From 99562d2e50e2cb39421f324458a985f5663180dd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 9 Dec 2019 17:01:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14251.json | 62 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19133.json | 5 +++ 2019/19xxx/CVE-2019-19681.json | 18 ++++++++++ 2019/19xxx/CVE-2019-19682.json | 62 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19683.json | 62 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19684.json | 62 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19685.json | 62 ++++++++++++++++++++++++++++++++++ 7 files changed, 333 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14251.json create mode 100644 2019/19xxx/CVE-2019-19681.json create mode 100644 2019/19xxx/CVE-2019-19682.json create mode 100644 2019/19xxx/CVE-2019-19683.json create mode 100644 2019/19xxx/CVE-2019-19684.json create mode 100644 2019/19xxx/CVE-2019-19685.json diff --git a/2019/14xxx/CVE-2019-14251.json b/2019/14xxx/CVE-2019-14251.json new file mode 100644 index 00000000000..24bb1852779 --- /dev/null +++ b/2019/14xxx/CVE-2019-14251.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt", + "url": "https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19133.json b/2019/19xxx/CVE-2019-19133.json index 6edcdce5be3..a213e649bb7 100644 --- a/2019/19xxx/CVE-2019-19133.json +++ b/2019/19xxx/CVE-2019-19133.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20191203 Reflected XSS in CSS Hero (v.4.0.3)", + "url": "http://seclists.org/fulldisclosure/2019/Dec/6" + }, { "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2019/Dec/6", diff --git a/2019/19xxx/CVE-2019-19681.json b/2019/19xxx/CVE-2019-19681.json new file mode 100644 index 00000000000..3f234d5f16e --- /dev/null +++ b/2019/19xxx/CVE-2019-19681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19682.json b/2019/19xxx/CVE-2019-19682.json new file mode 100644 index 00000000000..61060febbd2 --- /dev/null +++ b/2019/19xxx/CVE-2019-19682.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \\Presentation\\Nop.Web\\Areas\\Admin\\Controllers\\NewsController.cs and \\Presentation\\Nop.Web\\Areas\\Admin\\Controllers\\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a \"feature\" because the affected components are an HTML content editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Cross-Site-Scripting", + "refsource": "MISC", + "name": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Cross-Site-Scripting" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19683.json b/2019/19xxx/CVE-2019-19683.json new file mode 100644 index 00000000000..f8dff7f941f --- /dev/null +++ b/2019/19xxx/CVE-2019-19683.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Privilege%20Escalation%20via%20Path%20Traversal", + "refsource": "MISC", + "name": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Privilege%20Escalation%20via%20Path%20Traversal" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19684.json b/2019/19xxx/CVE-2019-19684.json new file mode 100644 index 00000000000..929175a334c --- /dev/null +++ b/2019/19xxx/CVE-2019-19684.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Privilege%20Escalation%20via%20Plugin%20Upload", + "refsource": "MISC", + "name": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Privilege%20Escalation%20via%20Plugin%20Upload" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19685.json b/2019/19xxx/CVE-2019-19685.json new file mode 100644 index 00000000000..df25fea16c5 --- /dev/null +++ b/2019/19xxx/CVE-2019-19685.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Cross-Site-Request-Forgery", + "refsource": "MISC", + "name": "https://github.com/klezVirus/cves/tree/master/NopCommerce/Cross-Site-Request-Forgery" + } + ] + } +} \ No newline at end of file