From 10fab23a67c6d66c0591a91890eecc502ea20752 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 26 Dec 2019 15:01:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15691.json | 72 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15692.json | 72 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15693.json | 72 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15694.json | 72 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19540.json | 56 +++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19541.json | 56 +++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19542.json | 56 +++++++++++++++++++++++--- 7 files changed, 438 insertions(+), 18 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15691.json create mode 100644 2019/15xxx/CVE-2019-15692.json create mode 100644 2019/15xxx/CVE-2019-15693.json create mode 100644 2019/15xxx/CVE-2019-15694.json diff --git a/2019/15xxx/CVE-2019-15691.json b/2019/15xxx/CVE-2019-15691.json new file mode 100644 index 00000000000..ef58deb101c --- /dev/null +++ b/2019/15xxx/CVE-2019-15691.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15691", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TigerVNC", + "version": { + "version_data": [ + { + "version_value": "1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-825: Expired Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40", + "url": "https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40" + }, + { + "refsource": "MISC", + "name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1", + "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", + "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15692.json b/2019/15xxx/CVE-2019-15692.json new file mode 100644 index 00000000000..b79eb10251f --- /dev/null +++ b/2019/15xxx/CVE-2019-15692.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15692", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TigerVNC", + "version": { + "version_data": [ + { + "version_value": "1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821", + "url": "https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821" + }, + { + "refsource": "MISC", + "name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1", + "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", + "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15693.json b/2019/15xxx/CVE-2019-15693.json new file mode 100644 index 00000000000..c9d04a0de96 --- /dev/null +++ b/2019/15xxx/CVE-2019-15693.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15693", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TigerVNC", + "version": { + "version_data": [ + { + "version_value": "1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95", + "url": "https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95" + }, + { + "refsource": "MISC", + "name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1", + "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", + "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15694.json b/2019/15xxx/CVE-2019-15694.json new file mode 100644 index 00000000000..b6a2f60e4b5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15694.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15694", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TigerVNC", + "version": { + "version_data": [ + { + "version_value": "1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438", + "url": "https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438" + }, + { + "refsource": "MISC", + "name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1", + "url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", + "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19540.json b/2019/19xxx/CVE-2019-19540.json index ff1c0367237..0ba9a3cc87d 100644 --- a/2019/19xxx/CVE-2019-19540.json +++ b/2019/19xxx/CVE-2019-19540.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19540", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19540", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9974", + "url": "https://wpvulndb.com/vulnerabilities/9974" } ] } diff --git a/2019/19xxx/CVE-2019-19541.json b/2019/19xxx/CVE-2019-19541.json index ea51da60282..ba8d420fb13 100644 --- a/2019/19xxx/CVE-2019-19541.json +++ b/2019/19xxx/CVE-2019-19541.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19541", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19541", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9974", + "url": "https://wpvulndb.com/vulnerabilities/9974" } ] } diff --git a/2019/19xxx/CVE-2019-19542.json b/2019/19xxx/CVE-2019-19542.json index 6d8a0c71148..2af4d794924 100644 --- a/2019/19xxx/CVE-2019-19542.json +++ b/2019/19xxx/CVE-2019-19542.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19542", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19542", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9974", + "url": "https://wpvulndb.com/vulnerabilities/9974" } ] }