admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-06 21:01:21 +00:00
parent 81f71c9c70
commit c022315710
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 298 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2011/2xxx/CVE-2011-2808.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2808",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "before Blink M13"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use of stale data"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=83672",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=83672"
},
{
"url": "http://trac.webkit.org/changeset/86976",
"refsource": "MISC",
"name": "http://trac.webkit.org/changeset/86976"
},
{
"url": "http://trac.webkit.org/browser/trunk/Source/WebCore/rendering/RenderObject.h?rev=86705#L1044",
"refsource": "MISC",
"name": "http://trac.webkit.org/browser/trunk/Source/WebCore/rendering/RenderObject.h?rev=86705#L1044"
},
{
"url": "http://code.google.com/p/chromium/issues/detail?id=82063",
"refsource": "MISC",
"name": "http://code.google.com/p/chromium/issues/detail?id=82063"
},
{
"url": "https://bugs.webkit.org/show_bug.cgi?id=57091",
"refsource": "MISC",
"name": "https://bugs.webkit.org/show_bug.cgi?id=57091"
},
{
"url": "http://trac.webkit.org/changeset/90568",
"refsource": "MISC",
"name": "http://trac.webkit.org/changeset/90568"
},
{
"url": "http://trac.webkit.org/changeset/90848",
"refsource": "MISC",
"name": "http://trac.webkit.org/changeset/90848"
}
]
}

48
2014/9xxx/CVE-2014-9013.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9013",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/36490/",
"url": "https://www.exploit-db.com/exploits/36490/"
}
]
}

53
2014/9xxx/CVE-2014-9014.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9014",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html",
"url": "https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/36466/",
"url": "https://www.exploit-db.com/exploits/36466/"
}
]
}

5
2015/9xxx/CVE-2015-9284.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20150526 CVE Request: CSRF vulnerability in OmniAuth request phase",
"url": "https://www.openwall.com/lists/oss-security/2015/05/26/11"
},
{
"refsource": "MISC",
"name": "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284",
"url": "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284"
}
]
},

5
2018/20xxx/CVE-2018-20969.json
View File

@ -81,6 +81,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2964",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3757",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
}
]
}

50
2019/12xxx/CVE-2019-12406.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_value": "Apache CXF versions before 3.3.4 and 3.2.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"."
}
]
}

50
2019/12xxx/CVE-2019-12419.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_value": "versions before 3.3.4 and 3.2.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Apache CXF OpenId Connect token service does not properly validate the clientId"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client."
}
]
}

5
2019/13xxx/CVE-2019-13638.json
View File

@ -111,6 +111,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2964",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3757",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
}
]
}

10
2019/14xxx/CVE-2019-14287.json
View File

@ -181,6 +181,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3694",
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3755",
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3754",
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
}
]
}

5
2019/15xxx/CVE-2019-15903.json
View File

@ -186,6 +186,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2425",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3756",
"url": "https://access.redhat.com/errata/RHSA-2019:3756"
}
]
}