diff --git a/2019/5xxx/CVE-2019-5917.json b/2019/5xxx/CVE-2019-5917.json index 574147feda6..70e609173cb 100644 --- a/2019/5xxx/CVE-2019-5917.json +++ b/2019/5xxx/CVE-2019-5917.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5917", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "azure-umqtt-c", + "version": { + "version_data": [ + { + "version_value": "azure-umqtt-c that was available through GitHub prior to 2017 October 6." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Azure/azure-umqtt-c" + }, + { + "url": "http://jvn.jp/en/jp/JVN05875753/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "azure-umqtt-c (available through GitHub prior to 2017 October 6) allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + } } diff --git a/2019/5xxx/CVE-2019-5918.json b/2019/5xxx/CVE-2019-5918.json index c8ca42d8175..8d39cb20592 100644 --- a/2019/5xxx/CVE-2019-5918.json +++ b/2019/5xxx/CVE-2019-5918.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5918", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TIS Inc.", + "product": { + "product_data": [ + { + "product_name": "Nablarch 5", + "version": { + "version_data": [ + { + "version_value": "Nablarch 5, and 5u1 to 5u13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML external entities (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295" + }, + { + "url": "http://jvn.jp/en/jp/JVN56542712/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors." + } + ] + } } diff --git a/2019/5xxx/CVE-2019-5919.json b/2019/5xxx/CVE-2019-5919.json index 22dd01677d1..ef3a2874387 100644 --- a/2019/5xxx/CVE-2019-5919.json +++ b/2019/5xxx/CVE-2019-5919.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5919", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TIS Inc.", + "product": { + "product_data": [ + { + "product_name": "Nablarch 5", + "version": { + "version_data": [ + { + "version_value": "Nablarch 5, and 5u1 to 5u13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An incomplete cryptography" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nablarch.atlassian.net/browse/NAB-313" + }, + { + "url": "http://jvn.jp/en/jp/JVN56542712/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors." + } + ] + } } diff --git a/2019/5xxx/CVE-2019-5920.json b/2019/5xxx/CVE-2019-5920.json index f6e25c74375..70a36078dea 100644 --- a/2019/5xxx/CVE-2019-5920.json +++ b/2019/5xxx/CVE-2019-5920.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5920", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5920", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nCrafts", + "product": { + "product_data": [ + { + "product_name": "FormCraft", + "version": { + "version_data": [ + { + "version_value": "1.2.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/formcraft-form-builder/#developers" + }, + { + "url": "http://jvn.jp/en/jp/JVN83501605/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5921.json b/2019/5xxx/CVE-2019-5921.json index 6355ea4f6b5..579cac72b30 100644 --- a/2019/5xxx/CVE-2019-5921.json +++ b/2019/5xxx/CVE-2019-5921.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5921", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5921", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "url": "http://jvn.jp/en/jp/JVN69181574/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + } } diff --git a/2019/5xxx/CVE-2019-5922.json b/2019/5xxx/CVE-2019-5922.json index 64f5ff77fab..f0f2b6f04aa 100644 --- a/2019/5xxx/CVE-2019-5922.json +++ b/2019/5xxx/CVE-2019-5922.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5922", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "The installer of Microsoft Teams", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "url": "http://jvn.jp/en/jp/JVN79543573/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + } } diff --git a/2019/5xxx/CVE-2019-5923.json b/2019/5xxx/CVE-2019-5923.json index 485cbf46884..5c5327e06f6 100644 --- a/2019/5xxx/CVE-2019-5923.json +++ b/2019/5xxx/CVE-2019-5923.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5923", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "iChain, Inc.", + "product": { + "product_data": [ + { + "product_name": "iChain Insurance Wallet App for iOS", + "version": { + "version_data": [ + { + "version_value": "Version 1.3.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ichain.co.jp/security20190311.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN11622218/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5924.json b/2019/5xxx/CVE-2019-5924.json index d3447d8f5b7..cc8da104be9 100644 --- a/2019/5xxx/CVE-2019-5924.json +++ b/2019/5xxx/CVE-2019-5924.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5924", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5924", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RedNao", + "product": { + "product_data": [ + { + "product_name": "Smart Forms", + "version": { + "version_data": [ + { + "version_value": "2.6.15 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/smart-forms/#developers" + }, + { + "url": "http://jvn.jp/jp/JVN97656108/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5925.json b/2019/5xxx/CVE-2019-5925.json index 06932f28a13..5c1ba3463e7 100644 --- a/2019/5xxx/CVE-2019-5925.json +++ b/2019/5xxx/CVE-2019-5925.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5925", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5925", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Security Roots Ltd", + "product": { + "product_data": [ + { + "product_name": "Dradis Community Edition and Dradis Professional Edition", + "version": { + "version_data": [ + { + "version_value": "Dradis Community Edition v3.11 and earlier, Dradis Professional Edition v3.1.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dradisframework.com/ce/security_reports.html#fixed-3.11.1" + }, + { + "url": "http://jvn.jp/en/jp/JVN40288903/index.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + } }