumption (Amplification)" + "lang":"eng", + "value":"CWE-405 Asymmetric Resource Consumption (Amplification)" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", - "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource":"MISC", + "url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "MISC", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", - "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource":"MISC", + "url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "MISC", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", - "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource":"MISC", + "url":"https://access.redhat.com/security/vulnerabilities/tcpsack", + "name":"https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { - "refsource": "MISC", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" + "refsource":"MISC", + "url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", + "name":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K35421172", - "url": "https://support.f5.com/csp/article/K35421172" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K35421172", + "url":"https://support.f5.com/csp/article/K35421172" }, { - "refsource": "BID", - "name": "108818", - "url": "http://www.securityfocus.com/bid/108818" + "refsource":"BID", + "name":"108818", + "url":"http://www.securityfocus.com/bid/108818" }, { - "refsource": "CONFIRM", - "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", - "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" + "refsource":"CONFIRM", + "name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", + "url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { - "refsource": "CERT-VN", - "name": "VU#905115", - "url": "https://www.kb.cert.org/vuls/id/905115" + "refsource":"CERT-VN", + "name":"VU#905115", + "url":"https://www.kb.cert.org/vuls/id/905115" }, { - "refsource": "CONFIRM", - "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", - "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" + "refsource":"CONFIRM", + "name":"https://www.synology.com/security/advisory/Synology_SA_19_28", + "url":"https://www.synology.com/security/advisory/Synology_SA_19_28" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0001/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1594", - "url": "https://access.redhat.com/errata/RHSA-2019:1594" + "refsource":"REDHAT", + "name":"RHSA-2019:1594", + "url":"https://access.redhat.com/errata/RHSA-2019:1594" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1602", - "url": "https://access.redhat.com/errata/RHSA-2019:1602" + "refsource":"REDHAT", + "name":"RHSA-2019:1602", + "url":"https://access.redhat.com/errata/RHSA-2019:1602" }, { - "refsource": "CONFIRM", - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" + "refsource":"CONFIRM", + "name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", + "url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10287" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" + "refsource":"MLIST", + "name":"[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { - "refsource": "UBUNTU", - "name": "USN-4041-2", - "url": "https://usn.ubuntu.com/4041-2/" + "refsource":"UBUNTU", + "name":"USN-4041-2", + "url":"https://usn.ubuntu.com/4041-2/" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", - "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + "refsource":"MLIST", + "name":"[oss-security] 20190706 Re: linux-distros membership application - Microsoft", + "url":"http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1699", - "url": "https://access.redhat.com/errata/RHSA-2019:1699" + "refsource":"REDHAT", + "name":"RHSA-2019:1699", + "url":"https://access.redhat.com/errata/RHSA-2019:1699" }, { - "refsource": "UBUNTU", - "name": "USN-4041-1", - "url": "https://usn.ubuntu.com/4041-1/" + "refsource":"UBUNTU", + "name":"USN-4041-1", + "url":"https://usn.ubuntu.com/4041-1/" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" + "refsource":"CONFIRM", + "name":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", + "url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" + "refsource":"MISC", + "name":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03", + "url":"https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "defect": [ + "source":{ + "defect":[ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286" ], - "discovery": "UNKNOWN" + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12086.json b/2019/12xxx/CVE-2019-12086.json index f32e263ec61b..6d7301e47ed1 100644 --- a/2019/12xxx/CVE-2019-12086.json +++ b/2019/12xxx/CVE-2019-12086.json @@ -1,216 +1,220 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-12086", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-12086", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/", - "refsource": "MISC", - "name": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/" + "url":"http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/", + "refsource":"MISC", + "name":"http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2326", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2326" + "url":"https://github.com/FasterXML/jackson-databind/issues/2326", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2326" }, { - "refsource": "CONFIRM", - "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9", - "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9" + "refsource":"CONFIRM", + "name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9", + "url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9" }, { - "refsource": "MLIST", - "name": "[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757", - "url": "https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E" + "refsource":"MLIST", + "name":"[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757", + "url":"https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4452", - "url": "https://www.debian.org/security/2019/dsa-4452" + "refsource":"DEBIAN", + "name":"DSA-4452", + "url":"https://www.debian.org/security/2019/dsa-4452" }, { - "refsource": "BUGTRAQ", - "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/May/68" + "refsource":"BUGTRAQ", + "name":"20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/May/68" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "BID", - "name": "109227", - "url": "http://www.securityfocus.com/bid/109227" + "refsource":"BID", + "name":"109227", + "url":"http://www.securityfocus.com/bid/109227" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2998", - "url": "https://access.redhat.com/errata/RHSA-2019:2998" + "refsource":"REDHAT", + "name":"RHSA-2019:2998", + "url":"https://access.redhat.com/errata/RHSA-2019:2998" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3044", - "url": "https://access.redhat.com/errata/RHSA-2019:3044" + "refsource":"REDHAT", + "name":"RHSA-2019:3044", + "url":"https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3045", - "url": "https://access.redhat.com/errata/RHSA-2019:3045" + "refsource":"REDHAT", + "name":"RHSA-2019:3045", + "url":"https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3050", - "url": "https://access.redhat.com/errata/RHSA-2019:3050" + "refsource":"REDHAT", + "name":"RHSA-2019:3050", + "url":"https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3046", - "url": "https://access.redhat.com/errata/RHSA-2019:3046" + "refsource":"REDHAT", + "name":"RHSA-2019:3046", + "url":"https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/12xxx/CVE-2019-12384.json b/2019/12xxx/CVE-2019-12384.json index 4bd09f980ee8..73c8ac981125 100644 --- a/2019/12xxx/CVE-2019-12384.json +++ b/2019/12xxx/CVE-2019-12384.json @@ -1,261 +1,265 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-12384", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-12384", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://doyensec.com/research.html", - "refsource": "MISC", - "name": "https://doyensec.com/research.html" + "url":"https://doyensec.com/research.html", + "refsource":"MISC", + "name":"https://doyensec.com/research.html" }, { - "url": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad" + "url":"https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource": "CONFIRM", - "name": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource":"CONFIRM", + "name":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190703-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190703-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190703-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190703-0002/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1820", - "url": "https://access.redhat.com/errata/RHSA-2019:1820" + "refsource":"REDHAT", + "name":"RHSA-2019:1820", + "url":"https://access.redhat.com/errata/RHSA-2019:1820" }, { - "refsource": "MISC", - "name": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html", - "url": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html" + "refsource":"MISC", + "name":"https://blog.doyensec.com/2019/07/22/jackson-gadgets.html", + "url":"https://blog.doyensec.com/2019/07/22/jackson-gadgets.html" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2720", - "url": "https://access.redhat.com/errata/RHSA-2019:2720" + "refsource":"REDHAT", + "name":"RHSA-2019:2720", + "url":"https://access.redhat.com/errata/RHSA-2019:2720" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "MLIST", - "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", - "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", + "url":"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2998", - "url": "https://access.redhat.com/errata/RHSA-2019:2998" + "refsource":"REDHAT", + "name":"RHSA-2019:2998", + "url":"https://access.redhat.com/errata/RHSA-2019:2998" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3292", - "url": "https://access.redhat.com/errata/RHSA-2019:3292" + "refsource":"REDHAT", + "name":"RHSA-2019:3292", + "url":"https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3297", - "url": "https://access.redhat.com/errata/RHSA-2019:3297" + "refsource":"REDHAT", + "name":"RHSA-2019:3297", + "url":"https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3901", - "url": "https://access.redhat.com/errata/RHSA-2019:3901" + "refsource":"REDHAT", + "name":"RHSA-2019:3901", + "url":"https://access.redhat.com/errata/RHSA-2019:3901" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4352", - "url": "https://access.redhat.com/errata/RHSA-2019:4352" + "refsource":"REDHAT", + "name":"RHSA-2019:4352", + "url":"https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/12xxx/CVE-2019-12406.json b/2019/12xxx/CVE-2019-12406.json index 9065dd7da7ae..54352da2e7de 100644 --- a/2019/12xxx/CVE-2019-12406.json +++ b/2019/12xxx/CVE-2019-12406.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-12406", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-12406", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache CXF", - "version": { - "version_data": [ + "product_name":"Apache CXF", + "version":{ + "version_data":[ { - "version_value": "Apache CXF versions before 3.3.4 and 3.2.11" + "version_value":"Apache CXF versions before 3.3.4 and 3.2.11" } ] } @@ -30,32 +31,35 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Denial of Service" + "lang":"eng", + "value":"Denial of Service" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc", - "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc" + "refsource":"CONFIRM", + "name":"http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc", + "url":"http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"." + "lang":"eng", + "value":"Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"." } ] } diff --git a/2019/12xxx/CVE-2019-12415.json b/2019/12xxx/CVE-2019-12415.json index 34c699e49446..f9bcfd5d0657 100644 --- a/2019/12xxx/CVE-2019-12415.json +++ b/2019/12xxx/CVE-2019-12415.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-12415", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-12415", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "Apache POI", - "version": { - "version_data": [ + "product_name":"Apache POI", + "version":{ + "version_data":[ { - "version_value": "Apache POI up to 4.1.0" + "version_value":"Apache POI up to 4.1.0" } ] } @@ -30,47 +31,50 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Information Disclosure" + "lang":"eng", + "value":"Information Disclosure" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", - "url": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E" + "refsource":"MISC", + "name":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", + "url":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", - "url": "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", + "url":"https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", - "url": "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", + "url":"https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", - "url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E" + "refsource":"MLIST", + "name":"[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", + "url":"https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing." + "lang":"eng", + "value":"In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing." } ] } diff --git a/2019/12xxx/CVE-2019-12419.json b/2019/12xxx/CVE-2019-12419.json index 2330be8ea3cb..83539ad99e0d 100644 --- a/2019/12xxx/CVE-2019-12419.json +++ b/2019/12xxx/CVE-2019-12419.