admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-02-04 16:04:36 -05:00
parent 69113b9172
commit 504d9ec763
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
33 changed files with 1640 additions and 315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2016/1000xxx/CVE-2016-1000271.json
View File

@ -1 +1,65 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://packetstormsecurity.com/files/140141/Joomla-DT-Register-SQL-Injection.html"}]},"description":{"description_data":[{"lang":"eng","value":"Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in \"/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events\". This attack appear to be exploitable if the attacker can reach the web server."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5)"}]},"product_name":"Joomla extension DT Register"}]},"vendor_name":"Joomla extension DT Register"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"2019-02-04T11:22:33","DATE_REQUESTED":"2019-02-04T11:22:33","ID":"CVE-2016-1000271","ASSIGNER":"kurt@seifried.org","REQUESTER":"kurt@seifried.org"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"SQL Injection"}]}]}} {
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-02-04T11:22:33",
"DATE_REQUESTED" : "2019-02-04T11:22:33",
"ID" : "CVE-2016-1000271",
"REQUESTER" : "kurt@seifried.org",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Joomla extension DT Register",
"version" : {
"version_data" : [
{
"version_value" : "before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5)"
}
]
}
}
]
},
"vendor_name" : "Joomla extension DT Register"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in \"/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events\". This attack appears to be exploitable if the attacker can reach the web server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/140141/Joomla-DT-Register-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/140141/Joomla-DT-Register-SQL-Injection.html"
}
]
}
}

50
2018/1000xxx/CVE-2018-1000998.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.010071", "DATE_ASSIGNED" : "2019-01-22T21:21:10.010071",
"DATE_REQUESTED" : "2018-12-23T22:41:02", "DATE_REQUESTED" : "2018-12-23T22:41:02",
"ID" : "CVE-2018-1000998", "ID" : "CVE-2018-1000998",
"REQUESTER" : "kvakil@berkeley.edu", "REQUESTER" : "kvakil@berkeley.edu",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.kvakil.me/posts/cvsweb/",
"refsource" : "MISC",
"url" : "https://www.kvakil.me/posts/cvsweb/"
} }
] ]
} }

50
2018/1000xxx/CVE-2018-1000999.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.010936", "DATE_ASSIGNED" : "2019-01-22T21:21:10.010936",
"DATE_REQUESTED" : "2018-12-20T18:12:12", "DATE_REQUESTED" : "2018-12-20T18:12:12",
"ID" : "CVE-2018-1000999", "ID" : "CVE-2018-1000999",
"REQUESTER" : "cve@rapid7.com", "REQUESTER" : "cve@rapid7.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Fastnet SA MailCleaner version 2018092601 contains a Command Injection (CWE-78) vulnerability in /admin/managetracing/search/search that can result in an authenticated web application user running commands on the underlying web server as root. This attack appears to be exploitable via Post-authentication access to the web server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rapid7/metasploit-framework/pull/11148",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/pull/11148"
} }
] ]
} }

114
2018/1xxx/CVE-2018-1675.json
View File

@ -1,65 +1,14 @@
{ {
"data_type" : "CVE",
"CVE_data_meta" : { "CVE_data_meta" : {
"ID" : "CVE-2018-1675", "ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-11-28T00:00:00", "DATE_PUBLIC" : "2018-11-28T00:00:00",
"STATE" : "PUBLIC", "ID" : "CVE-2018-1675",
"ASSIGNER" : "psirt@us.ibm.com" "STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403",
"title" : "IBM Security Bulletin 742403 (Tivoli Application Dependency Discovery Manager)"
},
{
"name" : "ibm-taddm-cve20181675-info-disc (145110)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"A" : "N",
"PR" : "N",
"SCORE" : "6.800",
"AV" : "N",
"S" : "C",
"AC" : "H",
"C" : "H",
"I" : "N",
"UI" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data" : [ "vendor_data" : [
{ {
"vendor_name" : "IBM",
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
@ -76,18 +25,67 @@
} }
} }
] ]
} },
"vendor_name" : "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : { "description" : {
"description_data" : [ "description_data" : [
{ {
"value" : "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.", "lang" : "eng",
"lang" : "eng" "value" : "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110."
} }
] ]
}, },
"data_version" : "4.0" "impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "C",
"SCORE" : "6.800",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403"
},
{
"name" : "ibm-taddm-cve20181675-info-disc(145110)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110"
}
]
}
} }

