admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-17 17:00:51 +00:00
parent 69bfb0a9d9
commit 54d4af67ac
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 282 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2019/11xxx/CVE-2019-11057.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[vtigercrm-developers] 20190403 Vtiger CRM 7.1.0 (hotfix3) Released",
"url": "http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-April/037964.html"
}
]
}

5
2019/11xxx/CVE-2019-11833.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64",
"url": "https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64"
},
{
"refsource": "BID",
"name": "108372",
"url": "http://www.securityfocus.com/bid/108372"
}
]
}

56
2019/11xxx/CVE-2019-11887.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11887",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://news.simplybook.me/notification/",
"url": "https://news.simplybook.me/notification/"
}
]
}

71
2019/12xxx/CVE-2019-12086.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12086",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
"refsource": "MISC",
"name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/",
"refsource": "MISC",
"name": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/"
},
{
"url": "https://github.com/FasterXML/jackson-databind/issues/2326",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2326"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9"
}
]
}

18
2019/12xxx/CVE-2019-12153.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12154.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/1xxx/CVE-2019-1771.json
View File

@ -72,6 +72,11 @@
"name": "20190515 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player"
},
{
"refsource": "BID",
"name": "108373",
"url": "http://www.securityfocus.com/bid/108373"
}
]
},

5
2019/1xxx/CVE-2019-1772.json
View File

@ -72,6 +72,11 @@
"name": "20190515 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player"
},
{
"refsource": "BID",
"name": "108373",
"url": "http://www.securityfocus.com/bid/108373"
}
]
},

5
2019/1xxx/CVE-2019-1773.json
View File

@ -72,6 +72,11 @@
"name": "20190515 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player"
},
{
"refsource": "BID",
"name": "108373",
"url": "http://www.securityfocus.com/bid/108373"
}
]
},

5
2019/1xxx/CVE-2019-1774.json
View File

@ -72,6 +72,11 @@
"name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775"
},
{
"refsource": "BID",
"name": "108371",
"url": "http://www.securityfocus.com/bid/108371"
}
]
},

5
2019/1xxx/CVE-2019-1775.json
View File

@ -72,6 +72,11 @@
"name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775"
},
{
"refsource": "BID",
"name": "108371",
"url": "http://www.securityfocus.com/bid/108371"
}
]
},

53
2019/7xxx/CVE-2019-7353.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7353",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"url": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/"
}
]
}