admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-03 19:00:54 +00:00
parent 8b79aab923
commit 9b4103357c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 2834 additions and 2303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2017/14xxx/CVE-2017-14728.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14728", "ID": "CVE-2017-14728",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.orpak.com/allproducts/siteomat-station-controller-sw/",
"refsource": "MISC",
"name": "http://www.orpak.com/allproducts/siteomat-station-controller-sw/"
},
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"
},
{
"refsource": "BID",
"name": "108167",
"url": "http://www.securityfocus.com/bid/108167"
} }
] ]
} }

58
2017/14xxx/CVE-2017-14850.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14850", "ID": "CVE-2017-14850",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.orpak.com",
"refsource": "MISC",
"name": "https://www.orpak.com"
},
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"
},
{
"refsource": "BID",
"name": "108167",
"url": "http://www.securityfocus.com/bid/108167"
} }
] ]
} }

58
2017/14xxx/CVE-2017-14851.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14851", "ID": "CVE-2017-14851",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.orpak.com",
"refsource": "MISC",
"name": "https://www.orpak.com"
},
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"
},
{
"refsource": "BID",
"name": "108167",
"url": "http://www.securityfocus.com/bid/108167"
} }
] ]
} }

58
2017/14xxx/CVE-2017-14852.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14852", "ID": "CVE-2017-14852",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.orpak.com",
"refsource": "MISC",
"name": "http://www.orpak.com"
},
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"
},
{
"refsource": "BID",
"name": "108167",
"url": "http://www.securityfocus.com/bid/108167"
} }
] ]
} }

58
2017/14xxx/CVE-2017-14853.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14853", "ID": "CVE-2017-14853",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.orpak.com",
"refsource": "MISC",
"name": "https://www.orpak.com"
},
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"
},
{
"refsource": "BID",
"name": "108167",
"url": "http://www.securityfocus.com/bid/108167"
} }
] ]
} }

5
2018/18xxx/CVE-2018-18356.json
View File

@ -132,6 +132,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:1162", "name": "openSUSE-SU-2019:1162",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1144",
"url": "https://access.redhat.com/errata/RHSA-2019:1144"
} }
] ]
} }

5
2018/18xxx/CVE-2018-18509.json
View File

@ -32,6 +32,11 @@
"name": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html", "name": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html",
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html" "url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
}, },
{
"refsource": "REDHAT",
"name": "RHSA-2019:1144",
"url": "https://access.redhat.com/errata/RHSA-2019:1144"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/RUB-NDS/Johnny-You-Are-Fired", "name": "https://github.com/RUB-NDS/Johnny-You-Are-Fired",

7
2018/5xxx/CVE-2018-5404.json
View File

@ -1,9 +1,8 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "CERT@CERT.ORG", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5404", "ID": "CVE-2018-5404",
"STATE": "PUBLIC" "STATE": "PUBLIC",
,
"TITLE": "The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections." "TITLE": "The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections."
}, },
"affects": { "affects": {
@ -44,7 +43,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. \nAn authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data. " "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data."
} }
] ]
}, },

4
2018/5xxx/CVE-2018-5405.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "CERT@CERT.ORG", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5405", "ID": "CVE-2018-5405",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "The Quest Kace K1000 Appliance is vulnerable to JavaScript injection." "TITLE": "The Quest Kace K1000 Appliance is vulnerable to JavaScript injection."
@ -43,7 +43,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user.\nAn authenticated user with 'user console only' rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator." "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user. An authenticated user with 'user console only' rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator."
} }
] ]
}, },

4
2018/5xxx/CVE-2018-5406.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "CERT@CERT.ORG", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5406", "ID": "CVE-2018-5406",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism." "TITLE": "The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism."
@ -43,7 +43,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliances settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliances settings. \nAn unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings.\n" "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance\u2019s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance\u2019s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings."
} }
] ]
}, },

7
2019/10xxx/CVE-2019-10144.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10144", "ID": "CVE-2019-10144",
"ASSIGNER": "sfowler@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -44,7 +45,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/",
"refsource": "MISC",
"name": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/"
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10144", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10144",

7
2019/10xxx/CVE-2019-10145.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10145", "ID": "CVE-2019-10145",
"ASSIGNER": "sfowler@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -49,7 +50,9 @@
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/",
"refsource": "MISC",
"name": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/"
} }
] ]
}, },

11
2019/10xxx/CVE-2019-10147.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10147", "ID": "CVE-2019-10147",
"ASSIGNER": "sfowler@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -43,13 +44,15 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/",
"refsource": "MISC",
"name": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/"
},
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10147",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10147", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10147",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/"
} }
] ]
}, },