60
2018/1xxx/CVE-2018-1801.json
View File

@ -1,11 +1,9 @@
{ {
"description" : { "CVE_data_meta" : {
"description_data" : [ "ASSIGNER" : "psirt@us.ibm.com",
{ "DATE_PUBLIC" : "2019-01-28T00:00:00",
"lang" : "eng", "ID" : "CVE-2018-1801",
"value" : "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639." "STATE" : "PUBLIC"
}
]
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
@ -33,6 +31,7 @@
} }
}, },
{ {
"product_name" : "WebSphere Message Broker",
"version" : { "version" : {
"version_data" : [ "version_data" : [
{ {
@ -42,8 +41,7 @@
"version_value" : "8.0.0.9" "version_value" : "8.0.0.9"
} }
] ]
}, }
"product_name" : "WebSphere Message Broker"
}, },
{ {
"product_name" : "App Connect", "product_name" : "App Connect",
@ -65,24 +63,34 @@
] ]
} }
}, },
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."
}
]
},
"impact" : { "impact" : {
"cvssv3" : { "cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : { "BM" : {
"A" : "L", "A" : "L",
"PR" : "N",
"SCORE" : "5.300",
"AV" : "N",
"S" : "U",
"AC" : "L", "AC" : "L",
"AV" : "N",
"C" : "N", "C" : "N",
"I" : "N", "I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N" "UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
} }
} }
}, },
@ -91,33 +99,23 @@
{ {
"description" : [ "description" : [
{ {
"value" : "Denial of Service", "lang" : "eng",
"lang" : "eng" "value" : "Denial of Service"
} }
] ]
} }
] ]
}, },
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2018-1801",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-01-28T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780",
"refsource" : "CONFIRM", "refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 795780 (Integration Bus)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780" "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780"
}, },
{ {
"name" : "ibm-ibus-cve20181801-dos (149639)", "name" : "ibm-ibus-cve20181801-dos(149639)",
"refsource" : "XF", "refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639" "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"
} }
] ]

126
2018/1xxx/CVE-2018-1962.json
View File

@ -1,74 +1,14 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"DATE_PUBLIC" : "2019-01-30T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1962" "DATE_PUBLIC" : "2019-01-30T00:00:00",
}, "ID" : "CVE-2018-1962",
"data_type" : "CVE", "STATE" : "PUBLIC"
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 796380 (Security Identity Manager)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name" : "ibm-sim-cve20181962-info-disc (153658)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "L",
"PR" : "N",
"A" : "N",
"SCORE" : "4.000",
"C" : "L",
"I" : "N",
"UI" : "N",
"AC" : "L",
"S" : "U"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.",
"lang" : "eng"
}
]
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data" : [ "vendor_data" : [
{ {
"vendor_name" : "IBM",
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
@ -82,9 +22,67 @@
} }
} }
] ]
} },
"vendor_name" : "IBM"
} }
] ]
} }
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "4.000",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name" : "ibm-sim-cve20181962-info-disc(153658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658"
}
]
} }
} }

110
2018/1xxx/CVE-2018-1970.json
View File

@ -1,66 +1,14 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-01-30T00:00:00", "DATE_PUBLIC" : "2019-01-30T00:00:00",
"ID" : "CVE-2018-1970" "ID" : "CVE-2018-1970",
"STATE" : "PUBLIC"
}, },
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 796380 (Security Identity Manager)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"refsource" : "XF",
"name" : "ibm-sim-cve20181970-info-disc (153751)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"S" : "U",
"C" : "H",
"UI" : "N",
"I" : "N",
"PR" : "L",
"A" : "L",
"SCORE" : "7.100",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data" : [ "vendor_data" : [
{ {
"vendor_name" : "IBM",
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
@ -74,16 +22,66 @@
} }
} }
] ]
} },
"vendor_name" : "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : { "description" : {
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751." "value" : "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name" : "ibm-sim-cve20181970-info-disc(153751)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
} }
] ]
} }

67
2018/20xxx/CVE-2018-20752.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bitbucket.org/LaNMaSteR53/recon-ng/commits/41e96fd58891439974fb0c920b349f8926c71d4c#chg-modules/reporting/csv.py",
"refsource" : "MISC",
"url" : "https://bitbucket.org/LaNMaSteR53/recon-ng/commits/41e96fd58891439974fb0c920b349f8926c71d4c#chg-modules/reporting/csv.py"
},
{
"name" : "https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in",
"refsource" : "MISC",
"url" : "https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in"
}
]
}
}