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-12419", - "ASSIGNER": "security@apache.org", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-12419", + "ASSIGNER":"security@apache.org", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "Apache", - "product": { - "product_data": [ + "vendor_name":"Apache", + "product":{ + "product_data":[ { - "product_name": "Apache CXF", - "version": { - "version_data": [ + "product_name":"Apache CXF", + "version":{ + "version_data":[ { - "version_value": "versions before 3.3.4 and 3.2.11" + "version_value":"versions before 3.3.4 and 3.2.11" } ] } @@ -30,32 +31,35 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Apache CXF OpenId Connect token service does not properly validate the clientId" + "lang":"eng", + "value":"Apache CXF OpenId Connect token service does not properly validate the clientId" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc", - "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc" + "refsource":"CONFIRM", + "name":"http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc", + "url":"http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client." + "lang":"eng", + "value":"Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client." } ] } diff --git a/2019/12xxx/CVE-2019-12814.json b/2019/12xxx/CVE-2019-12814.json index fd8897ee5a10..f8615ae7a61d 100644 --- a/2019/12xxx/CVE-2019-12814.json +++ b/2019/12xxx/CVE-2019-12814.json @@ -1,311 +1,315 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-12814", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-12814", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://github.com/FasterXML/jackson-databind/issues/2341", - "url": "https://github.com/FasterXML/jackson-databind/issues/2341" + "refsource":"CONFIRM", + "name":"https://github.com/FasterXML/jackson-databind/issues/2341", + "url":"https://github.com/FasterXML/jackson-databind/issues/2341" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190625-0006/", - "url": "https://security.netapp.com/advisory/ntap-20190625-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190625-0006/", + "url":"https://security.netapp.com/advisory/ntap-20190625-0006/" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", - "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", + "url":"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "MLIST", - "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", - "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E" + "refsource":"MLIST", + "name":"[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", + "url":"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "MLIST", - "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", - "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", + "url":"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3044", - "url": "https://access.redhat.com/errata/RHSA-2019:3044" + "refsource":"REDHAT", + "name":"RHSA-2019:3044", + "url":"https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3045", - "url": "https://access.redhat.com/errata/RHSA-2019:3045" + "refsource":"REDHAT", + "name":"RHSA-2019:3045", + "url":"https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3050", - "url": "https://access.redhat.com/errata/RHSA-2019:3050" + "refsource":"REDHAT", + "name":"RHSA-2019:3050", + "url":"https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3046", - "url": "https://access.redhat.com/errata/RHSA-2019:3046" + "refsource":"REDHAT", + "name":"RHSA-2019:3046", + "url":"https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3292", - "url": "https://access.redhat.com/errata/RHSA-2019:3292" + "refsource":"REDHAT", + "name":"RHSA-2019:3292", + "url":"https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3297", - "url": "https://access.redhat.com/errata/RHSA-2019:3297" + "refsource":"REDHAT", + "name":"RHSA-2019:3297", + "url":"https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/13xxx/CVE-2019-13117.json b/2019/13xxx/CVE-2019-13117.json index 71e9a71dd909..811b57475072 100644 --- a/2019/13xxx/CVE-2019-13117.json +++ b/2019/13xxx/CVE-2019-13117.json @@ -1,96 +1,100 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-13117", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-13117", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character." + "lang":"eng", + "value":"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", - "refsource": "MISC", - "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" + "url":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", + "refsource":"MISC", + "name":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" }, { - "url": "https://oss-fuzz.com/testcase-detail/5631739747106816", - "refsource": "MISC", - "name": "https://oss-fuzz.com/testcase-detail/5631739747106816" + "url":"https://oss-fuzz.com/testcase-detail/5631739747106816", + "refsource":"MISC", + "name":"https://oss-fuzz.com/testcase-detail/5631739747106816" }, { - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", - "refsource": "MISC", - "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" + "url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", + "refsource":"MISC", + "name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190806-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190806-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190806-0004/" }, { - "refsource": "UBUNTU", - "name": "USN-4164-1", - "url": "https://usn.ubuntu.com/4164-1/" + "refsource":"UBUNTU", + "name":"USN-4164-1", + "url":"https://usn.ubuntu.com/4164-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fdf6ec39b4", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fdf6ec39b4", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", - "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" + "refsource":"MLIST", + "name":"[oss-security] 20191117 Nokogiri security update v1.10.5", + "url":"http://www.openwall.com/lists/oss-security/2019/11/17/2" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/13xxx/CVE-2019-13118.json b/2019/13xxx/CVE-2019-13118.json index dd85f0ef476e..b7899589470c 100644 --- a/2019/13xxx/CVE-2019-13118.json +++ b/2019/13xxx/CVE-2019-13118.json @@ -1,236 +1,240 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-13118", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-13118", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", - "refsource": "MISC", - "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" + "url":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", + "refsource":"MISC", + "name":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" }, { - "url": "https://oss-fuzz.com/testcase-detail/5197371471822848", - "refsource": "MISC", - "name": "https://oss-fuzz.com/testcase-detail/5197371471822848" + "url":"https://oss-fuzz.com/testcase-detail/5197371471822848", + "refsource":"MISC", + "name":"https://oss-fuzz.com/testcase-detail/5197371471822848" }, { - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", - "refsource": "MISC", - "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" + "url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", + "refsource":"MISC", + "name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210348", - "url": "https://support.apple.com/kb/HT210348" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210348", + "url":"https://support.apple.com/kb/HT210348" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210353", - "url": "https://support.apple.com/kb/HT210353" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210353", + "url":"https://support.apple.com/kb/HT210353" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210351", - "url": "https://support.apple.com/kb/HT210351" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210351", + "url":"https://support.apple.com/kb/HT210351" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210346", - "url": "https://support.apple.com/kb/HT210346" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210346", + "url":"https://support.apple.com/kb/HT210346" }, { - "refsource": "BUGTRAQ", - "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Jul/35" + "refsource":"BUGTRAQ", + "name":"20190723 APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Jul/35" }, { - "refsource": "BUGTRAQ", - "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Jul/37" + "refsource":"BUGTRAQ", + "name":"20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Jul/37" }, { - "refsource": "BUGTRAQ", - "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "https://seclists.org/bugtraq/2019/Jul/36" + "refsource":"BUGTRAQ", + "name":"20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"https://seclists.org/bugtraq/2019/Jul/36" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "http://seclists.org/fulldisclosure/2019/Jul/24" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"http://seclists.org/fulldisclosure/2019/Jul/24" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Jul/23" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Jul/23" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url": "http://seclists.org/fulldisclosure/2019/Jul/22" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url":"http://seclists.org/fulldisclosure/2019/Jul/22" }, { - "refsource": "FULLDISC", - "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Jul/26" + "refsource":"FULLDISC", + "name":"20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Jul/26" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210356", - "url": "https://support.apple.com/kb/HT210356" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210356", + "url":"https://support.apple.com/kb/HT210356" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210357", - "url": "https://support.apple.com/kb/HT210357" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210357", + "url":"https://support.apple.com/kb/HT210357" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT210358", - "url": "https://support.apple.com/kb/HT210358" + "refsource":"CONFIRM", + "name":"https://support.apple.com/kb/HT210358", + "url":"https://support.apple.com/kb/HT210358" }, { - "refsource": "BUGTRAQ", - "name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", - "url": "https://seclists.org/bugtraq/2019/Jul/42" + "refsource":"BUGTRAQ", + "name":"20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", + "url":"https://seclists.org/bugtraq/2019/Jul/42" }, { - "refsource": "BUGTRAQ", - "name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", - "url": "https://seclists.org/bugtraq/2019/Jul/40" + "refsource":"BUGTRAQ", + "name":"20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", + "url":"https://seclists.org/bugtraq/2019/Jul/40" }, { - "refsource": "BUGTRAQ", - "name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", - "url": "https://seclists.org/bugtraq/2019/Jul/41" + "refsource":"BUGTRAQ", + "name":"20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", + "url":"https://seclists.org/bugtraq/2019/Jul/41" }, { - "refsource": "FULLDISC", - "name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", - "url": "http://seclists.org/fulldisclosure/2019/Jul/31" + "refsource":"FULLDISC", + "name":"20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", + "url":"http://seclists.org/fulldisclosure/2019/Jul/31" }, { - "refsource": "FULLDISC", - "name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", - "url": "http://seclists.org/fulldisclosure/2019/Jul/37" + "refsource":"FULLDISC", + "name":"20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", + "url":"http://seclists.org/fulldisclosure/2019/Jul/37" }, { - "refsource": "FULLDISC", - "name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", - "url": "http://seclists.org/fulldisclosure/2019/Jul/38" + "refsource":"FULLDISC", + "name":"20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", + "url":"http://seclists.org/fulldisclosure/2019/Jul/38" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190806-0004/", - "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190806-0004/", + "url":"https://security.netapp.com/advisory/ntap-20190806-0004/" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Aug/25" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Aug/25" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "https://seclists.org/bugtraq/2019/Aug/22" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"https://seclists.org/bugtraq/2019/Aug/22" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "https://seclists.org/bugtraq/2019/Aug/23" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"https://seclists.org/bugtraq/2019/Aug/23" }, { - "refsource": "BUGTRAQ", - "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url": "https://seclists.org/bugtraq/2019/Aug/21" + "refsource":"BUGTRAQ", + "name":"20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url":"https://seclists.org/bugtraq/2019/Aug/21" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", - "url": "http://seclists.org/fulldisclosure/2019/Aug/14" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", + "url":"http://seclists.org/fulldisclosure/2019/Aug/14" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", - "url": "http://seclists.org/fulldisclosure/2019/Aug/11" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", + "url":"http://seclists.org/fulldisclosure/2019/Aug/11" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Aug/13" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Aug/13" }, { - "refsource": "FULLDISC", - "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", - "url": "http://seclists.org/fulldisclosure/2019/Aug/15" + "refsource":"FULLDISC", + "name":"20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", + "url":"http://seclists.org/fulldisclosure/2019/Aug/15" }, { - "refsource": "UBUNTU", - "name": "USN-4164-1", - "url": "https://usn.ubuntu.com/4164-1/" + "refsource":"UBUNTU", + "name":"USN-4164-1", + "url":"https://usn.ubuntu.com/4164-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fdf6ec39b4", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fdf6ec39b4", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { - "refsource": "MLIST", - "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", - "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" + "refsource":"MLIST", + "name":"[oss-security] 20191117 Nokogiri security update v1.10.5", + "url":"http://www.openwall.com/lists/oss-security/2019/11/17/2" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14379.json b/2019/14xxx/CVE-2019-14379.json