admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #159 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-07-22 09:29:32 -04:00 committed by GitHub
commit c2c8b18422
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
312 changed files with 12145 additions and 763 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2002/0xxx/CVE-2002-0390.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0390",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2002-0390",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

10
2002/0xxx/CVE-2002-0639.json
View File

@ -126,6 +126,16 @@
"name": "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102514631524575&w=2"
},
{
"refsource": "ISS",
"name": "20020626 OpenSSH Remote Challenge Vulnerability",
"url": "https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html"
},
{
"refsource": "MISC",
"name": "https://twitter.com/RooneyMcNibNug/status/1152332585349111810",
"url": "https://twitter.com/RooneyMcNibNug/status/1152332585349111810"
}
]
}

5
2013/7xxx/CVE-2013-7285.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://x-stream.github.io/CVE-2013-7285.html",
"url": "https://x-stream.github.io/CVE-2013-7285.html"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
}
]
}

5
2014/0xxx/CVE-2014-0114.json
View File

@ -511,6 +511,11 @@
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E"
}
]
}

74
2015/7xxx/CVE-2015-7882.json
View File

@ -2,7 +2,31 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7882",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Authentication bypass when using LDAP authentication in MongoDB Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +35,54 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/SERVER-20691",
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-20691"
}
]
},
"source": {
"defect": [
"SECURITY-336"
],
"discovery": "INTERNAL"
}
}

5
2016/0xxx/CVE-2016-0723.json
View File

@ -191,6 +191,11 @@
"name": "SUSE-SU-2016:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K43650115",
"url": "https://support.f5.com/csp/article/K43650115"
}
]
}

10
2016/10xxx/CVE-2016-10724.json
View File

@ -61,6 +61,16 @@
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"refsource": "MISC",
"name": "https://github.com/JinBean/CVE-Extension",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"refsource": "CONFIRM",
"name": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
]
}

10
2016/10xxx/CVE-2016-10725.json
View File

@ -61,6 +61,16 @@
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"refsource": "MISC",
"name": "https://github.com/JinBean/CVE-Extension",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"refsource": "CONFIRM",
"name": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
]
}

67
2016/10xxx/CVE-2016-10762.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/151516",
"refsource": "MISC",
"name": "https://hackerone.com/reports/151516"
},
{
"url": "https://wordpress.org/plugins/camptix/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/camptix/#developers"
}
]
}
}

67
2016/10xxx/CVE-2016-10763.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/camptix/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/camptix/#developers"
},
{
"url": "https://hackerone.com/reports/152958",
"refsource": "MISC",
"name": "https://hackerone.com/reports/152958"
}
]
}
}

5
2017/12xxx/CVE-2017-12481.json
View File

@ -56,6 +56,11 @@
"name": "http://bugs.ledger-cli.org/show_bug.cgi?id=1222",
"refsource": "MISC",
"url": "http://bugs.ledger-cli.org/show_bug.cgi?id=1222"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1779",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"
}
]
}

5
2017/12xxx/CVE-2017-12482.json
View File

@ -56,6 +56,11 @@
"name": "http://bugs.ledger-cli.org/show_bug.cgi?id=1224",
"refsource": "MISC",
"url": "http://bugs.ledger-cli.org/show_bug.cgi?id=1224"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1779",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"
}
]
}

5
2017/12xxx/CVE-2017-12652.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE",
"url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"
},
{
"refsource": "BID",
"name": "109269",
"url": "http://www.securityfocus.com/bid/109269"
}
]
}

10
2017/15xxx/CVE-2017-15123.json
View File

@ -48,6 +48,16 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
"refsource": "CONFIRM"
},
{
"refsource": "BID",
"name": "108690",
"url": "http://www.securityfocus.com/bid/108690"
},
{
"refsource": "MISC",
"name": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/",
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
]
},

5
2017/17xxx/CVE-2017-17742.json
View File

@ -126,6 +126,11 @@
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2017/18xxx/CVE-2017-18258.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190719-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190719-0001/"
}
]
}

5
2017/2xxx/CVE-2017-2807.json
View File

@ -62,6 +62,11 @@
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1779",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"
}
]
}

5
2017/2xxx/CVE-2017-2808.json
View File

@ -62,6 +62,11 @@
"name": "100546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100546"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1779",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"
}
]
}

5
2017/5xxx/CVE-2017-5130.json
View File

@ -91,6 +91,11 @@
"name": "GLSA-201710-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-24"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190719-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190719-0001/"
}
]
}

