From b5fe3acbeed0200a0e107eeb9bcfb4e6f73cb7cb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 26 Aug 2019 13:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10932.json | 62 +++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10933.json | 62 +++++++++++++++++++++++++++++ 2017/18xxx/CVE-2017-18587.json | 62 +++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20990.json | 62 +++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20992.json | 62 +++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20993.json | 62 +++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20994.json | 62 +++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15304.json | 67 +++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15521.json | 72 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15524.json | 67 +++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15556.json | 62 +++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15561.json | 62 +++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15562.json | 67 +++++++++++++++++++++++++++++++ 13 files changed, 831 insertions(+) create mode 100644 2016/10xxx/CVE-2016-10932.json create mode 100644 2016/10xxx/CVE-2016-10933.json create mode 100644 2017/18xxx/CVE-2017-18587.json create mode 100644 2018/20xxx/CVE-2018-20990.json create mode 100644 2018/20xxx/CVE-2018-20992.json create mode 100644 2018/20xxx/CVE-2018-20993.json create mode 100644 2018/20xxx/CVE-2018-20994.json create mode 100644 2019/15xxx/CVE-2019-15304.json create mode 100644 2019/15xxx/CVE-2019-15521.json create mode 100644 2019/15xxx/CVE-2019-15524.json create mode 100644 2019/15xxx/CVE-2019-15556.json create mode 100644 2019/15xxx/CVE-2019-15561.json create mode 100644 2019/15xxx/CVE-2019-15562.json diff --git a/2016/10xxx/CVE-2016-10932.json b/2016/10xxx/CVE-2016-10932.json new file mode 100644 index 00000000000..4eb63313e91 --- /dev/null +++ b/2016/10xxx/CVE-2016-10932.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2016-0002.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2016-0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10933.json b/2016/10xxx/CVE-2016-10933.json new file mode 100644 index 00000000000..38f677a6e09 --- /dev/null +++ b/2016/10xxx/CVE-2016-10933.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2016-0003.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2016-0003.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18587.json b/2017/18xxx/CVE-2017-18587.json new file mode 100644 index 00000000000..7afa4568941 --- /dev/null +++ b/2017/18xxx/CVE-2017-18587.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2017-0002.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2017-0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20990.json b/2018/20xxx/CVE-2018-20990.json new file mode 100644 index 00000000000..3fec841256d --- /dev/null +++ b/2018/20xxx/CVE-2018-20990.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0002.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20992.json b/2018/20xxx/CVE-2018-20992.json new file mode 100644 index 00000000000..83574a16c4d --- /dev/null +++ b/2018/20xxx/CVE-2018-20992.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0004.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0004.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20993.json b/2018/20xxx/CVE-2018-20993.json new file mode 100644 index 00000000000..708ccb64efc --- /dev/null +++ b/2018/20xxx/CVE-2018-20993.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0006.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0006.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20994.json b/2018/20xxx/CVE-2018-20994.json new file mode 100644 index 00000000000..50bdaeeb671 --- /dev/null +++ b/2018/20xxx/CVE-2018-20994.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0007.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0007.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15304.json b/2019/15xxx/CVE-2019-15304.json new file mode 100644 index 00000000000..dbd1203008f --- /dev/null +++ b/2019/15xxx/CVE-2019-15304.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. NOTE: this device also ships with ProGrade branding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://progradegrill.com/wifi-grilling-thermometer/", + "refsource": "MISC", + "name": "http://progradegrill.com/wifi-grilling-thermometer/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Aug/24", + "url": "http://seclists.org/fulldisclosure/2019/Aug/24" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15521.json b/2019/15xxx/CVE-2019-15521.json new file mode 100644 index 00000000000..7686217b0a7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15521.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/forkcms/library/pull/69", + "refsource": "MISC", + "name": "https://github.com/forkcms/library/pull/69" + }, + { + "url": "https://github.com/forkcms/library/releases/tag/1.4.1", + "refsource": "MISC", + "name": "https://github.com/forkcms/library/releases/tag/1.4.1" + }, + { + "url": "https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117", + "refsource": "MISC", + "name": "https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15524.json b/2019/15xxx/CVE-2019-15524.json new file mode 100644 index 00000000000..a6409634a4b --- /dev/null +++ b/2019/15xxx/CVE-2019-15524.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cszcms.com", + "refsource": "MISC", + "name": "https://www.cszcms.com" + }, + { + "refsource": "MISC", + "name": "https://pastebin.com/vbx4JWQh", + "url": "https://pastebin.com/vbx4JWQh" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15556.json b/2019/15xxx/CVE-2019-15556.json new file mode 100644 index 00000000000..3a8b6fe45ef --- /dev/null +++ b/2019/15xxx/CVE-2019-15556.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Pvanloon1983/social_network/pull/4", + "refsource": "MISC", + "name": "https://github.com/Pvanloon1983/social_network/pull/4" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15561.json b/2019/15xxx/CVE-2019-15561.json new file mode 100644 index 00000000000..27af382f703 --- /dev/null +++ b/2019/15xxx/CVE-2019-15561.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vpoliakov/FlashLingo/pull/3", + "refsource": "MISC", + "name": "https://github.com/vpoliakov/FlashLingo/pull/3" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15562.json b/2019/15xxx/CVE-2019-15562.json new file mode 100644 index 00000000000..de10ff006c2 --- /dev/null +++ b/2019/15xxx/CVE-2019-15562.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GORM before 1.9.10 allows SQL injection via incomplete parentheses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jinzhu/gorm/releases/tag/v1.9.10", + "refsource": "MISC", + "name": "https://github.com/jinzhu/gorm/releases/tag/v1.9.10" + }, + { + "url": "https://github.com/jinzhu/gorm/pull/2519", + "refsource": "MISC", + "name": "https://github.com/jinzhu/gorm/pull/2519" + } + ] + } +} \ No newline at end of file