index 45c83e7656fe..ddf0e5ed88cd 100644 --- a/2019/14xxx/CVE-2019-14379.json +++ b/2019/14xxx/CVE-2019-14379.json @@ -1,301 +1,305 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-14379", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-14379", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/issues/2387", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2387" + "url":"https://github.com/FasterXML/jackson-databind/issues/2387", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2387" }, { - "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" + "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { - "refsource": "MLIST", - "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)", - "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E" + "refsource":"MLIST", + "name":"[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)", + "url":"https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)", - "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E" + "refsource":"MLIST", + "name":"[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)", + "url":"https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190814-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190814-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190814-0001/" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind", - "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind", + "url":"https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2743", - "url": "https://access.redhat.com/errata/RHSA-2019:2743" + "refsource":"REDHAT", + "name":"RHSA-2019:2743", + "url":"https://access.redhat.com/errata/RHSA-2019:2743" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-99ff6aa32c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-99ff6aa32c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2858", - "url": "https://access.redhat.com/errata/RHSA-2019:2858" + "refsource":"REDHAT", + "name":"RHSA-2019:2858", + "url":"https://access.redhat.com/errata/RHSA-2019:2858" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2937", - "url": "https://access.redhat.com/errata/RHSA-2019:2937" + "refsource":"REDHAT", + "name":"RHSA-2019:2937", + "url":"https://access.redhat.com/errata/RHSA-2019:2937" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2935", - "url": "https://access.redhat.com/errata/RHSA-2019:2935" + "refsource":"REDHAT", + "name":"RHSA-2019:2935", + "url":"https://access.redhat.com/errata/RHSA-2019:2935" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2936", - "url": "https://access.redhat.com/errata/RHSA-2019:2936" + "refsource":"REDHAT", + "name":"RHSA-2019:2936", + "url":"https://access.redhat.com/errata/RHSA-2019:2936" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2938", - "url": "https://access.redhat.com/errata/RHSA-2019:2938" + "refsource":"REDHAT", + "name":"RHSA-2019:2938", + "url":"https://access.redhat.com/errata/RHSA-2019:2938" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2998", - "url": "https://access.redhat.com/errata/RHSA-2019:2998" + "refsource":"REDHAT", + "name":"RHSA-2019:2998", + "url":"https://access.redhat.com/errata/RHSA-2019:2998" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:2824", - "url": "https://access.redhat.com/errata/RHBA-2019:2824" + "refsource":"REDHAT", + "name":"RHBA-2019:2824", + "url":"https://access.redhat.com/errata/RHBA-2019:2824" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3044", - "url": "https://access.redhat.com/errata/RHSA-2019:3044" + "refsource":"REDHAT", + "name":"RHSA-2019:3044", + "url":"https://access.redhat.com/errata/RHSA-2019:3044" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3045", - "url": "https://access.redhat.com/errata/RHSA-2019:3045" + "refsource":"REDHAT", + "name":"RHSA-2019:3045", + "url":"https://access.redhat.com/errata/RHSA-2019:3045" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3050", - "url": "https://access.redhat.com/errata/RHSA-2019:3050" + "refsource":"REDHAT", + "name":"RHSA-2019:3050", + "url":"https://access.redhat.com/errata/RHSA-2019:3050" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3046", - "url": "https://access.redhat.com/errata/RHSA-2019:3046" + "refsource":"REDHAT", + "name":"RHSA-2019:3046", + "url":"https://access.redhat.com/errata/RHSA-2019:3046" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3149", - "url": "https://access.redhat.com/errata/RHSA-2019:3149" + "refsource":"REDHAT", + "name":"RHSA-2019:3149", + "url":"https://access.redhat.com/errata/RHSA-2019:3149" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3292", - "url": "https://access.redhat.com/errata/RHSA-2019:3292" + "refsource":"REDHAT", + "name":"RHSA-2019:3292", + "url":"https://access.redhat.com/errata/RHSA-2019:3292" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3297", - "url": "https://access.redhat.com/errata/RHSA-2019:3297" + "refsource":"REDHAT", + "name":"RHSA-2019:3297", + "url":"https://access.redhat.com/errata/RHSA-2019:3297" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3901", - "url": "https://access.redhat.com/errata/RHSA-2019:3901" + "refsource":"REDHAT", + "name":"RHSA-2019:3901", + "url":"https://access.redhat.com/errata/RHSA-2019:3901" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14439.json b/2019/14xxx/CVE-2019-14439.json index 1218dc01aa7d..5e18ba0583fa 100644 --- a/2019/14xxx/CVE-2019-14439.json +++ b/2019/14xxx/CVE-2019-14439.json @@ -1,181 +1,185 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-14439", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-14439", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" + "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2389", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2389" + "url":"https://github.com/FasterXML/jackson-databind/issues/2389", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2389" }, { - "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" + "url":"https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190814-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190814-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190814-0001/" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", - "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" + "refsource":"MLIST", + "name":"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", + "url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", - "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" + "refsource":"MLIST", + "name":"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", + "url":"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", - "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" + "refsource":"MLIST", + "name":"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", + "url":"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ae6a703b8f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ae6a703b8f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-fb23eccc03", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" + "refsource":"FEDORA", + "name":"FEDORA-2019-fb23eccc03", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index bdd8df4e2134..9787fd0af6a8 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -1,166 +1,170 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-14540", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-14540", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2449", - "url": "https://github.com/FasterXML/jackson-databind/issues/2449" + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2449", + "url":"https://github.com/FasterXML/jackson-databind/issues/2449" }, { - "refsource": "CONFIRM", - "name": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x", - "url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x" + "refsource":"CONFIRM", + "name":"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x", + "url":"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x" }, { - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2410", - "url": "https://github.com/FasterXML/jackson-databind/issues/2410" + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2410", + "url":"https://github.com/FasterXML/jackson-databind/issues/2410" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10", - "url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E" + "refsource":"MLIST", + "name":"[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10", + "url":"https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0002/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0002/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0002/" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/15xxx/CVE-2019-15845.json b/2019/15xxx/CVE-2019-15845.json index 7a17728eaa3a..6432cbe61953 100644 --- a/2019/15xxx/CVE-2019-15845.json +++ b/2019/15xxx/CVE-2019-15845.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-15845", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-15845", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions." + "lang":"eng", + "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/449617", - "refsource": "MISC", - "name": "https://hackerone.com/reports/449617" + "url":"https://hackerone.com/reports/449617", + "refsource":"MISC", + "name":"https://hackerone.com/reports/449617" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "UBUNTU", - "name": "USN-4201-1", - "url": "https://usn.ubuntu.com/4201-1/" + "refsource":"UBUNTU", + "name":"USN-4201-1", + "url":"https://usn.ubuntu.com/4201-1/" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16168.json b/2019/16xxx/CVE-2019-16168.json index 6dfa708700b0..29c2a098f8cd 100644 --- a/2019/16xxx/CVE-2019-16168.json +++ b/2019/16xxx/CVE-2019-16168.json @@ -1,96 +1,100 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16168", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16168", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"" + "lang":"eng", + "value":"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"" } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html" }, { - "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b", - "refsource": "MISC", - "name": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b" + "url":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b", + "refsource":"MISC", + "name":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b" }, { - "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", - "refsource": "MISC", - "name": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62" + "url":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62", + "refsource":"MISC", + "name":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190926-0003/", - "url": "https://security.netapp.com/advisory/ntap-20190926-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190926-0003/", + "url":"https://security.netapp.com/advisory/ntap-20190926-0003/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2300", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2300", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2298", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2298", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html" }, { - "refsource": "UBUNTU", - "name": "USN-4205-1", - "url": "https://usn.ubuntu.com/4205-1/" + "refsource":"UBUNTU", + "name":"USN-4205-1", + "url":"https://usn.ubuntu.com/4205-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b1636e0b70", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b1636e0b70", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json index 2e6ff5abd786..a250b6c81bbc 100644 --- a/2019/16xxx/CVE-2019-16201.json +++ b/2019/16xxx/CVE-2019-16201.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16201", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16201", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network." + "lang":"eng", + "value":"WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/661722", - "refsource": "MISC", - "name": "https://hackerone.com/reports/661722" + "url":"https://hackerone.com/reports/661722", + "refsource":"MISC", + "name":"https://hackerone.com/reports/661722" }, { - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MISC", + "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16254.json b/2019/16xxx/CVE-2019-16254.json index f828fe0c6969..3f71d365a5f1 100644 --- a/2019/16xxx/CVE-2019-16254.json +++ b/2019/16xxx/CVE-2019-16254.