From 8dd4df954acd51b47ff486534d3652165f3ca35b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 22 Jul 2019 15:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/1010xxx/CVE-2019-1010234.json | 56 ++++++++++++++++++++++--- 2019/1010xxx/CVE-2019-1010235.json | 56 ++++++++++++++++++++++--- 2019/1010xxx/CVE-2019-1010237.json | 66 +++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9959.json | 56 ++++++++++++++++++++++--- 4 files changed, 210 insertions(+), 24 deletions(-) diff --git a/2019/1010xxx/CVE-2019-1010234.json b/2019/1010xxx/CVE-2019-1010234.json index b9253945d1d..3a2fb484c87 100644 --- a/2019/1010xxx/CVE-2019-1010234.json +++ b/2019/1010xxx/CVE-2019-1010234.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010234", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ONOS", + "version": { + "version_data": [ + { + "version_value": "1.15.0 and ealier" + } + ] + } + } + ] + }, + "vendor_name": "The Linux Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv/view?usp=sharing" } ] } diff --git a/2019/1010xxx/CVE-2019-1010235.json b/2019/1010xxx/CVE-2019-1010235.json index 1ad52087032..b3fa4e50d08 100644 --- a/2019/1010xxx/CVE-2019-1010235.json +++ b/2019/1010xxx/CVE-2019-1010235.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Frog CMS", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Frog CMS" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://somerandomshitwbu.blogspot.com/2019/01/stored-xss-in-frog-cms-open-source.html", + "refsource": "MISC", + "name": "https://somerandomshitwbu.blogspot.com/2019/01/stored-xss-in-frog-cms-open-source.html" } ] } diff --git a/2019/1010xxx/CVE-2019-1010237.json b/2019/1010xxx/CVE-2019-1010237.json index a25f85ea396..04c4dc856bb 100644 --- a/2019/1010xxx/CVE-2019-1010237.json +++ b/2019/1010xxx/CVE-2019-1010237.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ilias", + "version": { + "version_data": [ + { + "version_value": "5.3 before 5.3.12 and 5.2 before 5.2.21 [fixed: 5.3.12]" + } + ] + } + } + ] + }, + "vendor_name": "Ilias" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825", + "refsource": "MISC", + "name": "https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825" + }, + { + "url": "https://docu.ilias.de/goto_docu_pg_116867_35.html", + "refsource": "MISC", + "name": "https://docu.ilias.de/goto_docu_pg_116867_35.html" + }, + { + "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5", + "refsource": "MISC", + "name": "https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5" } ] } diff --git a/2019/9xxx/CVE-2019-9959.json b/2019/9xxx/CVE-2019-9959.json index d3ebe93cd12..01da1f5de63 100644 --- a/2019/9xxx/CVE-2019-9959.json +++ b/2019/9xxx/CVE-2019-9959.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9959", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9959", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS", + "url": "https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS" } ] }