"-Synchronized-Data."

This commit is contained in:
CVE Team 2019-09-23 15:01:06 +00:00
parent f5a4e9a34b
commit 0138c1b9ce
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 357 additions and 9 deletions

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10087",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache JSPWiki",
"version": {
"version_data": [
{
"version_value": "Apache JSPWiki up to 2.11.0.M4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087",
"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10089",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache JSPWiki",
"version": {
"version_data": [
{
"version_value": "Apache JSPWiki up to 2.11.0.M4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089",
"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12404",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache JSPWiki",
"version": {
"version_data": [
{
"version_value": "Apache JSPWiki up to 2.11.0.M4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404",
"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim."
}
]
}

View File

@ -121,6 +121,16 @@
"refsource": "GENTOO",
"name": "GLSA-201909-08",
"url": "https://security.gentoo.org/glsa/201909-08"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2868",
"url": "https://access.redhat.com/errata/RHSA-2019:2868"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2870",
"url": "https://access.redhat.com/errata/RHSA-2019:2870"
}
]
}

View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sahipro.com/downloads-archive/",
"refsource": "MISC",
"name": "https://sahipro.com/downloads-archive/"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-db.com/exploits/47062"
}
]
}
}

View File

@ -113,6 +113,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2865",
"url": "https://access.redhat.com/errata/RHSA-2019:2865"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2867",
"url": "https://access.redhat.com/errata/RHSA-2019:2867"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2869",
"url": "https://access.redhat.com/errata/RHSA-2019:2869"
}
]
},

View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on e9:c8:82:d7:31:5a devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.com/crypt0crc/cve-2019-16518",
"url": "https://gitlab.com/crypt0crc/cve-2019-16518"
}
]
}
}

View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Cacti/cacti/issues/2964",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/issues/2964"
}
]
}
}

View File

@ -321,6 +321,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-c1dac1b3b8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"refsource": "MLIST",
"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E"
}
]
}