50
2019/1000xxx/CVE-2019-1000001.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.011679", "DATE_ASSIGNED" : "2019-01-22T21:21:10.011679",
"DATE_REQUESTED" : "2019-01-03T07:58:53", "DATE_REQUESTED" : "2019-01-03T07:58:53",
"ID" : "CVE-2019-1000001", "ID" : "CVE-2019-1000001",
"REQUESTER" : "fx.du.moutier@gmail.com", "REQUESTER" : "fx.du.moutier@gmail.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/nilsteampassnet/TeamPass/issues/2495",
"refsource" : "MISC",
"url" : "https://github.com/nilsteampassnet/TeamPass/issues/2495"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000002.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.012372", "DATE_ASSIGNED" : "2019-01-22T21:21:10.012372",
"DATE_REQUESTED" : "2019-01-04T16:38:55", "DATE_REQUESTED" : "2019-01-04T16:38:55",
"ID" : "CVE-2019-1000002", "ID" : "CVE-2019-1000002",
"REQUESTER" : "info@jonasfranz.de", "REQUESTER" : "info@jonasfranz.de",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to \"any\" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/go-gitea/gitea/pull/5631",
"refsource" : "MISC",
"url" : "https://github.com/go-gitea/gitea/pull/5631"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000003.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.013025", "DATE_ASSIGNED" : "2019-01-22T21:21:10.013025",
"DATE_REQUESTED" : "2019-01-08T10:09:12", "DATE_REQUESTED" : "2019-01-08T10:09:12",
"ID" : "CVE-2019-1000003", "ID" : "CVE-2019-1000003",
"REQUESTER" : "rob@dxw.com", "REQUESTER" : "rob@dxw.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://advisories.dxw.com/advisories/csrf-mapsvg-lite/",
"refsource" : "MISC",
"url" : "https://advisories.dxw.com/advisories/csrf-mapsvg-lite/"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000004.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.013704", "DATE_ASSIGNED" : "2019-01-22T21:21:10.013704",
"DATE_REQUESTED" : "2019-01-08T16:47:11", "DATE_REQUESTED" : "2019-01-08T16:47:11",
"ID" : "CVE-2019-1000004", "ID" : "CVE-2019-1000004",
"REQUESTER" : "davidepaalte@hotmail.com", "REQUESTER" : "davidepaalte@hotmail.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/yugandhargangu/JspMyAdmin2/issues/22",
"refsource" : "MISC",
"url" : "https://github.com/yugandhargangu/JspMyAdmin2/issues/22"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000005.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.014372", "DATE_ASSIGNED" : "2019-01-22T21:21:10.014372",
"DATE_REQUESTED" : "2019-01-08T16:58:24", "DATE_REQUESTED" : "2019-01-08T16:58:24",
"ID" : "CVE-2019-1000005", "ID" : "CVE-2019-1000005",
"REQUESTER" : "byqwerton@gmail.com", "REQUESTER" : "byqwerton@gmail.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src=\"phar://path/to/crafted/image\">. This vulnerability appears to have been fixed in 7.1.8."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mpdf/mpdf/issues/949",
"refsource" : "MISC",
"url" : "https://github.com/mpdf/mpdf/issues/949"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000006.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.015070", "DATE_ASSIGNED" : "2019-01-22T21:21:10.015070",
"DATE_REQUESTED" : "2019-01-09T16:28:24", "DATE_REQUESTED" : "2019-01-09T16:28:24",
"ID" : "CVE-2019-1000006", "ID" : "CVE-2019-1000006",
"REQUESTER" : "soeren+mitre@soeren-tempel.net", "REQUESTER" : "soeren+mitre@soeren-tempel.net",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/RIOT-OS/RIOT/issues/10739",
"refsource" : "MISC",
"url" : "https://github.com/RIOT-OS/RIOT/issues/10739"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000007.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.015889", "DATE_ASSIGNED" : "2019-01-22T21:21:10.015889",
"DATE_REQUESTED" : "2019-01-10T18:56:13", "DATE_REQUESTED" : "2019-01-10T18:56:13",
"ID" : "CVE-2019-1000007", "ID" : "CVE-2019-1000007",
"REQUESTER" : "jonas@wielicki.name", "REQUESTER" : "jonas@wielicki.name",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/horazont/aioxmpp/pull/268",
"refsource" : "MISC",
"url" : "https://github.com/horazont/aioxmpp/pull/268"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000008.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.016652", "DATE_ASSIGNED" : "2019-01-22T21:21:10.016652",
"DATE_REQUESTED" : "2019-01-14T20:30:06", "DATE_REQUESTED" : "2019-01-14T20:30:06",
"ID" : "CVE-2019-1000008", "ID" : "CVE-2019-1000008",
"REQUESTER" : "matt@mattfarina.com", "REQUESTER" : "matt@mattfarina.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helm.sh/blog/helm-security-notice-2019/index.html",
"refsource" : "MISC",
"url" : "https://helm.sh/blog/helm-security-notice-2019/index.html"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000009.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.017655", "DATE_ASSIGNED" : "2019-01-22T21:21:10.017655",
"DATE_REQUESTED" : "2019-01-14T20:41:30", "DATE_REQUESTED" : "2019-01-14T20:41:30",
"ID" : "CVE-2019-1000009", "ID" : "CVE-2019-1000009",
"REQUESTER" : "matt@mattfarina.com", "REQUESTER" : "matt@mattfarina.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helm.sh/blog/chartmuseum-security-notice-2019/index.html",
"refsource" : "MISC",
"url" : "https://helm.sh/blog/chartmuseum-security-notice-2019/index.html"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000010.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.018967", "DATE_ASSIGNED" : "2019-01-22T21:21:10.018967",
"DATE_REQUESTED" : "2019-01-15T04:36:09", "DATE_REQUESTED" : "2019-01-15T04:36:09",
"ID" : "CVE-2019-1000010", "ID" : "CVE-2019-1000010",
"REQUESTER" : "oscar@sakerhetskontoret.com", "REQUESTER" : "oscar@sakerhetskontoret.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c",
"refsource" : "MISC",
"url" : "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c"
},
{
"name" : "https://github.com/phpipam/phpipam/issues/2327",
"refsource" : "MISC",
"url" : "https://github.com/phpipam/phpipam/issues/2327"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000011.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.019708", "DATE_ASSIGNED" : "2019-01-22T21:21:10.019708",
