admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-19 15:00:53 +00:00
parent b9efc28bec
commit 6605c89205
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 838 additions and 337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2019/1010xxx/CVE-2019-1010245.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010245", "ID": "CVE-2019-1010245",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "ONOS SDN Controller",
"version": {
"version_data": [
{
"version_value": "1.15 and earlier versions [fixed: 1.15]"
}
]
}
}
]
},
"vendor_name": "The Linux Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv"
},
{
"url": "https://gerrit.onosproject.org/#/c/20767/",
"refsource": "MISC",
"name": "https://gerrit.onosproject.org/#/c/20767/"
} }
] ]
} }

72
2019/1010xxx/CVE-2019-1010247.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010247", "ID": "CVE-2019-1010247",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "mod_auth_openidc",
"version": {
"version_data": [
{
"version_value": "2.3.10.1 and earlier [fixed: 2.3.10.2]"
}
]
}
}
]
},
"vendor_name": "ZmartZone IAM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2",
"refsource": "MISC",
"name": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2"
},
{
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b",
"refsource": "MISC",
"name": "https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b"
},
{
"url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt",
"refsource": "MISC",
"name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt"
} }
] ]
} }

67
2019/13xxx/CVE-2019-13979.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/directus/api/issues/979",
"refsource": "MISC",
"name": "https://github.com/directus/api/issues/979"
},
{
"url": "https://github.com/directus/api/projects/42",
"refsource": "MISC",
"name": "https://github.com/directus/api/projects/42"
}
]
}
}

62
2019/13xxx/CVE-2019-13980.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/directus/api/issues/979",
"refsource": "MISC",
"name": "https://github.com/directus/api/issues/979"
}
]
}
}

67
2019/13xxx/CVE-2019-13981.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/directus/api/issues/987",
"refsource": "MISC",
"name": "https://github.com/directus/api/issues/987"
},
{
"url": "https://github.com/directus/api/issues/986",
"refsource": "MISC",
"name": "https://github.com/directus/api/issues/986"
}
]
}
}

62
2019/13xxx/CVE-2019-13982.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/directus/app/commit/f010b49eef1526fe0882078bb4a07688e8cc92c1",
"refsource": "MISC",
"name": "https://github.com/directus/app/commit/f010b49eef1526fe0882078bb4a07688e8cc92c1"
}
]
}
}

67
2019/13xxx/CVE-2019-13983.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/directus/api/issues/991",
"refsource": "MISC",
"name": "https://github.com/directus/api/issues/991"
},
{
"url": "https://github.com/directus/api/projects/43",
"refsource": "MISC",
"name": "https://github.com/directus/api/projects/43"
}
]
}
}

67
2019/13xxx/CVE-2019-13984.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/directus/api/issues/981",
"refsource": "MISC",
"name": "https://github.com/directus/api/issues/981"
},
{
"url": "https://github.com/directus/api/projects/44",
"refsource": "MISC",
"name": "https://github.com/directus/api/projects/44"
}
]
}
}

6
2019/1xxx/CVE-2019-1068.json
View File

@ -136,7 +136,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka \u0027Microsoft SQL Server Remote Code Execution Vulnerability\u0027." "value": "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'."
} }
] ]
}, },
@ -155,7 +155,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068"
} }
] ]
} }

6
2019/1xxx/CVE-2019-1082.json
View File

@ -92,7 +92,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1074." "value": "An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1074."
} }
] ]
}, },
@ -111,7 +111,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082"
} }
] ]
} }

6
2019/1xxx/CVE-2019-1167.json
View File

@ -37,7 +37,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka \u0027Windows Defender Application Control Security Feature Bypass Vulnerability\u0027." "value": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'."
} }
] ]
}, },
@ -56,7 +56,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167"
} }
] ]
} }