admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-04 18:01:03 +00:00
parent fe445fb215
commit 61a351183c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 972 additions and 576 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/0xxx/CVE-2019-0136.json
View File

@ -93,6 +93,11 @@
"refsource": "UBUNTU",
"name": "USN-4145-1",
"url": "https://usn.ubuntu.com/4145-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
},

5
2019/10xxx/CVE-2019-10433.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
}
]
}

10
2019/11xxx/CVE-2019-11709.json
View File

@ -121,6 +121,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11710.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11711.json
View File

@ -121,6 +121,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11712.json
View File

@ -121,6 +121,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11713.json
View File

@ -121,6 +121,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11714.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11715.json
View File

@ -121,6 +121,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11716.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11717.json
View File

@ -121,6 +121,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11719.json
View File

@ -116,6 +116,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11720.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11721.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11723.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11724.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11725.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11727.json
View File

@ -64,6 +64,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11728.json
View File

@ -59,6 +59,16 @@
"refsource": "GENTOO",
"name": "GLSA-201908-12",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11729.json
View File

@ -116,6 +116,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11730.json
View File

@ -121,6 +121,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1990",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11739.json
View File

@ -63,6 +63,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11740.json
View File

@ -104,6 +104,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11742.json
View File

@ -104,6 +104,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11743.json
View File

@ -109,6 +109,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11744.json
View File

@ -104,6 +104,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11746.json
View File

@ -104,6 +104,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11752.json
View File

@ -104,6 +104,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

10
2019/11xxx/CVE-2019-11755.json
View File

@ -54,6 +54,16 @@
"refsource": "CONFIRM",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-32/",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-32/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2248",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2249",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
}
]
},

132
2019/13xxx/CVE-2019-13315.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8656."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-632/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-632/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-632/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

132
2019/13xxx/CVE-2019-13316.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "RockStar",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8757."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "RockStar",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-633/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-633/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-633/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

132
2019/13xxx/CVE-2019-13317.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "RockStar",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8759."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "RockStar",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-634/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-634/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-634/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

132
2019/13xxx/CVE-2019-13318.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "banananapenguin",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8544."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134: Use of Externally-Controlled Format String"
}
},
"credit": "banananapenguin",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-635/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134: Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-635/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-635/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
}
}
}

132
2019/13xxx/CVE-2019-13319.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "huyna of Viettel Cyber Security",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "huyna of Viettel Cyber Security",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-636/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-636/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-636/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

132
2019/13xxx/CVE-2019-13320.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8814."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-637/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-637/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-637/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

5
2019/13xxx/CVE-2019-13631.json
View File

@ -141,6 +141,11 @@
"refsource": "UBUNTU",
"name": "USN-4145-1",
"url": "https://usn.ubuntu.com/4145-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15090.json
View File

@ -91,6 +91,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2181",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15117.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15118.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15211.json
View File

@ -116,6 +116,11 @@
"refsource": "UBUNTU",
"name": "USN-4145-1",
"url": "https://usn.ubuntu.com/4145-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15212.json
View File

@ -111,6 +111,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15215.json
View File

@ -116,6 +116,11 @@
"refsource": "UBUNTU",
"name": "USN-4145-1",
"url": "https://usn.ubuntu.com/4145-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15217.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2181",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15218.json
View File

@ -131,6 +131,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15220.json
View File

@ -111,6 +111,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15221.json
View File

@ -111,6 +111,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15223.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15538.json
View File

@ -111,6 +111,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15925.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

5
2019/15xxx/CVE-2019-15926.json
View File

@ -101,6 +101,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
}

132
2019/6xxx/CVE-2019-6774.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.4.1.16828"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.4.1.16828"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8295."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8295."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-629/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-629/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-629/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

132
2019/6xxx/CVE-2019-6775.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "banananapenguin",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8491."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "banananapenguin",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8491."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-630/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-630/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-630/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

132
2019/6xxx/CVE-2019-6776.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.5.0.20723"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "Mat Powell of Trend Micro Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8801."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "Mat Powell of Trend Micro Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8801."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-631/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-631/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-631/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

5
2019/9xxx/CVE-2019-9506.json
View File

@ -152,6 +152,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4147-1",
"url": "https://usn.ubuntu.com/4147-1/"
}
]
},