"DATE_REQUESTED" : "2019-01-15T15:30:38", "DATE_REQUESTED" : "2019-01-15T15:30:38",
"ID" : "CVE-2019-1000011", "ID" : "CVE-2019-1000011",
"REQUESTER" : "dunglas@gmail.com", "REQUESTER" : "dunglas@gmail.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/api-platform/core/issues/2364",
"refsource" : "MISC",
"url" : "https://github.com/api-platform/core/issues/2364"
},
{
"name" : "https://github.com/api-platform/core/pull/2441",
"refsource" : "MISC",
"url" : "https://github.com/api-platform/core/pull/2441"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000012.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.020477", "DATE_ASSIGNED" : "2019-01-22T21:21:10.020477",
"DATE_REQUESTED" : "2019-01-15T18:58:39", "DATE_REQUESTED" : "2019-01-15T18:58:39",
"ID" : "CVE-2019-1000012", "ID" : "CVE-2019-1000012",
"REQUESTER" : "bram.verburg@voltone.net", "REQUESTER" : "bram.verburg@voltone.net",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/hexpm/hex/pull/646",
"refsource" : "MISC",
"url" : "https://github.com/hexpm/hex/pull/646"
},
{
"name" : "https://github.com/hexpm/hex/pull/651",
"refsource" : "MISC",
"url" : "https://github.com/hexpm/hex/pull/651"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000013.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.021164", "DATE_ASSIGNED" : "2019-01-22T21:21:10.021164",
"DATE_REQUESTED" : "2019-01-15T18:58:43", "DATE_REQUESTED" : "2019-01-15T18:58:43",
"ID" : "CVE-2019-1000013", "ID" : "CVE-2019-1000013",
"REQUESTER" : "bram.verburg@voltone.net", "REQUESTER" : "bram.verburg@voltone.net",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/hexpm/hex_core/pull/48",
"refsource" : "MISC",
"url" : "https://github.com/hexpm/hex_core/pull/48"
},
{
"name" : "https://github.com/hexpm/hex_core/pull/51",
"refsource" : "MISC",
"url" : "https://github.com/hexpm/hex_core/pull/51"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000014.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.021861", "DATE_ASSIGNED" : "2019-01-22T21:21:10.021861",
"DATE_REQUESTED" : "2019-01-15T18:58:45", "DATE_REQUESTED" : "2019-01-15T18:58:45",
"ID" : "CVE-2019-1000014", "ID" : "CVE-2019-1000014",
"REQUESTER" : "bram.verburg@voltone.net", "REQUESTER" : "bram.verburg@voltone.net",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/erlang/rebar3/pull/1986",
"refsource" : "MISC",
"url" : "https://github.com/erlang/rebar3/pull/1986"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000015.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.022521", "DATE_ASSIGNED" : "2019-01-22T21:21:10.022521",
"DATE_REQUESTED" : "2019-01-16T14:51:11", "DATE_REQUESTED" : "2019-01-16T14:51:11",
"ID" : "CVE-2019-1000015", "ID" : "CVE-2019-1000015",
"REQUESTER" : "jarnaut@dognaedis.com", "REQUESTER" : "jarnaut@dognaedis.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03",
"refsource" : "MISC",
"url" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000016.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.023172", "DATE_ASSIGNED" : "2019-01-22T21:21:10.023172",
"DATE_REQUESTED" : "2019-01-16T15:30:44", "DATE_REQUESTED" : "2019-01-16T15:30:44",
"ID" : "CVE-2019-1000016", "ID" : "CVE-2019-1000016",
"REQUESTER" : "skeval65@gmail.com", "REQUESTER" : "skeval65@gmail.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f",
"refsource" : "MISC",
"url" : "https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000017.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.023850", "DATE_ASSIGNED" : "2019-01-22T21:21:10.023850",
"DATE_REQUESTED" : "2019-01-16T16:16:03", "DATE_REQUESTED" : "2019-01-16T16:16:03",
"ID" : "CVE-2019-1000017", "ID" : "CVE-2019-1000017",
"REQUESTER" : "jarnaut@dognaedis.com", "REQUESTER" : "jarnaut@dognaedis.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03",
"refsource" : "MISC",
"url" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03"
},
{
"name" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-34-2019-01-14-Moderate-risk-moderate-impact-XSS-and-unauthorized-access",
"refsource" : "MISC",
"url" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-34-2019-01-14-Moderate-risk-moderate-impact-XSS-and-unauthorized-access"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000018.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.024645", "DATE_ASSIGNED" : "2019-01-22T21:21:10.024645",
"DATE_REQUESTED" : "2019-01-16T17:31:27", "DATE_REQUESTED" : "2019-01-16T17:31:27",
"ID" : "CVE-2019-1000018", "ID" : "CVE-2019-1000018",
"REQUESTER" : "security@es.net", "REQUESTER" : "security@es.net",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://esnet-security.github.io/vulnerabilities/20190115_rssh",
"refsource" : "MISC",
"url" : "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000019.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.025460", "DATE_ASSIGNED" : "2019-01-22T21:21:10.025460",
"DATE_REQUESTED" : "2019-01-17T00:55:44", "DATE_REQUESTED" : "2019-01-17T00:55:44",
"ID" : "CVE-2019-1000019", "ID" : "CVE-2019-1000019",
"REQUESTER" : "dja@axtens.net", "REQUESTER" : "dja@axtens.net",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/libarchive/libarchive/pull/1120",
"refsource" : "MISC",
"url" : "https://github.com/libarchive/libarchive/pull/1120"
},
{
"name" : "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1",
"refsource" : "MISC",
"url" : "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000020.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.026263", "DATE_ASSIGNED" : "2019-01-22T21:21:10.026263",
"DATE_REQUESTED" : "2019-01-17T03:09:42", "DATE_REQUESTED" : "2019-01-17T03:09:42",
"ID" : "CVE-2019-1000020", "ID" : "CVE-2019-1000020",
"REQUESTER" : "dja@axtens.net", "REQUESTER" : "dja@axtens.net",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/libarchive/libarchive/pull/1120",
"refsource" : "MISC",
"url" : "https://github.com/libarchive/libarchive/pull/1120"
},
{
"name" : "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423",
"refsource" : "MISC",
"url" : "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423"
} }
] ]
} }

