admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-25 20:01:00 +00:00
parent 600368b811
commit 657e8c450a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 282 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2010/5xxx/CVE-2010-5332.json
View File

@ -66,6 +66,11 @@
"url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource": "MISC",
"name": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K04146019",
"url": "https://support.f5.com/csp/article/K04146019"
}
]
}

67
2019/14xxx/CVE-2019-14666.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tarlogic.com/advisories/Tarlogic-2019-GPLI-Account-Takeover.txt",
"url": "https://www.tarlogic.com/advisories/Tarlogic-2019-GPLI-Account-Takeover.txt"
},
{
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q"
}
]
}
}

5
2019/14xxx/CVE-2019-14783.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20190925 [CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android FotaAgent Component",
"url": "http://seclists.org/fulldisclosure/2019/Sep/33"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154615/Samsung-Mobile-Android-FotaAgent-Arbitrary-File-Creation.html",
"url": "http://packetstormsecurity.com/files/154615/Samsung-Mobile-Android-FotaAgent-Arbitrary-File-Creation.html"
}
]
}

5
2019/15xxx/CVE-2019-15000.json
View File

@ -108,6 +108,11 @@
"refsource": "BUGTRAQ",
"name": "20190925 Bitbucket Server security advisory 2019-09-18",
"url": "https://seclists.org/bugtraq/2019/Sep/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
"url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
}
]
}

5
2019/15xxx/CVE-2019-15001.json
View File

@ -102,6 +102,11 @@
"refsource": "BUGTRAQ",
"name": "20190925 Jira Security Advisory - 2019-09-18 - CVE-2019-15001",
"url": "https://seclists.org/bugtraq/2019/Sep/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html",
"url": "http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html"
}
]
}

67
2019/15xxx/CVE-2019-15941.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1881",
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1881"
},
{
"refsource": "MISC",
"name": "https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-6-is-out/",
"url": "https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-6-is-out/"
}
]
}
}

72
2019/16xxx/CVE-2019-16889.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/",
"refsource": "MISC",
"name": "https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/"
},
{
"url": "https://hackerone.com/reports/406614",
"refsource": "MISC",
"name": "https://hackerone.com/reports/406614"
},
{
"url": "https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643",
"refsource": "MISC",
"name": "https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643"
}
]
}
}

5
2019/5xxx/CVE-2019-5485.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://hackerone.com/reports/685447",
"url": "https://hackerone.com/reports/685447"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html"
}
]
},

58
2019/6xxx/CVE-2019-6656.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6656",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6656",
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP APM Edge Client",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, 11.5.1-11.6.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K23876153",
"url": "https://support.f5.com/csp/article/K23876153"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix."
}
]
}