admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

more cves

Browse Source
This commit is contained in:
Kurt Seifried 2019-01-22 21:22:41 -07:00
parent 4deec033f1
commit a78aee892a
No known key found for this signature in database
GPG Key ID: F15CADC4A00F8174
26 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
2018/1000xxx/CVE-2018-1000998.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://www.kvakil.me/posts/cvsweb/"}]},"description": {"description_data": [{"lang": "eng","value": "FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. might impact other sites on same domain. This attack appear to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.x"}]},"product_name": "CVSweb"}]},"vendor_name": "FreeBSD"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.010071","DATE_REQUESTED": "2018-12-23T22:41:02","ID": "CVE-2018-1000998","ASSIGNER": "kurt@seifried.org","REQUESTER": "kvakil@berkeley.edu"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}}

1
2018/1000xxx/CVE-2018-1000999.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/rapid7/metasploit-framework/pull/11148"}]},"description": {"description_data": [{"lang": "eng","value": "Fastnet SA MailCleaner version 2018092601 contains a Command Injection (CWE-78) vulnerability in /admin/managetracing/search/search that can result in Authenticated web application user can run commands on the underlying web server as root. This attack appear to be exploitable via Post-authentication access to the web server."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2018092601"}]},"product_name": "MailCleaner"}]},"vendor_name": "Fastnet SA"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.010936","DATE_REQUESTED": "2018-12-20T18:12:12","ID": "CVE-2018-1000999","ASSIGNER": "kurt@seifried.org","REQUESTER": "cve@rapid7.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Command Injection (CWE-78)"}]}]}}

1
2019/1000xxx/CVE-2019-1000001.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495"}]},"description": {"description_data": [{"lang": "eng","value": "TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in All shared password are recoverable server side. . This attack appear to be exploitable via Any vulnerability that can bypass authentication or role assignement can leads to shared password leakage.."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.1.27 and earlier"}]},"product_name": "TeamPass"}]},"vendor_name": "TeamPass"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.011679","DATE_REQUESTED": "2019-01-03T07:58:53","ID": "CVE-2019-1000001","ASSIGNER": "kurt@seifried.org","REQUESTER": "fx.du.moutier@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Storing Passwords in a Recoverable Format"}]}]}}

1
2019/1000xxx/CVE-2019-1000002.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/go-gitea/gitea/pull/5631"}]},"description": {"description_data": [{"lang": "eng","value": "Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in The attacker may delete files outside the repository he's access to.. This attack appear to be exploitable via The attacker must get write access to \"any\" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.6.2 and earlier"}]},"product_name": "Gitea"}]},"vendor_name": "Gitea"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.012372","DATE_REQUESTED": "2019-01-04T16:38:55","ID": "CVE-2019-1000002","ASSIGNER": "kurt@seifried.org","REQUESTER": "info@jonasfranz.de"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}}

1
2019/1000xxx/CVE-2019-1000003.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://advisories.dxw.com/advisories/csrf-mapsvg-lite/"}]},"description": {"description_data": [{"lang": "eng","value": "MapSVG MapSVG Lite version 3.2.3 contains a Cross ite Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in An attacker can modify post data, including embedding javascript. This attack appear to be exploitable via The victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.2.3"}]},"product_name": "MapSVG Lite"}]},"vendor_name": "MapSVG"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.013025","DATE_REQUESTED": "2019-01-08T10:09:12","ID": "CVE-2019-1000003","ASSIGNER": "kurt@seifried.org","REQUESTER": "rob@dxw.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross ite Request Forgery (CSRF)"}]}]}}

1
2019/1000xxx/CVE-2019-1000004.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/yugandhargangu/JspMyAdmin2/issues/22"}]},"description": {"description_data": [{"lang": "eng","value": "yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't proper sanitized and allow code injection (Cross-Site Scripting).. This attack appear to be exploitable via The payload needs to be stored in the database and the victim must see the db value in question.."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.0.6 and earlier"}]},"product_name": "JspMyAdmin2"}]},"vendor_name": "yugandhargangu"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.013704","DATE_REQUESTED": "2019-01-08T16:47:11","ID": "CVE-2019-1000004","ASSIGNER": "kurt@seifried.org","REQUESTER": "davidepaalte@hotmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}}