55
2019/1000xxx/CVE-2019-1000021.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.027360", "DATE_ASSIGNED" : "2019-01-22T21:21:10.027360",
"DATE_REQUESTED" : "2019-01-17T11:57:39", "DATE_REQUESTED" : "2019-01-17T11:57:39",
"ID" : "CVE-2019-1000021", "ID" : "CVE-2019-1000021",
"REQUESTER" : "linkmauve@linkmauve.fr", "REQUESTER" : "linkmauve@linkmauve.fr",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416",
"refsource" : "MISC",
"url" : "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416"
},
{
"name" : "https://xmpp.org/extensions/xep-0223.html#howitworks",
"refsource" : "MISC",
"url" : "https://xmpp.org/extensions/xep-0223.html#howitworks"
} }
] ]
} }

50
2019/1000xxx/CVE-2019-1000022.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.028604", "DATE_ASSIGNED" : "2019-01-22T21:21:10.028604",
"DATE_REQUESTED" : "2019-01-19T09:14:57", "DATE_REQUESTED" : "2019-01-19T09:14:57",
"ID" : "CVE-2019-1000022", "ID" : "CVE-2019-1000022",
"REQUESTER" : "cve@taoensso.com", "REQUESTER" : "cve@taoensso.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,28 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ptaoussanis/sente/issues/137",
"refsource" : "MISC",
"url" : "https://github.com/ptaoussanis/sente/issues/137"
} }
] ]
} }

