admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-04 20:00:59 +00:00
parent bf876845de
commit 26a87c9926
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 230 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2018/20xxx/CVE-2018-20834.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content."
"value": "A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2)."
}
]
},
@ -71,6 +71,21 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1821",
"url": "https://access.redhat.com/errata/RHSA-2019:1821"
},
{
"refsource": "MISC",
"name": "https://nvd.nist.gov/vuln/detail/CVE-2018-20834",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20834"
},
{
"refsource": "MISC",
"name": "https://github.com/npm/node-tar/commit/7ecef07da6a9e72cc0c4d0c9c6a8e85b6b52395d",
"url": "https://github.com/npm/node-tar/commit/7ecef07da6a9e72cc0c4d0c9c6a8e85b6b52395d"
},
{
"refsource": "MISC",
"name": "https://github.com/npm/node-tar/commits/v2.2.2",
"url": "https://github.com/npm/node-tar/commits/v2.2.2"
}
]
}

66
2019/12xxx/CVE-2019-12586.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/espressif",
"refsource": "MISC",
"name": "https://github.com/espressif"
},
{
"refsource": "MISC",
"name": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks",
"url": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks"
},
{
"refsource": "MISC",
"name": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/",
"url": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/"
}
]
}

77
2019/14xxx/CVE-2019-14319.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_US",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_US"
},
{
"url": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg",
"refsource": "MISC",
"name": "http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg"
},
{
"url": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image",
"refsource": "MISC",
"name": "http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image"
},
{
"refsource": "MISC",
"name": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf",
"url": "https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf"
}
]
}
}

77
2019/14xxx/CVE-2019-14470.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cosenary/Instagram-PHP-API/commits/master",
"refsource": "MISC",
"name": "https://github.com/cosenary/Instagram-PHP-API/commits/master"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9815",
"url": "https://wpvulndb.com/vulnerabilities/9815"
},
{
"refsource": "EXPLOIT-DB",
"name": "47304",
"url": "https://www.exploit-db.com/exploits/47304"
}
]
}
}