67
2019/12xxx/CVE-2019-12310.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-12310",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-12310",
"STATE": "PUBLIC"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exagrid.com/exagrid-products/resources/",
"refsource": "MISC",
"name": "https://exagrid.com/exagrid-products/resources/"
},
{
"refsource": "MISC",
"name": "https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/",
"url": "https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/"
} }
] ]
} }

7
2019/3xxx/CVE-2019-3846.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3846", "ID": "CVE-2019-3846",
"ASSIGNER": "mrehak@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -44,7 +45,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://seclists.org/oss-sec/2019/q2/133" "url": "https://seclists.org/oss-sec/2019/q2/133",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2019/q2/133"
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846",

3
2019/3xxx/CVE-2019-3895.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3895", "ID": "CVE-2019-3895",
"ASSIGNER": "mrehak@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {

6
2019/6xxx/CVE-2019-6736.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7234." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7234."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/"
} }
] ]
}, },

6
2019/6xxx/CVE-2019-6737.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process.\n Was ZDI-CAN-7247." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/"
} }
] ]
}, },

6
2019/6xxx/CVE-2019-6738.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of TIScript. When processing the launch method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process.\n Was ZDI-CAN-7250." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. When processing the launch method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7250."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/"
} }
] ]
}, },

6
2019/6xxx/CVE-2019-6739.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.\n\nThere is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity.\n Was ZDI-CAN-7162." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-223/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-223/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-223/"
} }
] ]
}, },

6
2019/6xxx/CVE-2019-6740.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7472." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/"
} }
] ]
}, },

6
2019/6xxx/CVE-2019-6741.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network.\n\nThe specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7476." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-254/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-254/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-254/"
} }
] ]
}, },

6
2019/6xxx/CVE-2019-6742.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7477." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-255/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-255/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-255/"
} }
] ]
}, },

6
2019/6xxx/CVE-2019-6743.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7466." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466."
} }
] ]
}, },
@ -54,7 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6746.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-7634." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7634."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-370/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-370/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-370/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6747.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7636." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7636."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-371/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-371/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-371/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6748.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7637." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7637."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-372/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-372/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-372/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6749.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZIX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7638." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZIX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7638."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-373/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-373/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-373/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6750.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7639." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-374/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-374/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-374/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6751.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7632." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7632."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-375/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-375/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-375/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6752.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-426/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-426/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-426/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6753.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-7561." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7561."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-427/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-427/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-427/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6754.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7407." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7407."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-428/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-428/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-428/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6755.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-429/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-429/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-429/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6756.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-430/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-430/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-430/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6757.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-431/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-431/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-431/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6758.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-432/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-432/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-432/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6759.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7614." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7614."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-433/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-433/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-433/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6760.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-434/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-434/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-434/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6761.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7777." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7777."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-435/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-435/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-435/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6762.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7844." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7844."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-436/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-436/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-436/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6763.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7874." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7874."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-437/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-437/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-437/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6764.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7972." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7972."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-438/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-438/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-438/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6765.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8170." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8170."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-439/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-439/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-439/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6766.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8162." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8162."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-440/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-440/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-440/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6767.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8163." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8163."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-441/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-441/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-441/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6768.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8164." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8164."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-442/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-442/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-442/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6769.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8165." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8165."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-443/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-443/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-443/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6770.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the resetForm method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8229." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8229."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-444/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-444/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-444/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6771.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the value property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8230." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the value property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8230."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-445/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-445/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-445/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6772.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8231." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8231."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-446/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-446/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-446/"
} }
] ]
}, },

10
2019/6xxx/CVE-2019-6773.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the richValue property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8272." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8272."
} }
] ]
}, },
@ -54,10 +54,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-447/" "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"url": "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-447/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-447/"
} }
] ]
}, },

62
2019/9xxx/CVE-2019-9753.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9753", "ID": "CVE-2019-9753",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +34,43 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"url": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework",
"refsource": "MISC",
"name": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
}
} }

10
2019/9xxx/CVE-2019-9882.json
View File

@ -107,12 +107,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002" "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002",
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002"
}, },
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "http://surl.twcert.org.tw/MtWeJ" "url": "http://surl.twcert.org.tw/MtWeJ",
"name": "http://surl.twcert.org.tw/MtWeJ"
} }
] ]
}, },

10
2019/9xxx/CVE-2019-9883.json
View File

@ -107,12 +107,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003" "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003",
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003"
}, },
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "http://surl.twcert.org.tw/mChNi" "url": "http://surl.twcert.org.tw/mChNi",
"name": "http://surl.twcert.org.tw/mChNi"
} }
] ]
}, },