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16254", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16254", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF." + "lang":"eng", + "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/331984", - "refsource": "MISC", - "name": "https://hackerone.com/reports/331984" + "url":"https://hackerone.com/reports/331984", + "refsource":"MISC", + "name":"https://hackerone.com/reports/331984" }, { - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MISC", + "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" }, { - "refsource": "DEBIAN", - "name": "DSA-4586", - "url": "https://www.debian.org/security/2019/dsa-4586" + "refsource":"DEBIAN", + "name":"DSA-4586", + "url":"https://www.debian.org/security/2019/dsa-4586" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json index 561883940bce..d168a35bbf3d 100644 --- a/2019/16xxx/CVE-2019-16255.json +++ b/2019/16xxx/CVE-2019-16255.json @@ -1,106 +1,110 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16255", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16255", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method." + "lang":"eng", + "value":"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://hackerone.com/reports/327512", - "refsource": "MISC", - "name": "https://hackerone.com/reports/327512" + "url":"https://hackerone.com/reports/327512", + "refsource":"MISC", + "name":"https://hackerone.com/reports/327512" }, { - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", - "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + "refsource":"MISC", + "name":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", - "url": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" + "refsource":"CONFIRM", + "name":"https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", + "url":"https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/31" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/31" }, { - "refsource": "BUGTRAQ", - "name": "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", - "url": "https://seclists.org/bugtraq/2019/Dec/32" + "refsource":"BUGTRAQ", + "name":"20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", + "url":"https://seclists.org/bugtraq/2019/Dec/32" }, { - "refsource": "DEBIAN", - "name": "DSA-4587", - "url": "https://www.debian.org/security/2019/dsa-4587" + "refsource":"DEBIAN", + "name":"DSA-4587", + "url":"https://www.debian.org/security/2019/dsa-4587" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index 377f7d266776..a77d1546052f 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -1,151 +1,155 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16335", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16335", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/issues/2449", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2449" + "url":"https://github.com/FasterXML/jackson-databind/issues/2449", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2449" }, { - "refsource": "MLIST", - "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", - "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" + "refsource":"MLIST", + "name":"[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues", + "url":"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", - "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version", + "url":"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", - "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" + "refsource":"MLIST", + "name":"[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url":"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0002/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0002/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0002/" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "MLIST", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", - "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + "refsource":"MLIST", + "name":"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", + "url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index 9c6cbe414b6b..63ada53ca89a 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -1,90 +1,94 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16775", - "STATE": "PUBLIC", - "TITLE": "Unauthorized File Access in npm CLI before before version 6.13.3" + "CVE_data_meta":{ + "ASSIGNER":"security-advisories@github.com", + "ID":"CVE-2019-16775", + "STATE":"PUBLIC", + "TITLE":"Unauthorized File Access in npm CLI before before version 6.13.3" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "cli", - "version": { - "version_data": [ + "product_name":"cli", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "< 6.13.3", - "version_value": "6.13.3" + "version_affected":"<", + "version_name":"< 6.13.3", + "version_value":"6.13.3" } ] } } ] }, - "vendor_name": "npm" + "vendor_name":"npm" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang":"eng", + "value":"Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version": "3.1" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":7.7, + "baseSeverity":"HIGH", + "confidentialityImpact":"HIGH", + "integrityImpact":"HIGH", + "privilegesRequired":"LOW", + "scope":"CHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version":"3.1" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "lang":"eng", + "value":"CWE-61: UNIX Symbolic Link (Symlink) Following" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx", - "refsource": "CONFIRM", - "url": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx" + "name":"https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx", + "refsource":"CONFIRM", + "url":"https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx" }, { - "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource": "MISC", - "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource":"MISC", + "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "GHSA-m6cx-g6qm-p2cx", - "discovery": "UNKNOWN" + "source":{ + "advisory":"GHSA-m6cx-g6qm-p2cx", + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index 7ed553dca88e..627699a9e54d 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -1,90 +1,94 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16776", - "STATE": "PUBLIC", - "TITLE": "Unauthorized File Access in npm CLI before before version 6.13.3" + "CVE_data_meta":{ + "ASSIGNER":"security-advisories@github.com", + "ID":"CVE-2019-16776", + "STATE":"PUBLIC", + "TITLE":"Unauthorized File Access in npm CLI before before version 6.13.3" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "cli", - "version": { - "version_data": [ + "product_name":"cli", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "< 6.13.3", - "version_value": "6.13.3" + "version_affected":"<", + "version_name":"< 6.13.3", + "version_value":"6.13.3" } ] } } ] }, - "vendor_name": "npm" + "vendor_name":"npm" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang":"eng", + "value":"Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version": "3.1" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":7.7, + "baseSeverity":"HIGH", + "confidentialityImpact":"HIGH", + "integrityImpact":"HIGH", + "privilegesRequired":"LOW", + "scope":"CHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version":"3.1" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "lang":"eng", + "value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource": "MISC", - "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource":"MISC", + "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { - "name": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", - "refsource": "CONFIRM", - "url": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" + "name":"https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", + "refsource":"CONFIRM", + "url":"https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "GHSA-x8qc-rrcw-4r46", - "discovery": "UNKNOWN" + "source":{ + "advisory":"GHSA-x8qc-rrcw-4r46", + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index 22c6e7052974..e69fbe83afa3 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -1,90 +1,94 @@ + { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16777", - "STATE": "PUBLIC", - "TITLE": "Arbitrary File Overwrite in npm CLI" + "CVE_data_meta":{ + "ASSIGNER":"security-advisories@github.com", + "ID":"CVE-2019-16777", + "STATE":"PUBLIC", + "TITLE":"Arbitrary File Overwrite in npm CLI" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "cli", - "version": { - "version_data": [ + "product_name":"cli", + "version":{ + "version_data":[ { - "version_affected": "<", - "version_name": "< 6.13.4", - "version_value": "6.13.4" + "version_affected":"<", + "version_name":"< 6.13.4", + "version_value":"6.13.4" } ] } } ] }, - "vendor_name": "npm" + "vendor_name":"npm" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "lang":"eng", + "value":"Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", - "version": "3.1" + "impact":{ + "cvss":{ + "attackComplexity":"HIGH", + "attackVector":"NETWORK", + "availabilityImpact":"NONE", + "baseScore":7.7, + "baseSeverity":"HIGH", + "confidentialityImpact":"HIGH", + "integrityImpact":"HIGH", + "privilegesRequired":"LOW", + "scope":"CHANGED", + "userInteraction":"REQUIRED", + "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version":"3.1" } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "lang":"eng", + "value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", - "refsource": "MISC", - "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + "name":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "refsource":"MISC", + "url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" }, { - "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", - "refsource": "CONFIRM", - "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" + "name":"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", + "refsource":"CONFIRM", + "url":"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "source": { - "advisory": "GHSA-4328-8hgf-7wjr", - "discovery": "UNKNOWN" + "source":{ + "advisory":"GHSA-4328-8hgf-7wjr", + "discovery":"UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index e7ee1f243d7a..6af8876352ec 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -1,136 +1,140 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16942", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16942", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2478", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2478" + "url":"https://github.com/FasterXML/jackson-databind/issues/2478", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2478" }, { - "refsource": "MISC", - "name": "https://issues.apache.org/jira/browse/GEODE-7255", - "url": "https://issues.apache.org/jira/browse/GEODE-7255" + "refsource":"MISC", + "name":"https://issues.apache.org/jira/browse/GEODE-7255", + "url":"https://issues.apache.org/jira/browse/GEODE-7255" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "MLIST", - "name": "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", - "url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", + "url":"https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", - "url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942", + "url":"https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3901", - "url": "https://access.redhat.com/errata/RHSA-2019:3901" + "refsource":"REDHAT", + "name":"RHSA-2019:3901", + "url":"https://access.redhat.com/errata/RHSA-2019:3901" }, { - "refsource": "MLIST", - "name": "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942", - "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" + "refsource":"MLIST", + "name":"[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942", + "url":"https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 19e5773e6808..66bfc4b3ca0d 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -1,121 +1,125 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-16943", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-16943", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ + { + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + }, { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://github.com/FasterXML/jackson-databind/issues/2478", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2478" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2478", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2478" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" + "refsource":"DEBIAN", + "name":"DSA-4542", + "url":"https://www.debian.org/security/2019/dsa-4542" }, { - "refsource": "DEBIAN", - "name": "DSA-4542", - "url": "https://www.debian.org/security/2019/dsa-4542" + "refsource":"BUGTRAQ", + "name":"20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", + "url":"https://seclists.org/bugtraq/2019/Oct/6" }, { - "refsource": "BUGTRAQ", - "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update", - "url": "https://seclists.org/bugtraq/2019/Oct/6" + "refsource":"FEDORA", + "name":"FEDORA-2019-b171554877", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b171554877", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf87377f5f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf87377f5f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + "refsource":"MLIST", + "name":"[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url":"https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", - "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" + "refsource":"MLIST", + "name":"[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", + "url":"https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", - "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17091.json b/2019/17xxx/CVE-2019-17091.json index 2665943ecc7c..987f2c94f588 100644 --- a/2019/17xxx/CVE-2019-17091.json +++ b/2019/17xxx/CVE-2019-17091.