diff --git a/2019/1000xxx/CVE-2019-1000007.json b/2019/1000xxx/CVE-2019-1000007.json index f4a5dae2aca..d0645ebfc70 100644 --- a/2019/1000xxx/CVE-2019-1000007.json +++ b/2019/1000xxx/CVE-2019-1000007.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/horazont/aioxmpp/pull/268"}]},"description": {"description_data": [{"lang": "eng","value": "aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appear to be exploitable via Remote. A crafted stanza can be sent to a application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data).."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.10.2 and earlier"}]},"product_name": "aioxmpp"}]},"vendor_name": "aioxmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.015889","DATE_REQUESTED": "2019-01-10T18:56:13","ID": "CVE-2019-1000007","ASSIGNER": "kurt@seifried.org","REQUESTER": "jonas@wielicki.name"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Improper Handling of Structural Elements"}]}]}} \ No newline at end of file +{ + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://github.com/horazont/aioxmpp/pull/268" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appear to be exploitable via Remote. A crafted stanza can be sent to a application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "0.10.2 and earlier" + } + ] + }, + "product_name": "aioxmpp" + } + ] + }, + "vendor_name": "aioxmpp" + } + ] + } + }, + "CVE_data_meta": { + "DATE_ASSIGNED": "2019-01-22T21:21:10.015889", + "DATE_REQUESTED": "2019-01-10T18:56:13", + "ID": "CVE-2019-1000007", + "ASSIGNER": "kurt@seifried.org", + "REQUESTER": "jonas@wielicki.name" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Handling of Structural Elements" + } + ] + } + ] + } +} diff --git a/2019/1000xxx/CVE-2019-1000021.json b/2019/1000xxx/CVE-2019-1000021.json index 837105db1ed..d0e59cbe117 100644 --- a/2019/1000xxx/CVE-2019-1000021.json +++ b/2019/1000xxx/CVE-2019-1000021.json @@ -1 +1 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416"},{"url": "https://xmpp.org/extensions/xep-0223.html#howitworks"}]},"description": {"description_data": [{"lang": "eng","value": "slixmpp version Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains a Incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in All of the contacts of the victim can see private data having been published to a PEP node. This attack appear to be exploitable via When the user of this library publishes any private data on PEP, the node isn\u2019t configured to be private. This vulnerability appears to have been fixed in After commit 7cd73b594e8122dddf847953fcfc85ab4d316416."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416"}]},"product_name": "slixmpp"}]},"vendor_name": "slixmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.027360","DATE_REQUESTED": "2019-01-17T11:57:39","ID": "CVE-2019-1000021","ASSIGNER": "kurt@seifried.org","REQUESTER": "linkmauve@linkmauve.fr"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}} \ No newline at end of file +{"data_version": "4.0","references": {"reference_data": [{"url": "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416"},{"url": "https://xmpp.org/extensions/xep-0223.html#howitworks"}]},"description": {"description_data": [{"lang": "eng","value": "slixmpp version Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in All of the contacts of the victim can see private data having been published to a PEP node. This attack appear to be exploitable if the user of this library publishes any private data on PEP, the node isn\u2019t configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416"}]},"product_name": "slixmpp"}]},"vendor_name": "slixmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.027360","DATE_REQUESTED": "2019-01-17T11:57:39","ID": "CVE-2019-1000021","ASSIGNER": "kurt@seifried.org","REQUESTER": "linkmauve@linkmauve.fr"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}} \ No newline at end of file diff --git a/2019/1000xxx/CVE-2019-1000023.json b/2019/1000xxx/CVE-2019-1000023.json index 1f8b59934b6..db1ba0a7e14 100644 --- a/2019/1000xxx/CVE-2019-1000023.json +++ b/2019/1000xxx/CVE-2019-1000023.json @@ -1 +1 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/SQL_Injection"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in A malicious attacker can include own SQL commands which database will execute.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in None."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "OPTOSS Next Gen Network Management System (NG-NetMS)"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.029865","DATE_REQUESTED": "2019-01-20T14:01:57","ID": "CVE-2019-1000023","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "SQL Injection"}]}]}} \ No newline at end of file +{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/SQL_Injection"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute.. This attack appear to be exploitable via network connectivity."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "OPTOSS Next Gen Network Management System (NG-NetMS)"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.029865","DATE_REQUESTED": "2019-01-20T14:01:57","ID": "CVE-2019-1000023","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "SQL Injection"}]}]}} \ No newline at end of file diff --git a/2019/1000xxx/CVE-2019-1000024.json b/2019/1000xxx/CVE-2019-1000024.json index 7606a4bd6d7..d5f0dceabf1 100644 --- a/2019/1000xxx/CVE-2019-1000024.json +++ b/2019/1000xxx/CVE-2019-1000024.json @@ -1 +1 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in A cross-site scripting vulnerability was identified on the /js/libs/jstree/demo/filebrowser/index.php page. The \u201cid\u201d and \u201coperation\u201d GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response. that can result in Cross-site scripting relies on a victim being socially engineered into clicking on a malicious link.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in None."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "NG-NetMS"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.031068","DATE_REQUESTED": "2019-01-20T14:10:58","ID": "CVE-2019-1000024","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}} \ No newline at end of file +{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in A cross-site scripting vulnerability was identified on the /js/libs/jstree/demo/filebrowser/index.php page. The \u201cid\u201d and \u201coperation\u201d GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response. that can result in Cross-site scripting relies on a victim being socially engineered into clicking on a malicious link.. This attack appear to be exploitable via network connectivity."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "NG-NetMS"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.031068","DATE_REQUESTED": "2019-01-20T14:10:58","ID": "CVE-2019-1000024","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}} \ No newline at end of file