admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-12-18 20:01:36 +00:00
parent 95830e9b8f
commit 3b0ce47300
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 648 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/7xxx/CVE-2017-7525.json
View File

@ -318,6 +318,11 @@
"refsource": "MLIST",
"name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
"url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
"url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"
}
]
}

58
2018/1xxx/CVE-2018-1311.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1311",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1311",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Xerces-C",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 3.2.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service and Remote Exploit"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2",
"url": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable."
}
]
}

5
2019/10xxx/CVE-2019-10086.json
View File

@ -128,6 +128,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-79b5790566",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4317",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
}
]
},

50
2019/11xxx/CVE-2019-11995.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11995",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HPE IOT + GCP",
"version": {
"version_data": [
{
"version_value": "1.2.4.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized access to sensitive information; remote unauthorized remote access"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03954en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03954en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance."
}
]
}

4
2019/16xxx/CVE-2019-16782.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8.\n\nAttackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
"value": "There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
}
]
},
@ -85,4 +85,4 @@
"advisory": "GHSA-hrqr-hxpp-chr3",
"discovery": "UNKNOWN"
}
}
}

62
2019/18xxx/CVE-2019-18267.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18267",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GE S2020/S2020G Fast Switch 61850",
"version": {
"version_data": [
{
"version_value": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
}
]
}
}

118
2019/19xxx/CVE-2019-19688.json
View File

@ -1,60 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2019-19688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro HouseCall for Home Networks",
"version" : {
"version_data" : [
{
"version_value" : "Below 5.3.0.1063"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges. "
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124034.aspx"
}
]
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro HouseCall for Home Networks",
"version": {
"version_data": [
{
"version_value": "Below 5.3.0.1063"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124034.aspx",
"refsource": "MISC",
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124034.aspx"
}
]
}
}

120
2019/19xxx/CVE-2019-19689.json
View File

@ -1,60 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2019-19689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro HouseCall for Home Networks",
"version" : {
"version_data" : [
{
"version_value" : "Below 5.3.0.1063"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DLL Hijack"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124034.aspx"
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro HouseCall for Home Networks",
"version": {
"version_data": [
{
"version_value": "Below 5.3.0.1063"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124034.aspx",
"refsource": "MISC",
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124034.aspx"
}
]
}
}

120
2019/19xxx/CVE-2019-19690.json
View File

@ -1,60 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2019-19690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Mobile Security for Android (Consumer)",
"version" : {
"version_data" : [
{
"version_value" : "10.3.1 and below"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. "
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Protection Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124037.aspx"
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Mobile Security for Android (Consumer)",
"version": {
"version_data": [
{
"version_value": "10.3.1 and below"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protection Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124037.aspx",
"refsource": "MISC",
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124037.aspx"
}
]
}
}

18
2019/19xxx/CVE-2019-19891.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19891",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/19xxx/CVE-2019-19892.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19892",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

71
2019/5xxx/CVE-2019-5074.json
View File

@ -1,17 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5074",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5074",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "WAGO PFC200",
"version": {
"version_data": [
{
"version_value": "Firmware version 03.01.07(13)"
},
{
"version_value": "Firmware version 03.00.39(12)"
}
]
}
},
{
"product_name": "WAGO PFC100",
"version": {
"version_data": [
{
"version_value": "Firmware version 03.00.39(12)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0863",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0863"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability."
}
]
}

71
2019/5xxx/CVE-2019-5077.json
View File

@ -1,17 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5077",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5077",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "WAGO PFC200",
"version": {
"version_data": [
{
"version_value": "Firmware version 03.01.07(13)"
},
{
"version_value": "Firmware version 03.00.39(12)"
}
]
}
},
{
"product_name": "WAGO PFC100",
"version": {
"version_data": [
{
"version_value": "Firmware version 03.00.39(12)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0869",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0869"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable denial-of-service vulnerability exists in the iocheckd service \u2018\u2019I/O-Chec\u2019\u2019 functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability."
}
]
}

76
2019/5xxx/CVE-2019-5081.json
View File

@ -1,17 +1,79 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5081",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5081",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "WAGO PFC200",
"version": {
"version_data": [
{
"version_value": "Firmware version 03.01.07(13)"
},
{
"version_value": "Firmware version 03.00.39(12)"
}
]
}
},
{
"product_name": "WAGO PFC100",
"version": {
"version_data": [
{
"version_value": "Firmware version 03.00.39(12)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0874",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0874"
},
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0873",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0873"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability."
}
]
}

118
2019/7xxx/CVE-2019-7621.json
View File

@ -1,63 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "bressers@elastic.co",
"ID": "CVE-2019-7621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_value": "before 6.8.6 and 7.5.1"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_value": "before 6.8.6 and 7.5.1"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.elastic.co/community/security/"
},
{
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-6-and-7-5-1-security-update/212390"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim�s browser."
}
]
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.elastic.co/community/security/",
"refsource": "MISC",
"name": "https://www.elastic.co/community/security/"
},
{
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-6-and-7-5-1-security-update/212390",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/elastic-stack-6-8-6-and-7-5-1-security-update/212390"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim\u00ef\u00bf\u00bds browser."
}
]
}
}