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17091", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17091", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled." + "lang":"eng", + "value":"faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244", - "refsource": "MISC", - "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244" + "url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244", + "refsource":"MISC", + "name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/pull/4567" + "url":"https://github.com/eclipse-ee4j/mojarra/pull/4567", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/pull/4567" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/issues/4556" + "url":"https://github.com/eclipse-ee4j/mojarra/issues/4556", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/issues/4556" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt" + "url":"https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE" + "url":"https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee" + "url":"https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee" }, { - "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f", - "refsource": "MISC", - "name": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f" + "url":"https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f", + "refsource":"MISC", + "name":"https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f" }, { - "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20", - "refsource": "MISC", - "name": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20" + "url":"https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20", + "refsource":"MISC", + "name":"https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20" }, { - "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe", - "refsource": "MISC", - "name": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe" + "url":"https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe", + "refsource":"MISC", + "name":"https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe" }, { - "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4", - "refsource": "MISC", - "name": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4" + "url":"https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4", + "refsource":"MISC", + "name":"https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index 3193bde5b3f2..1ad9952c828e 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -1,96 +1,100 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17267", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17267", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://github.com/FasterXML/jackson-databind/issues/2460", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2460" + "url":"https://github.com/FasterXML/jackson-databind/issues/2460", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2460" }, { - "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10" + "url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191017-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191017-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191017-0006/" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", - "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", + "url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", - "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + "refsource":"MLIST", + "name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3200", - "url": "https://access.redhat.com/errata/RHSA-2019:3200" + "refsource":"REDHAT", + "name":"RHSA-2019:3200", + "url":"https://access.redhat.com/errata/RHSA-2019:3200" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17359.json b/2019/17xxx/CVE-2019-17359.json index 0f1cf94ded0b..7333c3d72f36 100644 --- a/2019/17xxx/CVE-2019-17359.json +++ b/2019/17xxx/CVE-2019-17359.json @@ -1,71 +1,75 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17359", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17359", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64." + "lang":"eng", + "value":"The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.bouncycastle.org/releasenotes.html", - "refsource": "MISC", - "name": "https://www.bouncycastle.org/releasenotes.html" + "url":"https://www.bouncycastle.org/releasenotes.html", + "refsource":"MISC", + "name":"https://www.bouncycastle.org/releasenotes.html" }, { - "url": "https://www.bouncycastle.org/latest_releases.html", - "refsource": "MISC", - "name": "https://www.bouncycastle.org/latest_releases.html" + "url":"https://www.bouncycastle.org/latest_releases.html", + "refsource":"MISC", + "name":"https://www.bouncycastle.org/latest_releases.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191024-0006/", - "url": "https://security.netapp.com/advisory/ntap-20191024-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191024-0006/", + "url":"https://security.netapp.com/advisory/ntap-20191024-0006/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 537740356366..fdad6e9052a1 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-17531", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-17531", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload." + "lang":"eng", + "value":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource": "MISC", - "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource":"MISC", + "name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2498", - "refsource": "MISC", - "name": "https://github.com/FasterXML/jackson-databind/issues/2498" + "url":"https://github.com/FasterXML/jackson-databind/issues/2498", + "refsource":"MISC", + "name":"https://github.com/FasterXML/jackson-databind/issues/2498" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191024-0005/", - "url": "https://security.netapp.com/advisory/ntap-20191024-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191024-0005/", + "url":"https://security.netapp.com/advisory/ntap-20191024-0005/" }, { - "refsource": "MLIST", - "name": "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1", - "url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E" + "refsource":"MLIST", + "name":"[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1", + "url":"https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:4192", - "url": "https://access.redhat.com/errata/RHSA-2019:4192" + "refsource":"REDHAT", + "name":"RHSA-2019:4192", + "url":"https://access.redhat.com/errata/RHSA-2019:4192" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index fe2e4a136e38..a0e16c19b798 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -1,197 +1,201 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-09-10", - "ID": "CVE-2019-1547", - "STATE": "PUBLIC", - "TITLE": "ECDSA remote timing attack" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-09-10", + "ID":"CVE-2019-1547", + "STATE":"PUBLIC", + "TITLE":"ECDSA remote timing attack" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" + "lang":"eng", + "value":"Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Timing side channel" + "lang":"eng", + "value":"Timing side channel" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190910.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190910.txt" + "name":"https://www.openssl.org/news/secadv/20190910.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190910.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46" }, { - "refsource": "MISC", - "name": "https://arxiv.org/abs/1909.01785", - "url": "https://arxiv.org/abs/1909.01785" + "refsource":"MISC", + "name":"https://arxiv.org/abs/1909.01785", + "url":"https://arxiv.org/abs/1909.01785" }, { - "refsource": "BUGTRAQ", - "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)", - "url": "https://seclists.org/bugtraq/2019/Sep/25" + "refsource":"BUGTRAQ", + "name":"20190912 [slackware-security] openssl (SSA:2019-254-03)", + "url":"https://seclists.org/bugtraq/2019/Sep/25" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "url":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2158", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2158", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d15aac6c4e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d15aac6c4e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2189", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2189", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d51641f152", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d51641f152", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url": "https://seclists.org/bugtraq/2019/Oct/1" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url":"https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", - "url": "https://seclists.org/bugtraq/2019/Oct/0" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", + "url":"https://seclists.org/bugtraq/2019/Oct/0" }, { - "refsource": "DEBIAN", - "name": "DSA-4539", - "url": "https://www.debian.org/security/2019/dsa-4539" + "refsource":"DEBIAN", + "name":"DSA-4539", + "url":"https://www.debian.org/security/2019/dsa-4539" }, { - "refsource": "DEBIAN", - "name": "DSA-4540", - "url": "https://www.debian.org/security/2019/dsa-4540" + "refsource":"DEBIAN", + "name":"DSA-4540", + "url":"https://www.debian.org/security/2019/dsa-4540" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2268", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2268", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2269", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2269", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "GENTOO", - "name": "GLSA-201911-04", - "url": "https://security.gentoo.org/glsa/201911-04" + "refsource":"GENTOO", + "name":"GLSA-201911-04", + "url":"https://security.gentoo.org/glsa/201911-04" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1549.json b/2019/1xxx/CVE-2019-1549.json index fb959235816d..cc04908f3352 100644 --- a/2019/1xxx/CVE-2019-1549.json +++ b/2019/1xxx/CVE-2019-1549.json @@ -1,121 +1,125 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-09-10", - "ID": "CVE-2019-1549", - "STATE": "PUBLIC", - "TITLE": "Fork Protection" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-09-10", + "ID":"CVE-2019-1549", + "STATE":"PUBLIC", + "TITLE":"Fork Protection" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Matt Caswell" + "lang":"eng", + "value":"Matt Caswell" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)." + "lang":"eng", + "value":"OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Random Number Generation" + "lang":"eng", + "value":"Random Number Generation" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190910.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190910.txt" + "name":"https://www.openssl.org/news/secadv/20190910.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190910.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K44070243", - "url": "https://support.f5.com/csp/article/K44070243" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K44070243", + "url":"https://support.f5.com/csp/article/K44070243" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d15aac6c4e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d15aac6c4e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d51641f152", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d51641f152", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url": "https://seclists.org/bugtraq/2019/Oct/1" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url":"https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource": "DEBIAN", - "name": "DSA-4539", - "url": "https://www.debian.org/security/2019/dsa-4539" + "refsource":"DEBIAN", + "name":"DSA-4539", + "url":"https://www.debian.org/security/2019/dsa-4539" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1552.json b/2019/1xxx/CVE-2019-1552.json index 94fdb4edf41c..1134643284e1 100644 --- a/2019/1xxx/CVE-2019-1552.json +++ b/2019/1xxx/CVE-2019-1552.json @@ -1,147 +1,151 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-07-30", - "ID": "CVE-2019-1552", - "STATE": "PUBLIC", - "TITLE": "Windows builds with insecure path defaults" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-07-30", + "ID":"CVE-2019-1552", + "STATE":"PUBLIC", + "TITLE":"Windows builds with insecure path defaults" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Rich Mirch" + "lang":"eng", + "value":"Rich Mirch" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Insecure defaults" + "lang":"eng", + "value":"Insecure defaults" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190730.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190730.txt" + "name":"https://www.openssl.org/news/secadv/20190730.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190730.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190823-0006/", - "url": "https://security.netapp.com/advisory/ntap-20190823-0006/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190823-0006/", + "url":"https://security.netapp.com/advisory/ntap-20190823-0006/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-db06efdea1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-db06efdea1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-00c25b9379", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-00c25b9379", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9a0a7c0986", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9a0a7c0986", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K94041354", - "url": "https://support.f5.com/csp/article/K94041354" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K94041354", + "url":"https://support.f5.com/csp/article/K94041354" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-08", - "url": "https://www.tenable.com/security/tns-2019-08" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-08", + "url":"https://www.tenable.com/security/tns-2019-08" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index de9e558738bd..582aff8b302a 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -1,236 +1,240 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-02-26", - "ID": "CVE-2019-1559", - "STATE": "PUBLIC", - "TITLE": "0-byte record padding oracle" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-02-26", + "ID":"CVE-2019-1559", + "STATE":"PUBLIC", + "TITLE":"0-byte record padding oracle" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" + "version_value":"Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" + "lang":"eng", + "value":"Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", - "value": "Moderate" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Moderate", + "value":"Moderate" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Padding Oracle" + "lang":"eng", + "value":"Padding Oracle" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://security.netapp.com/advisory/ntap-20190301-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" + "name":"https://security.netapp.com/advisory/ntap-20190301-0001/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190301-0001/" }, { - "name": "https://security.netapp.com/advisory/ntap-20190301-0002/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" + "name":"https://security.netapp.com/advisory/ntap-20190301-0002/", + "refsource":"CONFIRM", + "url":"https://security.netapp.com/advisory/ntap-20190301-0002/" }, { - "name": "107174", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/107174" + "name":"107174", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/107174" }, { - "name": "GLSA-201903-10", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201903-10" + "name":"GLSA-201903-10", + "refsource":"GENTOO", + "url":"https://security.gentoo.org/glsa/201903-10" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { - "name": "USN-3899-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3899-1/" + "name":"USN-3899-1", + "refsource":"UBUNTU", + "url":"https://usn.ubuntu.com/3899-1/" }, { - "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" + "name":"[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", + "refsource":"MLIST", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { - "name": "https://www.openssl.org/news/secadv/20190226.