From b61113c9eef782cf870ee7320c5a4649a851c7bd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 12 Oct 2019 21:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17531.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17532.json | 62 +++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17531.json create mode 100644 2019/17xxx/CVE-2019-17532.json diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json new file mode 100644 index 00000000000..2baed489d09 --- /dev/null +++ b/2019/17xxx/CVE-2019-17531.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + }, + { + "url": "https://github.com/FasterXML/jackson-databind/issues/2498", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2498" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17532.json b/2019/17xxx/CVE-2019-17532.json new file mode 100644 index 00000000000..6b58daa11c4 --- /dev/null +++ b/2019/17xxx/CVE-2019-17532.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/badnack/wemo_dos", + "refsource": "MISC", + "name": "https://github.com/badnack/wemo_dos" + } + ] + } +} \ No newline at end of file