updates as per request

2019/1000xxx/CVE-2019-1000007.json

@@ -1 +1,62 @@
-{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/horazont/aioxmpp/pull/268"}]},"description": {"description_data": [{"lang": "eng","value": "aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appear to be exploitable via Remote. A crafted stanza can be sent to a application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data).."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.10.2 and earlier"}]},"product_name": "aioxmpp"}]},"vendor_name": "aioxmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.015889","DATE_REQUESTED": "2019-01-10T18:56:13","ID": "CVE-2019-1000007","ASSIGNER": "kurt@seifried.org","REQUESTER": "jonas@wielicki.name"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Improper Handling of Structural Elements"}]}]}}
+{
+  "data_version": "4.0",
+  "references": {
+    "reference_data": [
+      {
+        "url": "https://github.com/horazont/aioxmpp/pull/268"
+      }
+    ]
+  },
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appear to be exploitable via Remote. A crafted stanza can be sent to a application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3."
+      }
+    ]
+  },
+  "data_type": "CVE",
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "product": {
+            "product_data": [
+              {
+                "version": {
+                  "version_data": [
+                    {
+                      "version_value": "0.10.2 and earlier"
+                    }
+                  ]
+                },
+                "product_name": "aioxmpp"
+              }
+            ]
+          },
+          "vendor_name": "aioxmpp"
+        }
+      ]
+    }
+  },
+  "CVE_data_meta": {
+    "DATE_ASSIGNED": "2019-01-22T21:21:10.015889",
+    "DATE_REQUESTED": "2019-01-10T18:56:13",
+    "ID": "CVE-2019-1000007",
+    "ASSIGNER": "kurt@seifried.org",
+    "REQUESTER": "jonas@wielicki.name"
+  },
+  "data_format": "MITRE",
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "Improper Handling of Structural Elements"
+          }
+        ]
+      }
+    ]
+  }
+}

2019/1000xxx/CVE-2019-1000021.json

@@ -1 +1 @@
-{"data_version": "4.0","references": {"reference_data": [{"url": "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416"},{"url": "https://xmpp.org/extensions/xep-0223.html#howitworks"}]},"description": {"description_data": [{"lang": "eng","value": "slixmpp version Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains a Incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in All of the contacts of the victim can see private data having been published to a PEP node. This attack appear to be exploitable via When the user of this library publishes any private data on PEP, the node isn\u2019t configured to be private. This vulnerability appears to have been fixed in After commit 7cd73b594e8122dddf847953fcfc85ab4d316416."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416"}]},"product_name": "slixmpp"}]},"vendor_name": "slixmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.027360","DATE_REQUESTED": "2019-01-17T11:57:39","ID": "CVE-2019-1000021","ASSIGNER": "kurt@seifried.org","REQUESTER": "linkmauve@linkmauve.fr"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}}
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416"},{"url": "https://xmpp.org/extensions/xep-0223.html#howitworks"}]},"description": {"description_data": [{"lang": "eng","value": "slixmpp version Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in All of the contacts of the victim can see private data having been published to a PEP node. This attack appear to be exploitable if the user of this library publishes any private data on PEP, the node isn\u2019t configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416"}]},"product_name": "slixmpp"}]},"vendor_name": "slixmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.027360","DATE_REQUESTED": "2019-01-17T11:57:39","ID": "CVE-2019-1000021","ASSIGNER": "kurt@seifried.org","REQUESTER": "linkmauve@linkmauve.fr"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}}

2019/1000xxx/CVE-2019-1000023.json

@@ -1 +1 @@
-{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/SQL_Injection"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in A malicious attacker can include own SQL commands which database will execute.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in None."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "OPTOSS Next Gen Network Management System (NG-NetMS)"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.029865","DATE_REQUESTED": "2019-01-20T14:01:57","ID": "CVE-2019-1000023","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "SQL Injection"}]}]}}
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/SQL_Injection"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute.. This attack appear to be exploitable via network connectivity."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "OPTOSS Next Gen Network Management System (NG-NetMS)"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.029865","DATE_REQUESTED": "2019-01-20T14:01:57","ID": "CVE-2019-1000023","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "SQL Injection"}]}]}}

2019/1000xxx/CVE-2019-1000024.json

@@ -1 +1 @@
-{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in A cross-site scripting vulnerability was identified on the /js/libs/jstree/demo/filebrowser/index.php page. The \u201cid\u201d and \u201coperation\u201d GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response. that can result in Cross-site scripting relies on a victim being socially engineered into clicking on a malicious link.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in None."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "NG-NetMS"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.031068","DATE_REQUESTED": "2019-01-20T14:10:58","ID": "CVE-2019-1000024","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}}
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in A cross-site scripting vulnerability was identified on the /js/libs/jstree/demo/filebrowser/index.php page. The \u201cid\u201d and \u201coperation\u201d GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response. that can result in Cross-site scripting relies on a victim being socially engineered into clicking on a malicious link.. This attack appear to be exploitable via network connectivity."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "NG-NetMS"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.031068","DATE_REQUESTED": "2019-01-20T14:10:58","ID": "CVE-2019-1000024","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}}