admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-12 16:00:47 +00:00
parent 43609d0980
commit a1c0f8416d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 315 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2019/10xxx/CVE-2019-10971.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Network Configurator for DeviceNet Safety",
"version": {
"version_data": [
{
"version_value": "3.41 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNTRUSTED SEARCH PATH CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories."
}
]
}

5
2019/12xxx/CVE-2019-12765.json
View File

@ -56,6 +56,11 @@
"url": "https://developer.joomla.org/security-centre/783-20190601-core-csv-injection-in-com-actionlogs",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/783-20190601-core-csv-injection-in-com-actionlogs"
},
{
"refsource": "BID",
"name": "108736",
"url": "http://www.securityfocus.com/bid/108736"
}
]
}

58
2019/5xxx/CVE-2019-5442.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5442",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5442",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pippo",
"version": {
"version_data": [
{
"version_value": "1.12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML Entity Expansion (CWE-776)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/506791",
"url": "https://hackerone.com/reports/506791"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system."
}
]
}

62
2019/7xxx/CVE-2019-7838.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7838",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions"
}
]
},
"product_name": "ColdFusion"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File extension blacklist bypass"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-7838",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/7xxx/CVE-2019-7839.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7839",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions"
}
]
},
"product_name": "ColdFusion"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-7839",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/7xxx/CVE-2019-7840.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7840",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions"
}
]
},
"product_name": "ColdFusion"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of untrusted data"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-7840",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/7xxx/CVE-2019-7845.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7845",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 \u202fand earlier versions"
}
]
},
"product_name": "Adobe Flash Player"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-7845",
"ASSIGNER": "psirt@adobe.com"
}
}