1
2019/1000xxx/CVE-2019-1000005.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/mpdf/mpdf/issues/949"}]},"description": {"description_data": [{"lang": "eng","value": "mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class https://github.com/mpdf/mpdf/blob/development/src/Image/ImageProcessor.php#L215 that can result in Arbitry code execution, file write, etc.. This attack appear to be exploitable via Attacker must host crafted image on victim server and trigger generation of pdf file with content <img src=\"phar://path/to/crafted/image\">. This vulnerability appears to have been fixed in 7.1.8."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "7.1.7 and earlier"}]},"product_name": "mPDF"}]},"vendor_name": "mPDF"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.014372","DATE_REQUESTED": "2019-01-08T16:58:24","ID": "CVE-2019-1000005","ASSIGNER": "kurt@seifried.org","REQUESTER": "byqwerton@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-502: Deserialization of Untrusted Data"}]}]}}

1
2019/1000xxx/CVE-2019-1000006.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/RIOT-OS/RIOT/issues/10739"}]},"description": {"description_data": [{"lang": "eng","value": "RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appear to be exploitable via network connectivity."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3"}]},"product_name": "RIOT-OS"}]},"vendor_name": "RIOT"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.015070","DATE_REQUESTED": "2019-01-09T16:28:24","ID": "CVE-2019-1000006","ASSIGNER": "kurt@seifried.org","REQUESTER": "soeren+mitre@soeren-tempel.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Buffer Overflow"}]}]}}

1
2019/1000xxx/CVE-2019-1000007.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/horazont/aioxmpp/pull/268"}]},"description": {"description_data": [{"lang": "eng","value": "aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appear to be exploitable via Remote. A crafted stanza can be sent to a application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data).."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.10.2 and earlier"}]},"product_name": "aioxmpp"}]},"vendor_name": "aioxmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.015889","DATE_REQUESTED": "2019-01-10T18:56:13","ID": "CVE-2019-1000007","ASSIGNER": "kurt@seifried.org","REQUESTER": "jonas@wielicki.name"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Improper Handling of Structural Elements"}]}]}}

1
2019/1000xxx/CVE-2019-1000008.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://helm.sh/blog/helm-security-notice-2019/index.html"}]},"description": {"description_data": [{"lang": "eng","value": "Helm version all versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result in When chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appear to be exploitable via A victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "all versions of Helm between Helm >=2.0.0 and < 2.12.2"}]},"product_name": "Helm"}]},"vendor_name": "Helm"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.016652","DATE_REQUESTED": "2019-01-14T20:30:06","ID": "CVE-2019-1000008","ASSIGNER": "kurt@seifried.org","REQUESTER": "matt@mattfarina.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}}

1
2019/1000xxx/CVE-2019-1000009.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://helm.sh/blog/chartmuseum-security-notice-2019/index.html"}]},"description": {"description_data": [{"lang": "eng","value": "Helm ChartMuseum version ChartMuseum >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in A specially crafted chart could be uploaded and saved outside the indended location. This attack appear to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "ChartMuseum >=0.1.0 and < 0.8.1"}]},"product_name": "ChartMuseum"}]},"vendor_name": "Helm"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.017655","DATE_REQUESTED": "2019-01-14T20:41:30","ID": "CVE-2019-1000009","ASSIGNER": "kurt@seifried.org","REQUESTER": "matt@mattfarina.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}}

1
2019/1000xxx/CVE-2019-1000010.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/phpipam/phpipam/issues/2327"},{"url": "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c"}]},"description": {"description_data": [{"lang": "eng","value": "phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in Execute code in victims browser.. This attack appear to be exploitable via Victim visits link crafted by an attacker.. This vulnerability appears to have been fixed in 1.4."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.3.2 and earlier"}]},"product_name": "phpIPAM"}]},"vendor_name": "phpIPAM"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.018967","DATE_REQUESTED": "2019-01-15T04:36:09","ID": "CVE-2019-1000010","ASSIGNER": "kurt@seifried.org","REQUESTER": "oscar@sakerhetskontoret.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}}

1
2019/1000xxx/CVE-2019-1000011.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/api-platform/core/issues/2364"},{"url": "https://github.com/api-platform/core/pull/2441"}]},"description": {"description_data": [{"lang": "eng","value": "API Platform version From 2.2.0 to 2.3.5 contains a Incorrect Access Control vulnerability in GraphQL delete mutations that can result in Because of this bug, an user authorized to delete a resource can delete any resource,. This attack appear to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "From 2.2.0 to 2.3.5"}]},"product_name": "API Platform"}]},"vendor_name": "API Platform"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.019708","DATE_REQUESTED": "2019-01-15T15:30:38","ID": "CVE-2019-1000011","ASSIGNER": "kurt@seifried.org","REQUESTER": "dunglas@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}}

1
2019/1000xxx/CVE-2019-1000012.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/hexpm/hex/pull/646"},{"url": "https://github.com/hexpm/hex/pull/651"}]},"description": {"description_data": [{"lang": "eng","value": "Hex package manager Hex version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appear to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.14.0 through 0.18.2"}]},"product_name": "Hex"}]},"vendor_name": "Hex package manager"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.020477","DATE_REQUESTED": "2019-01-15T18:58:39","ID": "CVE-2019-1000012","ASSIGNER": "kurt@seifried.org","REQUESTER": "bram.verburg@voltone.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Signing oracle"}]}]}}

1
2019/1000xxx/CVE-2019-1000013.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/hexpm/hex_core/pull/48"},{"url": "https://github.com/hexpm/hex_core/pull/51"}]},"description": {"description_data": [{"lang": "eng","value": "Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appear to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.3.0 and earlier"}]},"product_name": "hex_core"}]},"vendor_name": "Hex package manager"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.021164","DATE_REQUESTED": "2019-01-15T18:58:43","ID": "CVE-2019-1000013","ASSIGNER": "kurt@seifried.org","REQUESTER": "bram.verburg@voltone.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Signing oracle"}]}]}}

1
2019/1000xxx/CVE-2019-1000014.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/erlang/rebar3/pull/1986"}]},"description": {"description_data": [{"lang": "eng","value": "Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appear to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.7.0 through 3.7.5"}]},"product_name": "Rebar3"}]},"vendor_name": "Erlang/OTP"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.021861","DATE_REQUESTED": "2019-01-15T18:58:45","ID": "CVE-2019-1000014","ASSIGNER": "kurt@seifried.org","REQUESTER": "bram.verburg@voltone.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Signing oracle"}]}]}}

1
2019/1000xxx/CVE-2019-1000015.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03"}]},"description": {"description_data": [{"lang": "eng","value": "Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in A message can be sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. A ticket can be created with a XSS payload in the subject field.. This attack appear to be exploitable via <svg/onload=alert(1)> was the payload user on the Subject field. Create a ticket with the XSS payload on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets.. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.11.8 and earlier"}]},"product_name": "Chamilo-lms"}]},"vendor_name": "Chamilo"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.022521","DATE_REQUESTED": "2019-01-16T14:51:11","ID": "CVE-2019-1000015","ASSIGNER": "kurt@seifried.org","REQUESTER": "jarnaut@dognaedis.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}}

1
2019/1000xxx/CVE-2019-1000016.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f"}]},"description": {"description_data": [{"lang": "eng","value": "FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appear to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.1"}]},"product_name": "FFMPEG"}]},"vendor_name": "FFMPEG"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.023172","DATE_REQUESTED": "2019-01-16T15:30:44","ID": "CVE-2019-1000016","ASSIGNER": "kurt@seifried.org","REQUESTER": "skeval65@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-129: Improper Validation of Array Index"}]}]}}

1
2019/1000xxx/CVE-2019-1000017.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03"},{"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-34-2019-01-14-Moderate-risk-moderate-impact-XSS-and-unauthorized-access"}]},"description": {"description_data": [{"lang": "eng","value": "Chamilo Chamilo-lms version 1.11.8 and earlier contains a Incorrect Access Control vulnerability in Tickets component that can result in An authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appear to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.11.8 and earlier"}]},"product_name": "Chamilo-lms"}]},"vendor_name": "Chamilo"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.023850","DATE_REQUESTED": "2019-01-16T16:16:03","ID": "CVE-2019-1000017","ASSIGNER": "kurt@seifried.org","REQUESTER": "jarnaut@dognaedis.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}}

