admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-07 12:01:07 +00:00
parent 69576147ec
commit 8c6082cc01
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
17 changed files with 575 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2018/18xxx/CVE-2018-18379.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18379",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.contextis.com/resources/advisories",
"refsource": "MISC",
"name": "https://www.contextis.com/resources/advisories"
},
{
"url": "https://elementor.com/blog/",
"refsource": "MISC",
"name": "https://elementor.com/blog/"
},
{
"refsource": "MISC",
"name": "https://www.contextis.com/en/resources/advisories/cve-2018-18379",
"url": "https://www.contextis.com/en/resources/advisories/cve-2018-18379"
}
]
}

5
2019/10xxx/CVE-2019-10181.json
View File

@ -68,6 +68,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190909 [SECURITY] [DLA 1914-1] icedtea-web security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE",
"url": "https://seclists.org/bugtraq/2019/Oct/5"
}
]
},

5
2019/10xxx/CVE-2019-10182.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190909 [SECURITY] [DLA 1914-1] icedtea-web security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE",
"url": "https://seclists.org/bugtraq/2019/Oct/5"
}
]
},

5
2019/10xxx/CVE-2019-10185.json
View File

@ -68,6 +68,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190909 [SECURITY] [DLA 1914-1] icedtea-web security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE",
"url": "https://seclists.org/bugtraq/2019/Oct/5"
}
]
},

5
2019/12xxx/CVE-2019-12384.json
View File

@ -186,6 +186,11 @@
"refsource": "DEBIAN",
"name": "DSA-4542",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
}
]
}

5
2019/14xxx/CVE-2019-14439.json
View File

@ -141,6 +141,11 @@
"refsource": "DEBIAN",
"name": "DSA-4542",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
}
]
}

5
2019/14xxx/CVE-2019-14540.json
View File

@ -116,6 +116,11 @@
"refsource": "DEBIAN",
"name": "DSA-4542",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
}
]
}

67
2019/15xxx/CVE-2019-15746.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sitos.at/sitossix/",
"refsource": "MISC",
"name": "https://www.sitos.at/sitossix/"
},
{
"refsource": "MISC",
"name": "https://www.contextis.com/en/resources/advisories/cve-2019-15746",
"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15746"
}
]
}
}

67
2019/15xxx/CVE-2019-15747.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sitos.at/sitossix/",
"refsource": "MISC",
"name": "https://www.sitos.at/sitossix/"
},
{
"refsource": "MISC",
"name": "https://www.contextis.com/en/resources/advisories/cve-2019-15747",
"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15747"
}
]
}
}

67
2019/15xxx/CVE-2019-15748.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sitos.at/sitossix/",
"refsource": "MISC",
"name": "https://www.sitos.at/sitossix/"
},
{
"refsource": "MISC",
"name": "https://www.contextis.com/en/resources/advisories/cve-2019-15748",
"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15748"
}
]
}
}

67
2019/15xxx/CVE-2019-15749.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sitos.at/sitossix/",
"refsource": "MISC",
"name": "https://www.sitos.at/sitossix/"
},
{
"refsource": "MISC",
"name": "https://www.contextis.com/en/resources/advisories/cve-2019-15749",
"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15749"
}
]
}
}

67
2019/15xxx/CVE-2019-15750.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sitos.at/sitossix/",
"refsource": "MISC",
"name": "https://www.sitos.at/sitossix/"
},
{
"refsource": "MISC",
"name": "https://www.contextis.com/en/resources/advisories/cve-2019-15750",
"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15750"
}
]
}
}

67
2019/15xxx/CVE-2019-15751.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sitos.at/sitossix/",
"refsource": "MISC",
"name": "https://www.sitos.at/sitossix/"
},
{
"refsource": "MISC",
"name": "https://www.contextis.com/en/resources/advisories/cve-2019-15751",
"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15751"
}
]
}
}

72
2019/16xxx/CVE-2019-16263.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/twitter-archive/twitter-kit-ios/blob/ac42e1351a66afa5ff7718d04d64a905dafe1f41/TwitterCore/TwitterCore/Networking/Security/TWTRServerTrustEvaluator.m#L75-L81",
"refsource": "MISC",
"name": "https://github.com/twitter-archive/twitter-kit-ios/blob/ac42e1351a66afa5ff7718d04d64a905dafe1f41/TwitterCore/TwitterCore/Networking/Security/TWTRServerTrustEvaluator.m#L75-L81"
},
{
"refsource": "MISC",
"name": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_TwitterKit_for_iOS_CVE-2019-16263.pdf",
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_TwitterKit_for_iOS_CVE-2019-16263.pdf"
},
{
"refsource": "MISC",
"name": "https://blog.appicaptor.com/2019/10/04/vulnerable-library-warning-twitterkit-for-ios/",
"url": "https://blog.appicaptor.com/2019/10/04/vulnerable-library-warning-twitterkit-for-ios/"
}
]
}
}

5
2019/16xxx/CVE-2019-16335.json
View File

@ -101,6 +101,11 @@
"refsource": "DEBIAN",
"name": "DSA-4542",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
}
]
}

5
2019/16xxx/CVE-2019-16942.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-4542",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
}
]
}

5
2019/16xxx/CVE-2019-16943.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-4542",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
}
]
}