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190226.txt" + "name":"https://www.openssl.org/news/secadv/20190226.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190226.txt" }, { - "name": "DSA-4400", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2019/dsa-4400" + "name":"DSA-4400", + "refsource":"DEBIAN", + "url":"https://www.debian.org/security/2019/dsa-4400" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K18549143", - "url": "https://support.f5.com/csp/article/K18549143" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K18549143", + "url":"https://support.f5.com/csp/article/K18549143" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-02", - "url": "https://www.tenable.com/security/tns-2019-02" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-02", + "url":"https://www.tenable.com/security/tns-2019-02" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1076", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1076", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1105", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1105", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1173", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1173", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1175", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1175", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190423-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190423-0002/" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-03", - "url": "https://www.tenable.com/security/tns-2019-03" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-03", + "url":"https://www.tenable.com/security/tns-2019-03" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282" + "refsource":"CONFIRM", + "name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10282", + "url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10282" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1432", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1432", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1637", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1637", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2304", - "url": "https://access.redhat.com/errata/RHSA-2019:2304" + "refsource":"REDHAT", + "name":"RHSA-2019:2304", + "url":"https://access.redhat.com/errata/RHSA-2019:2304" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2439", - "url": "https://access.redhat.com/errata/RHSA-2019:2439" + "refsource":"REDHAT", + "name":"RHSA-2019:2439", + "url":"https://access.redhat.com/errata/RHSA-2019:2439" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2437", - "url": "https://access.redhat.com/errata/RHSA-2019:2437" + "refsource":"REDHAT", + "name":"RHSA-2019:2437", + "url":"https://access.redhat.com/errata/RHSA-2019:2437" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2471", - "url": "https://access.redhat.com/errata/RHSA-2019:2471" + "refsource":"REDHAT", + "name":"RHSA-2019:2471", + "url":"https://access.redhat.com/errata/RHSA-2019:2471" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-db06efdea1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-db06efdea1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-00c25b9379", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-00c25b9379", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9a0a7c0986", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9a0a7c0986", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3929", - "url": "https://access.redhat.com/errata/RHSA-2019:3929" + "refsource":"REDHAT", + "name":"RHSA-2019:3929", + "url":"https://access.redhat.com/errata/RHSA-2019:3929" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3931", - "url": "https://access.redhat.com/errata/RHSA-2019:3931" + "refsource":"REDHAT", + "name":"RHSA-2019:3931", + "url":"https://access.redhat.com/errata/RHSA-2019:3931" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1563.json b/2019/1xxx/CVE-2019-1563.json index 44456564cf5c..97e85db00b90 100644 --- a/2019/1xxx/CVE-2019-1563.json +++ b/2019/1xxx/CVE-2019-1563.json @@ -1,187 +1,191 @@ + { - "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-09-10", - "ID": "CVE-2019-1563", - "STATE": "PUBLIC", - "TITLE": "Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey" + "CVE_data_meta":{ + "ASSIGNER":"openssl-security@openssl.org", + "DATE_PUBLIC":"2019-09-10", + "ID":"CVE-2019-1563", + "STATE":"PUBLIC", + "TITLE":"Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "OpenSSL", - "version": { - "version_data": [ + "product_name":"OpenSSL", + "version":{ + "version_data":[ { - "version_value": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" + "version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)" }, { - "version_value": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" + "version_value":"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)" }, { - "version_value": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" + "version_value":"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)" } ] } } ] }, - "vendor_name": "OpenSSL" + "vendor_name":"OpenSSL" } ] } }, - "credit": [ + "credit":[ { - "lang": "eng", - "value": "Bernd Edlinger" + "lang":"eng", + "value":"Bernd Edlinger" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)." } ] }, - "impact": [ + "impact":[ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", - "value": "Low" + "lang":"eng", + "url":"https://www.openssl.org/policies/secpolicy.html#Low", + "value":"Low" } ], - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Padding Oracle" + "lang":"eng", + "value":"Padding Oracle" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://www.openssl.org/news/secadv/20190910.txt", - "refsource": "CONFIRM", - "url": "https://www.openssl.org/news/secadv/20190910.txt" + "name":"https://www.openssl.org/news/secadv/20190910.txt", + "refsource":"CONFIRM", + "url":"https://www.openssl.org/news/secadv/20190910.txt" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97" }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "refsource": "CONFIRM", - "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f" + "name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", + "refsource":"CONFIRM", + "url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f" }, { - "refsource": "BUGTRAQ", - "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)", - "url": "https://seclists.org/bugtraq/2019/Sep/25" + "refsource":"BUGTRAQ", + "name":"20190912 [slackware-security] openssl (SSA:2019-254-03)", + "url":"https://seclists.org/bugtraq/2019/Sep/25" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", + "url":"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190919-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190919-0002/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2158", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2158", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d15aac6c4e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d15aac6c4e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2189", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2189", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d51641f152", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d51641f152", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", - "url": "https://seclists.org/bugtraq/2019/Oct/1" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4539-1] openssl security update", + "url":"https://seclists.org/bugtraq/2019/Oct/1" }, { - "refsource": "BUGTRAQ", - "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", - "url": "https://seclists.org/bugtraq/2019/Oct/0" + "refsource":"BUGTRAQ", + "name":"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", + "url":"https://seclists.org/bugtraq/2019/Oct/0" }, { - "refsource": "DEBIAN", - "name": "DSA-4539", - "url": "https://www.debian.org/security/2019/dsa-4539" + "refsource":"DEBIAN", + "name":"DSA-4539", + "url":"https://www.debian.org/security/2019/dsa-4539" }, { - "refsource": "DEBIAN", - "name": "DSA-4540", - "url": "https://www.debian.org/security/2019/dsa-4540" + "refsource":"DEBIAN", + "name":"DSA-4540", + "url":"https://www.debian.org/security/2019/dsa-4540" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2268", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2268", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2269", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2269", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS", - "url": "https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS" + "refsource":"CONFIRM", + "name":"https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS", + "url":"https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "GENTOO", - "name": "GLSA-201911-04", - "url": "https://security.gentoo.org/glsa/201911-04" + "refsource":"GENTOO", + "name":"GLSA-201911-04", + "url":"https://security.gentoo.org/glsa/201911-04" }, { - "refsource": "CONFIRM", - "name": "https://www.tenable.com/security/tns-2019-09", - "url": "https://www.tenable.com/security/tns-2019-09" + "refsource":"CONFIRM", + "name":"https://www.tenable.com/security/tns-2019-09", + "url":"https://www.tenable.com/security/tns-2019-09" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 819348bba61a..9f973ea89b9a 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,75 +1,79 @@ + { - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2019-2904", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"secalert_us@oracle.com", + "ID":"CVE-2019-2904", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "JDeveloper", - "version": { - "version_data": [ + "product_name":"JDeveloper", + "version":{ + "version_data":[ { - "version_value": "11.1.1.9.0", - "version_affected": "=" + "version_value":"11.1.1.9.0", + "version_affected":"=" }, { - "version_value": "12.1.3.0.0", - "version_affected": "=" + "version_value":"12.1.3.0.0", + "version_affected":"=" }, { - "version_value": "12.2.1.3.0", - "version_affected": "=" + "version_value":"12.2.1.3.0", + "version_affected":"=" } ] } } ] }, - "vendor_name": "Oracle Corporation" + "vendor_name":"Oracle Corporation" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "lang":"eng", + "value":"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + "lang":"eng", + "value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + "refsource":"MISC", + "name":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", + "url":"https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index 81363e7600bd..c7dbf74ad865 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-3862", - "ASSIGNER": "secalert@redhat.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-3862", + "ASSIGNER":"secalert@redhat.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "The libssh2 Project", - "product": { - "product_data": [ + "vendor_name":"The libssh2 Project", + "product":{ + "product_data":[ { - "product_name": "libssh2", - "version": { - "version_data": [ + "product_name":"libssh2", + "version":{ + "version_data":[ { - "version_value": "1.8.1" + "version_value":"1.8.1" } ] } @@ -30,121 +31,124 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-130" + "lang":"eng", + "value":"CWE-130" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MLIST", - "name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2", - "url": "http://www.openwall.com/lists/oss-security/2019/03/18/3" + "refsource":"MLIST", + "name":"[oss-security] 20190318 [SECURITY ADVISORIES] libssh2", + "url":"http://www.openwall.com/lists/oss-security/2019/03/18/3" }, { - "refsource": "BUGTRAQ", - "name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)", - "url": "https://seclists.org/bugtraq/2019/Mar/25" + "refsource":"BUGTRAQ", + "name":"20190319 [slackware-security] libssh2 (SSA:2019-077-01)", + "url":"https://seclists.org/bugtraq/2019/Mar/25" }, { - "url": "https://www.libssh2.org/CVE-2019-3862.html", - "refsource": "MISC", - "name": "https://www.libssh2.org/CVE-2019-3862.html" + "url":"https://www.libssh2.org/CVE-2019-3862.html", + "refsource":"MISC", + "name":"https://www.libssh2.org/CVE-2019-3862.html" }, { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "refsource": "CONFIRM" + "url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "refsource":"CONFIRM" }, { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html" + "refsource":"MISC", + "name":"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "url":"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html" }, { - "refsource": "BID", - "name": "107485", - "url": "http://www.securityfocus.com/bid/107485" + "refsource":"BID", + "name":"107485", + "url":"http://www.securityfocus.com/bid/107485" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f31c14682f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f31c14682f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" }, { - "refsource": "CONFIRM", - "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" + "refsource":"CONFIRM", + "name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", - "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190327-0005/", + "url":"https://security.netapp.com/advisory/ntap-20190327-0005/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1075", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1075", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1109", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1109", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-3348cb4934", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/" + "refsource":"FEDORA", + "name":"FEDORA-2019-3348cb4934", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/" }, { - "refsource": "DEBIAN", - "name": "DSA-4431", - "url": "https://www.debian.org/security/2019/dsa-4431" + "refsource":"DEBIAN", + "name":"DSA-4431", + "url":"https://www.debian.org/security/2019/dsa-4431" }, { - "refsource": "BUGTRAQ", - "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update", - "url": "https://seclists.org/bugtraq/2019/Apr/25" + "refsource":"BUGTRAQ", + "name":"20190415 [SECURITY] [DSA 4431-1] libssh2 security update", + "url":"https://seclists.org/bugtraq/2019/Apr/25" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1884", - "url": "https://access.redhat.com/errata/RHSA-2019:1884" + "refsource":"REDHAT", + "name":"RHSA-2019:1884", + "url":"https://access.redhat.com/errata/RHSA-2019:1884" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." + "lang":"eng", + "value":"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." } ] }, - "impact": { - "cvss": [ + "impact":{ + "cvss":[ [ { - "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" + "vectorString":"7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version":"3.0" } ] ] diff --git a/2019/5xxx/CVE-2019-5481.json b/2019/5xxx/CVE-2019-5481.json index 3776b537386b..71914cfe4e16 100644 --- a/2019/5xxx/CVE-2019-5481.json +++ b/2019/5xxx/CVE-2019-5481.