From 3ac9eab14be6b666bca6703586c1f30a017f064f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 25 Sep 2019 17:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/9xxx/CVE-2015-9409.json | 72 ++++++++++++++++++++++++++++++++++ 2019/10xxx/CVE-2019-10098.json | 50 +++++++++++++++++++++-- 2019/15xxx/CVE-2019-15782.json | 5 +++ 2019/16xxx/CVE-2019-16188.json | 62 +++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16880.json | 62 +++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16881.json | 62 +++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16882.json | 62 +++++++++++++++++++++++++++++ 7 files changed, 372 insertions(+), 3 deletions(-) create mode 100644 2015/9xxx/CVE-2015-9409.json create mode 100644 2019/16xxx/CVE-2019-16188.json create mode 100644 2019/16xxx/CVE-2019-16880.json create mode 100644 2019/16xxx/CVE-2019-16881.json create mode 100644 2019/16xxx/CVE-2019-16882.json diff --git a/2015/9xxx/CVE-2015-9409.json b/2015/9xxx/CVE-2015-9409.json new file mode 100644 index 00000000000..a8de57f43df --- /dev/null +++ b/2015/9xxx/CVE-2015-9409.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8190", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8190" + }, + { + "url": "https://wordpress.org/plugins/alo-easymail/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/alo-easymail/#developers" + }, + { + "url": "https://packetstormsecurity.com/files/133594/", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133594/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10098.json b/2019/10xxx/CVE-2019-10098.json index 2fc95659008..14439c14cf8 100644 --- a/2019/10xxx/CVE-2019-10098.json +++ b/2019/10xxx/CVE-2019-10098.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10098", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.0 to 2.4.39" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mod_rewrite CWE-601 open redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL." } ] } diff --git a/2019/15xxx/CVE-2019-15782.json b/2019/15xxx/CVE-2019-15782.json index 5e1c8553ba9..0b676be3b74 100644 --- a/2019/15xxx/CVE-2019-15782.json +++ b/2019/15xxx/CVE-2019-15782.json @@ -61,6 +61,11 @@ "url": "https://github.com/webtorrent/webtorrent/pull/1714", "refsource": "MISC", "name": "https://github.com/webtorrent/webtorrent/pull/1714" + }, + { + "refsource": "CONFIRM", + "name": "https://hackerone.com/reports/681617", + "url": "https://hackerone.com/reports/681617" } ] } diff --git a/2019/16xxx/CVE-2019-16188.json b/2019/16xxx/CVE-2019-16188.json new file mode 100644 index 00000000000..27fe3d460b2 --- /dev/null +++ b/2019/16xxx/CVE-2019-16188.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://hclpnpsupport.hcltech.com/csm?id=kb_article&sys_id=0812a9961b0c885077761fc58d4bcb06", + "url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article&sys_id=0812a9961b0c885077761fc58d4bcb06" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16880.json b/2019/16xxx/CVE-2019-16880.json new file mode 100644 index 00000000000..6e51c75a171 --- /dev/null +++ b/2019/16xxx/CVE-2019-16880.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0021.html", + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0021.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16881.json b/2019/16xxx/CVE-2019-16881.json new file mode 100644 index 00000000000..c2c24bb2956 --- /dev/null +++ b/2019/16xxx/CVE-2019-16881.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0022.html", + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0022.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16882.json b/2019/16xxx/CVE-2019-16882.json new file mode 100644 index 00000000000..ec55a48bfa4 --- /dev/null +++ b/2019/16xxx/CVE-2019-16882.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0023.html", + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0023.html" + } + ] + } +} \ No newline at end of file