60
2019/1000xxx/CVE-2019-1000023.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.029865", "DATE_ASSIGNED" : "2019-01-22T21:21:10.029865",
"DATE_REQUESTED" : "2019-01-20T14:01:57", "DATE_REQUESTED" : "2019-01-20T14:01:57",
"ID" : "CVE-2019-1000023", "ID" : "CVE-2019-1000023",
"REQUESTER" : "piotr.karolak@gmail.com", "REQUESTER" : "piotr.karolak@gmail.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,38 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html",
"refsource" : "MISC",
"url" : "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"
},
{
"name" : "https://sourceforge.net/projects/ngnms/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/projects/ngnms/"
},
{
"name" : "https://www.owasp.org/index.php/SQL_Injection",
"refsource" : "MISC",
"url" : "https://www.owasp.org/index.php/SQL_Injection"
} }
] ]
} }

60
2019/1000xxx/CVE-2019-1000024.json
View File

@ -1,11 +1,34 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.031068", "DATE_ASSIGNED" : "2019-01-22T21:21:10.031068",
"DATE_REQUESTED" : "2019-01-20T14:10:58", "DATE_REQUESTED" : "2019-01-20T14:10:58",
"ID" : "CVE-2019-1000024", "ID" : "CVE-2019-1000024",
"REQUESTER" : "piotr.karolak@gmail.com", "REQUESTER" : "piotr.karolak@gmail.com",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -14,7 +37,38 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The \"id\" and \"operation\" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html",
"refsource" : "MISC",
"url" : "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"
},
{
"name" : "https://sourceforge.net/projects/ngnms/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/projects/ngnms/"
},
{
"name" : "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)",
"refsource" : "MISC",
"url" : "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)"
} }
] ]
} }

52
2019/4xxx/CVE-2019-4038.json
View File

@ -1,12 +1,18 @@
{ {
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-02-01T00:00:00",
"ID" : "CVE-2019-4038",
"STATE" : "PUBLIC"
},
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data" : [ "vendor_data" : [
{ {
"vendor_name" : "IBM",
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
"product_name" : "Security Identity Manager",
"version" : { "version" : {
"version_data" : [ "version_data" : [
{ {
@ -16,41 +22,43 @@
"version_value" : "7.0" "version_value" : "7.0"
} }
] ]
}, }
"product_name" : "Security Identity Manager"
} }
] ]
} },
"vendor_name" : "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : { "description" : {
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162." "value" : "IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162."
} }
] ]
}, },
"data_version" : "4.0",
"impact" : { "impact" : {
"cvssv3" : { "cvssv3" : {
"BM" : { "BM" : {
"AV" : "P",
"SCORE" : "7.200",
"A" : "H", "A" : "H",
"PR" : "H", "AC" : "L",
"UI" : "N", "AV" : "P",
"I" : "H",
"C" : "H", "C" : "H",
"I" : "H",
"PR" : "H",
"S" : "C", "S" : "C",
"AC" : "L" "SCORE" : "7.200",
"UI" : "N"
}, },
"TM" : { "TM" : {
"E" : "U",
"RC" : "C", "RC" : "C",
"RL" : "O", "RL" : "O"
"E" : "U"
} }
} }
}, },
@ -66,28 +74,18 @@
} }
] ]
}, },
"data_format" : "MITRE",
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"title" : "IBM Security Bulletin 869604 (Security Identity Manager)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10869604",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10869604", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10869604",
"refsource" : "CONFIRM" "refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10869604"
}, },
{ {
"name" : "ibm-sim-cve20194038-code-injection (156162)", "name" : "ibm-sim-cve20194038-code-injection(156162)",
"refsource" : "XF", "refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162" "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162"
} }
] ]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2019-4038",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-02-01T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
} }
} }