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-5481", - "ASSIGNER": "support@hackerone.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-5481", + "ASSIGNER":"support@hackerone.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "curl", - "version": { - "version_data": [ + "product_name":"curl", + "version":{ + "version_data":[ { - "version_value": "7.52.0 to 7.65.3" + "version_value":"7.52.0 to 7.65.3" } ] } @@ -30,62 +31,65 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Double Free (CWE-415)" + "lang":"eng", + "value":"Double Free (CWE-415)" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://curl.haxx.se/docs/CVE-2019-5481.html", - "url": "https://curl.haxx.se/docs/CVE-2019-5481.html" + "refsource":"CONFIRM", + "name":"https://curl.haxx.se/docs/CVE-2019-5481.html", + "url":"https://curl.haxx.se/docs/CVE-2019-5481.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2149", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2149", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9e6357d82f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9e6357d82f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6d7f6fa2c8", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6d7f6fa2c8", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2169", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2169", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f2a520135e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f2a520135e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0003/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0003/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3." + "lang":"eng", + "value":"Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3." } ] } diff --git a/2019/5xxx/CVE-2019-5482.json b/2019/5xxx/CVE-2019-5482.json index aff1b72d2b68..2a7ed5b7e213 100644 --- a/2019/5xxx/CVE-2019-5482.json +++ b/2019/5xxx/CVE-2019-5482.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-5482", - "ASSIGNER": "support@hackerone.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-5482", + "ASSIGNER":"support@hackerone.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "curl", - "version": { - "version_data": [ + "product_name":"curl", + "version":{ + "version_data":[ { - "version_value": "7.19.4 to 7.65.3" + "version_value":"7.19.4 to 7.65.3" } ] } @@ -30,62 +31,65 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "Heap Overflow (CWE-122)" + "lang":"eng", + "value":"Heap Overflow (CWE-122)" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "CONFIRM", - "name": "https://curl.haxx.se/docs/CVE-2019-5482.html", - "url": "https://curl.haxx.se/docs/CVE-2019-5482.html" + "refsource":"CONFIRM", + "name":"https://curl.haxx.se/docs/CVE-2019-5482.html", + "url":"https://curl.haxx.se/docs/CVE-2019-5482.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2149", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2149", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9e6357d82f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9e6357d82f", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6d7f6fa2c8", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6d7f6fa2c8", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:2169", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:2169", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-f2a520135e", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" + "refsource":"FEDORA", + "name":"FEDORA-2019-f2a520135e", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", - "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20191004-0003/", + "url":"https://security.netapp.com/advisory/ntap-20191004-0003/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." + "lang":"eng", + "value":"Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." } ] } diff --git a/2019/5xxx/CVE-2019-5718.json b/2019/5xxx/CVE-2019-5718.json index d5ba943ea30d..d7ae996b2a0e 100644 --- a/2019/5xxx/CVE-2019-5718.json +++ b/2019/5xxx/CVE-2019-5718.json @@ -1,86 +1,90 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5718", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-5718", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." + "lang":"eng", + "value":"In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", - "refsource": "MISC", - "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" + "name":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", + "refsource":"MISC", + "url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" }, { - "name": "106482", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106482" + "name":"106482", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/106482" }, { - "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", - "refsource": "MISC", - "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" + "name":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", + "refsource":"MISC", + "url":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" }, { - "name": "https://www.wireshark.org/security/wnpa-sec-2019-03.html", - "refsource": "MISC", - "url": "https://www.wireshark.org/security/wnpa-sec-2019-03.html" + "name":"https://www.wireshark.org/security/wnpa-sec-2019-03.html", + "refsource":"MISC", + "url":"https://www.wireshark.org/security/wnpa-sec-2019-03.html" }, { - "refsource": "DEBIAN", - "name": "DSA-4416", - "url": "https://www.debian.org/security/2019/dsa-4416" + "refsource":"DEBIAN", + "name":"DSA-4416", + "url":"https://www.debian.org/security/2019/dsa-4416" }, { - "refsource": "BUGTRAQ", - "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", - "url": "https://seclists.org/bugtraq/2019/Mar/35" + "refsource":"BUGTRAQ", + "name":"20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url":"https://seclists.org/bugtraq/2019/Mar/35" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/8xxx/CVE-2019-8457.json b/2019/8xxx/CVE-2019-8457.json index 27b0811d66ab..d30ef48b5a55 100644 --- a/2019/8xxx/CVE-2019-8457.json +++ b/2019/8xxx/CVE-2019-8457.json @@ -1,25 +1,26 @@ + { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-8457", - "ASSIGNER": "cve@checkpoint.com", - "STATE": "PUBLIC" + "data_type":"CVE", + "data_format":"MITRE", + "data_version":"4.0", + "CVE_data_meta":{ + "ID":"CVE-2019-8457", + "ASSIGNER":"cve@checkpoint.com", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "vendor_name": "n/a", - "product": { - "product_data": [ + "vendor_name":"n/a", + "product":{ + "product_data":[ { - "product_name": "SQLite", - "version": { - "version_data": [ + "product_name":"SQLite", + "version":{ + "version_data":[ { - "version_value": "From 3.6.0 to 3.27.2 including" + "version_value":"From 3.6.0 to 3.27.2 including" } ] } @@ -30,82 +31,85 @@ ] } }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" + "lang":"eng", + "value":"CWE-125: Out-of-bounds Read" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "refsource": "MISC", - "name": "https://www.sqlite.org/src/info/90acdbfce9c08858", - "url": "https://www.sqlite.org/src/info/90acdbfce9c08858" + "refsource":"MISC", + "name":"https://www.sqlite.org/src/info/90acdbfce9c08858", + "url":"https://www.sqlite.org/src/info/90acdbfce9c08858" }, { - "refsource": "MISC", - "name": "https://www.sqlite.org/releaselog/3_28_0.html", - "url": "https://www.sqlite.org/releaselog/3_28_0.html" + "refsource":"MISC", + "name":"https://www.sqlite.org/releaselog/3_28_0.html", + "url":"https://www.sqlite.org/releaselog/3_28_0.html" }, { - "refsource": "UBUNTU", - "name": "USN-4004-1", - "url": "https://usn.ubuntu.com/4004-1/" + "refsource":"UBUNTU", + "name":"USN-4004-1", + "url":"https://usn.ubuntu.com/4004-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4004-2", - "url": "https://usn.ubuntu.com/4004-2/" + "refsource":"UBUNTU", + "name":"USN-4004-2", + "url":"https://usn.ubuntu.com/4004-2/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190606-0002/", - "url": "https://security.netapp.com/advisory/ntap-20190606-0002/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190606-0002/", + "url":"https://security.netapp.com/advisory/ntap-20190606-0002/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-1", - "url": "https://usn.ubuntu.com/4019-1/" + "refsource":"UBUNTU", + "name":"USN-4019-1", + "url":"https://usn.ubuntu.com/4019-1/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-2", - "url": "https://usn.ubuntu.com/4019-2/" + "refsource":"UBUNTU", + "name":"USN-4019-2", + "url":"https://usn.ubuntu.com/4019-2/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1645", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1645", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-02b81266b7", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/" + "refsource":"FEDORA", + "name":"FEDORA-2019-02b81266b7", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-3377813d18", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/" + "refsource":"FEDORA", + "name":"FEDORA-2019-3377813d18", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, - "description": { - "description_data": [ + "description":{ + "description_data":[ { - "lang": "eng", - "value": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables." + "lang":"eng", + "value":"SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables." } ] } diff --git a/2019/9xxx/CVE-2019-9208.json b/2019/9xxx/CVE-2019-9208.json index 55e7300edcb4..8cd2cdd79eb6 100644 --- a/2019/9xxx/CVE-2019-9208.json +++ b/2019/9xxx/CVE-2019-9208.json @@ -1,101 +1,105 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9208", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9208", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." + "lang":"eng", + "value":"In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "107203", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/107203" + "name":"107203", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/107203" }, { - "name": "https://www.wireshark.org/security/wnpa-sec-2019-07.html", - "refsource": "MISC", - "url": "https://www.wireshark.org/security/wnpa-sec-2019-07.html" + "name":"https://www.wireshark.org/security/wnpa-sec-2019-07.html", + "refsource":"MISC", + "url":"https://www.wireshark.org/security/wnpa-sec-2019-07.html" }, { - "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", - "refsource": "MISC", - "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" + "name":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", + "refsource":"MISC", + "url":"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" }, { - "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", - "refsource": "MISC", - "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" + "name":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", + "refsource":"MISC", + "url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" }, { - "refsource": "DEBIAN", - "name": "DSA-4416", - "url": "https://www.debian.org/security/2019/dsa-4416" + "refsource":"DEBIAN", + "name":"DSA-4416", + "url":"https://www.debian.org/security/2019/dsa-4416" }, { - "refsource": "BUGTRAQ", - "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", - "url": "https://seclists.org/bugtraq/2019/Mar/35" + "refsource":"BUGTRAQ", + "name":"20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url":"https://seclists.org/bugtraq/2019/Mar/35" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1108", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1108", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1390", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1390", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html" }, { - "refsource": "UBUNTU", - "name": "USN-3986-1", - "url": "https://usn.ubuntu.com/3986-1/" + "refsource":"UBUNTU", + "name":"USN-3986-1", + "url":"https://usn.ubuntu.com/3986-1/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index ab524500cace..6244c716c7ae 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -1,286 +1,290 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9636", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9636", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly." + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ + { + "lang":"eng", + "value":"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "name": "https://github.com/python/cpython/pull/12201", - "refsource": "MISC", - "url": "https://github.com/python/cpython/pull/12201" + "name":"https://github.com/python/cpython/pull/12201", + "refsource":"MISC", + "url":"https://github.com/python/cpython/pull/12201" }, { - "name": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "refsource": "MISC", - "url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" + "name":"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "refsource":"MISC", + "url":"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" }, { - "name": "107400", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/107400" + "name":"107400", + "refsource":"BID", + "url":"http://www.securityfocus.com/bid/107400" }, { - "name": "https://bugs.python.org/issue36216", - "refsource": "MISC", - "url": "https://bugs.python.org/issue36216" + "name":"https://bugs.python.org/issue36216", + "refsource":"MISC", + "url":"https://bugs.python.org/issue36216" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-243442e600", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/" + "refsource":"FEDORA", + "name":"FEDORA-2019-243442e600", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6e1938a3c5", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6e1938a3c5", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6baeb15da3", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6baeb15da3", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-cf725dd20b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-cf725dd20b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-6b02154aa0", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/" + "refsource":"FEDORA", + "name":"FEDORA-2019-6b02154aa0", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7d9f3cf3ce", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7d9f3cf3ce", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-51f1e08207", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" + "refsource":"FEDORA", + "name":"FEDORA-2019-51f1e08207", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a122fe704d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a122fe704d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-86f32cbab1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/" + "refsource":"FEDORA", + "name":"FEDORA-2019-86f32cbab1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0710", - "url": "https://access.redhat.com/errata/RHSA-2019:0710" + "refsource":"REDHAT", + "name":"RHSA-2019:0710", + "url":"https://access.redhat.com/errata/RHSA-2019:0710" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0765", - "url": "https://access.redhat.com/errata/RHSA-2019:0765" + "refsource":"REDHAT", + "name":"RHSA-2019:0765", + "url":"https://access.redhat.com/errata/RHSA-2019:0765" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0806", - "url": "https://access.redhat.com/errata/RHSA-2019:0806" + "refsource":"REDHAT", + "name":"RHSA-2019:0806", + "url":"https://access.redhat.com/errata/RHSA-2019:0806" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1273", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1273", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1282", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1282", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0902", - "url": "https://access.redhat.com/errata/RHSA-2019:0902" + "refsource":"REDHAT", + "name":"RHSA-2019:0902", + "url":"https://access.redhat.com/errata/RHSA-2019:0902" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0981", - "url": "https://access.redhat.com/errata/RHSA-2019:0981" + "refsource":"REDHAT", + "name":"RHSA-2019:0981", + "url":"https://access.redhat.com/errata/RHSA-2019:0981" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0997", - "url": "https://access.redhat.com/errata/RHSA-2019:0997" + "refsource":"REDHAT", + "name":"RHSA-2019:0997", + "url":"https://access.redhat.com/errata/RHSA-2019:0997" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" + "refsource":"REDHAT", + "name":"RHBA-2019:0959", + "url":"https://access.redhat.com/errata/RHBA-2019:0959" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1371", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1371", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1ffd6b6064", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/" + "refsource":"FEDORA", + "name":"FEDORA-2019-1ffd6b6064", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190517-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190517-0001/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190517-0001/", + "url":"https://security.netapp.com/advisory/ntap-20190517-0001/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-ec26883852", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/" + "refsource":"FEDORA", + "name":"FEDORA-2019-ec26883852", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:1467", - "url": "https://access.redhat.com/errata/RHSA-2019:1467" + "refsource":"REDHAT", + "name":"RHSA-2019:1467", + "url":"https://access.redhat.com/errata/RHSA-2019:1467" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1580", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1580", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1835-1] python3.4 security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html" + "refsource":"MLIST", + "name":"[debian-lts-announce] 20190625 [SECURITY] [DLA 1835-1] python3.4 security update", + "url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0764", - "url": "https://access.redhat.com/errata/RHBA-2019:0764" + "refsource":"REDHAT", + "name":"RHBA-2019:0764", + "url":"https://access.redhat.com/errata/RHBA-2019:0764" }, { - "refsource": "REDHAT", - "name": "RHBA-2019:0763", - "url": "https://access.redhat.com/errata/RHBA-2019:0763" + "refsource":"REDHAT", + "name":"RHBA-2019:0763", + "url":"https://access.redhat.com/errata/RHBA-2019:0763" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7723d4774a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7723d4774a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-7df59302e0", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/" + "refsource":"FEDORA", + "name":"FEDORA-2019-7df59302e0", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-9bfb4a3e4b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/" + "refsource":"FEDORA", + "name":"FEDORA-2019-9bfb4a3e4b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-60a1defcd1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/" + "refsource":"FEDORA", + "name":"FEDORA-2019-60a1defcd1", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1906", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1906", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html" }, { - "refsource": "UBUNTU", - "name": "USN-4127-2", - "url": "https://usn.ubuntu.com/4127-2/" + "refsource":"UBUNTU", + "name":"USN-4127-2", + "url":"https://usn.ubuntu.com/4127-2/" }, { - "refsource": "UBUNTU", - "name": "USN-4127-1", - "url": "https://usn.ubuntu.com/4127-1/" + "refsource":"UBUNTU", + "name":"USN-4127-1", + "url":"https://usn.ubuntu.com/4127-1/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-5dc275c9f2", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/" + "refsource":"FEDORA", + "name":"FEDORA-2019-5dc275c9f2", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-2b1f72899a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" + "refsource":"FEDORA", + "name":"FEDORA-2019-2b1f72899a", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:2980", - "url": "https://access.redhat.com/errata/RHSA-2019:2980" + "refsource":"REDHAT", + "name":"RHSA-2019:2980", + "url":"https://access.redhat.com/errata/RHSA-2019:2980" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:3170", - "url": "https://access.redhat.com/errata/RHSA-2019:3170" + "refsource":"REDHAT", + "name":"RHSA-2019:3170", + "url":"https://access.redhat.com/errata/RHSA-2019:3170" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-b06ec6159b", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/" + "refsource":"FEDORA", + "name":"FEDORA-2019-b06ec6159b", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-d202cda4f8", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/" + "refsource":"FEDORA", + "name":"FEDORA-2019-d202cda4f8", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-57462fa10d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + "refsource":"FEDORA", + "name":"FEDORA-2019-57462fa10d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9936.json b/2019/9xxx/CVE-2019-9936.json index 5c876dade83e..99529a5878c6 100644 --- a/2019/9xxx/CVE-2019-9936.json +++ b/2019/9xxx/CVE-2019-9936.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9936", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9936", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c." + "lang":"eng", + "value":"In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html" }, { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html" }, { - "url": "https://sqlite.org/src/info/b3fa58dd7403dbd4", - "refsource": "MISC", - "name": "https://sqlite.org/src/info/b3fa58dd7403dbd4" + "url":"https://sqlite.org/src/info/b3fa58dd7403dbd4", + "refsource":"MISC", + "name":"https://sqlite.org/src/info/b3fa58dd7403dbd4" }, { - "refsource": "BID", - "name": "107562", - "url": "http://www.securityfocus.com/bid/107562" + "refsource":"BID", + "name":"107562", + "url":"http://www.securityfocus.com/bid/107562" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190416-0005/", - "url": "https://security.netapp.com/advisory/ntap-20190416-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190416-0005/", + "url":"https://security.netapp.com/advisory/ntap-20190416-0005/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1372", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1372", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-8641591b3c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-8641591b3c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a01751837d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a01751837d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-1", - "url": "https://usn.ubuntu.com/4019-1/" + "refsource":"UBUNTU", + "name":"USN-4019-1", + "url":"https://usn.ubuntu.com/4019-1/" }, { - "refsource": "GENTOO", - "name": "GLSA-201908-09", - "url": "https://security.gentoo.org/glsa/201908-09" + "refsource":"GENTOO", + "name":"GLSA-201908-09", + "url":"https://security.gentoo.org/glsa/201908-09" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9937.json b/2019/9xxx/CVE-2019-9937.json index 002d20d39276..25e97f6b9138 100644 --- a/2019/9xxx/CVE-2019-9937.json +++ b/2019/9xxx/CVE-2019-9937.json @@ -1,111 +1,115 @@ + { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9937", - "STATE": "PUBLIC" + "CVE_data_meta":{ + "ASSIGNER":"cve@mitre.org", + "ID":"CVE-2019-9937", + "STATE":"PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects":{ + "vendor":{ + "vendor_data":[ { - "product": { - "product_data": [ + "product":{ + "product_data":[ { - "product_name": "n/a", - "version": { - "version_data": [ + "product_name":"n/a", + "version":{ + "version_data":[ { - "version_value": "n/a" + "version_value":"n/a" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name":"n/a" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format":"MITRE", + "data_type":"CVE", + "data_version":"4.0", + "description":{ + "description_data":[ { - "lang": "eng", - "value": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c." + "lang":"eng", + "value":"In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype":{ + "problemtype_data":[ { - "description": [ + "description":[ { - "lang": "eng", - "value": "n/a" + "lang":"eng", + "value":"n/a" } ] } ] }, - "references": { - "reference_data": [ + "references":{ + "reference_data":[ { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html" }, { - "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html", - "refsource": "MISC", - "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" + "url":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html", + "refsource":"MISC", + "name":"https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html" }, { - "url": "https://sqlite.org/src/info/45c73deb440496e8", - "refsource": "MISC", - "name": "https://sqlite.org/src/info/45c73deb440496e8" + "url":"https://sqlite.org/src/info/45c73deb440496e8", + "refsource":"MISC", + "name":"https://sqlite.org/src/info/45c73deb440496e8" }, { - "refsource": "BID", - "name": "107562", - "url": "http://www.securityfocus.com/bid/107562" + "refsource":"BID", + "name":"107562", + "url":"http://www.securityfocus.com/bid/107562" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190416-0005/", - "url": "https://security.netapp.com/advisory/ntap-20190416-0005/" + "refsource":"CONFIRM", + "name":"https://security.netapp.com/advisory/ntap-20190416-0005/", + "url":"https://security.netapp.com/advisory/ntap-20190416-0005/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1372", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" + "refsource":"SUSE", + "name":"openSUSE-SU-2019:1372", + "url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-8641591b3c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" + "refsource":"FEDORA", + "name":"FEDORA-2019-8641591b3c", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-a01751837d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" + "refsource":"FEDORA", + "name":"FEDORA-2019-a01751837d", + "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/" }, { - "refsource": "UBUNTU", - "name": "USN-4019-1", - "url": "https://usn.ubuntu.com/4019-1/" + "refsource":"UBUNTU", + "name":"USN-4019-1", + "url":"https://usn.ubuntu.com/4019-1/" }, { - "refsource": "GENTOO", - "name": "GLSA-201908-09", - "url": "https://security.gentoo.org/glsa/201908-09" + "refsource":"GENTOO", + "name":"GLSA-201908-09", + "url":"https://security.gentoo.org/glsa/201908-09" }, { - "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "refsource": "MISC", - "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + "url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "refsource":"MISC", + "name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url":"https://www.oracle.com/security-alerts/cpujan2020.html" } ] }