admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-28 19:00:53 +00:00
parent e1bcd7deba
commit 6e155503ff
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/12xxx/CVE-2019-12817.json
View File

@ -76,6 +76,11 @@
"refsource": "BID",
"name": "108884",
"url": "http://www.securityfocus.com/bid/108884"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-6817686c4d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSKLL2374YGFQR6LSVCFGTTCRGBTLAWZ/"
}
]
}

2
2019/9xxx/CVE-2019-9212.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget."
"value": "** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn\u2019t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated."
}
]
},