1
2019/1000xxx/CVE-2019-1000018.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"}]},"description": {"description_data": [{"lang": "eng","value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.3.4"}]},"product_name": "rssh"}]},"vendor_name": "rssh"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.024645","DATE_REQUESTED": "2019-01-16T17:31:27","ID": "CVE-2019-1000018","ASSIGNER": "kurt@seifried.org","REQUESTER": "security@es.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}]}}

1
2019/1000xxx/CVE-2019-1000019.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/libarchive/libarchive/pull/1120"},{"url": "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1"}]},"description": {"description_data": [{"lang": "eng","value": "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appear to be exploitable via the victim opening a specially crafted 7zip file."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards)"}]},"product_name": "libarchive"}]},"vendor_name": "libarchive"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.025460","DATE_REQUESTED": "2019-01-17T00:55:44","ID": "CVE-2019-1000019","ASSIGNER": "kurt@seifried.org","REQUESTER": "dja@axtens.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-125: Out-of-bounds Read"}]}]}}

1
2019/1000xxx/CVE-2019-1000020.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/libarchive/libarchive/pull/1120"},{"url": "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423"}]},"description": {"description_data": [{"lang": "eng","value": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appear to be exploitable via the victim opening a specially crafted ISO9660 file."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards)"}]},"product_name": "libarchive"}]},"vendor_name": "libarchive"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.026263","DATE_REQUESTED": "2019-01-17T03:09:42","ID": "CVE-2019-1000020","ASSIGNER": "kurt@seifried.org","REQUESTER": "dja@axtens.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}]}}

1
2019/1000xxx/CVE-2019-1000021.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416"},{"url": "https://xmpp.org/extensions/xep-0223.html#howitworks"}]},"description": {"description_data": [{"lang": "eng","value": "slixmpp version Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains a Incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in All of the contacts of the victim can see private data having been published to a PEP node. This attack appear to be exploitable via When the user of this library publishes any private data on PEP, the node isn\u2019t configured to be private. This vulnerability appears to have been fixed in After commit 7cd73b594e8122dddf847953fcfc85ab4d316416."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Before commit 7cd73b594e8122dddf847953fcfc85ab4d316416"}]},"product_name": "slixmpp"}]},"vendor_name": "slixmpp"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.027360","DATE_REQUESTED": "2019-01-17T11:57:39","ID": "CVE-2019-1000021","ASSIGNER": "kurt@seifried.org","REQUESTER": "linkmauve@linkmauve.fr"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}}

1
2019/1000xxx/CVE-2019-1000022.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/ptaoussanis/sente/issues/137"}]},"description": {"description_data": [{"lang": "eng","value": "Taoensso Sente version Prior to version 1.14.0 contains a Cross ite Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appear to be exploitable via Malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Prior to version 1.14.0"}]},"product_name": "Sente"}]},"vendor_name": "Taoensso"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.028604","DATE_REQUESTED": "2019-01-19T09:14:57","ID": "CVE-2019-1000022","ASSIGNER": "kurt@seifried.org","REQUESTER": "cve@taoensso.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross ite Request Forgery (CSRF)"}]}]}}

1
2019/1000xxx/CVE-2019-1000023.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/SQL_Injection"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in A malicious attacker can include own SQL commands which database will execute.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in None."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "OPTOSS Next Gen Network Management System (NG-NetMS)"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.029865","DATE_REQUESTED": "2019-01-20T14:01:57","ID": "CVE-2019-1000023","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "SQL Injection"}]}]}}

1
2019/1000xxx/CVE-2019-1000024.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html"},{"url": "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)"},{"url": "https://sourceforge.net/projects/ngnms/"}]},"description": {"description_data": [{"lang": "eng","value": "OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in A cross-site scripting vulnerability was identified on the /js/libs/jstree/demo/filebrowser/index.php page. The \u201cid\u201d and \u201coperation\u201d GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response. that can result in Cross-site scripting relies on a victim being socially engineered into clicking on a malicious link.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in None."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "v3.6-2 and earlier versions"}]},"product_name": "NG-NetMS"}]},"vendor_name": "OPT/NET BV"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-01-22T21:21:10.031068","DATE_REQUESTED": "2019-01-20T14:10:58","ID": "CVE-2019-1000024","ASSIGNER": "kurt@seifried.org","REQUESTER": "piotr.karolak@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}}