5
2018/1000xxx/CVE-2018-1000024.json
View File

@ -78,6 +78,11 @@
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
},
{
"refsource": "UBUNTU",
"name": "USN-4059-2",
"url": "https://usn.ubuntu.com/4059-2/"
}
]
}

5
2018/1000xxx/CVE-2018-1000027.json
View File

@ -93,6 +93,11 @@
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4059-2",
"url": "https://usn.ubuntu.com/4059-2/"
}
]
}

5
2018/1000xxx/CVE-2018-1000073.json
View File

@ -98,6 +98,11 @@
"name": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html",
"refsource": "MISC",
"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000074.json
View File

@ -118,6 +118,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1796-1] jruby security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000075.json
View File

@ -118,6 +118,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1796-1] jruby security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000076.json
View File

@ -118,6 +118,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1796-1] jruby security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000077.json
View File

@ -118,6 +118,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1796-1] jruby security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000078.json
View File

@ -118,6 +118,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1796-1] jruby security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000079.json
View File

@ -103,6 +103,11 @@
"name": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html",
"refsource": "MISC",
"url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/12xxx/CVE-2018-12404.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1758",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
}
]
},

5
2018/14xxx/CVE-2018-14332.json
View File

@ -66,6 +66,11 @@
"name": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1780",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00038.html"
}
]
}

5
2018/14xxx/CVE-2018-14404.json
View File

@ -86,6 +86,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1543",
"url": "https://access.redhat.com/errata/RHSA-2019:1543"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190719-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190719-0002/"
}
]
}

5
2018/16xxx/CVE-2018-16395.json
View File

@ -126,6 +126,11 @@
"name": "1042105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042105"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/16xxx/CVE-2018-16396.json
View File

@ -121,6 +121,11 @@
"name": "1042106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042106"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/16xxx/CVE-2018-16597.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2018:3202",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"refsource": "BUGTRAQ",
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"url": "https://seclists.org/bugtraq/2019/Jul/33"
}
]
}

17
2018/16xxx/CVE-2018-16763.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter."
"value": "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution."
}
]
},
@ -56,6 +56,21 @@
"name": "https://github.com/daylightstudio/FUEL-CMS/issues/478",
"refsource": "MISC",
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/478"
},
{
"refsource": "MISC",
"name": "https://0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-execution-cve-2018-16763-bypass/",
"url": "https://0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-execution-cve-2018-16763-bypass/"
},
{
"refsource": "EXPLOIT-DB",
"name": "47138",
"url": "https://www.exploit-db.com/exploits/47138"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html"
}
]
}

48
2018/17xxx/CVE-2018-17210.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17210",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17210-Authorization_Bypass-PrinterOn",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17210-Authorization_Bypass-PrinterOn"
}
]
}

53
2018/17xxx/CVE-2018-17792.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17792",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MDaemon Webmail (formerly WorldClient) has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.altn.com/Software/MDaemon-Webmail-WorldClient/",
"refsource": "MISC",
"name": "https://www.altn.com/Software/MDaemon-Webmail-WorldClient/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153686/WorldClient-14-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/153686/WorldClient-14-Cross-Site-Request-Forgery.html"
}
]
}

5
2018/18xxx/CVE-2018-18074.json
View File

@ -86,6 +86,11 @@
"name": "https://github.com/requests/requests/pull/4718",
"refsource": "MISC",
"url": "https://github.com/requests/requests/pull/4718"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1754",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"
}
]
}

5
2018/18xxx/CVE-2018-18500.json
View File

@ -131,6 +131,11 @@
"refsource": "GENTOO",
"name": "GLSA-201904-07",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1758",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
}
]
}

5
2018/18xxx/CVE-2018-18501.json
View File

@ -154,6 +154,11 @@
"refsource": "GENTOO",
"name": "GLSA-201904-07",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1758",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
}
]
}

5
2018/18xxx/CVE-2018-18505.json
View File

@ -159,6 +159,11 @@
"refsource": "GENTOO",
"name": "GLSA-201904-07",
"url": "https://security.gentoo.org/glsa/201904-07"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1758",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"
}
]
}

12
2018/1xxx/CVE-2018-1199.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-01-29T00:00:00",
"ID": "CVE-2018-1199",
"STATE": "PUBLIC"
@ -73,6 +73,16 @@
"refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
}
]
}

12
2018/1xxx/CVE-2018-1270.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-04-05T00:00:00",
"ID": "CVE-2018-1270",
"STATE": "PUBLIC"
@ -92,6 +92,16 @@
"refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
}
]
}

7
2018/1xxx/CVE-2018-1275.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-04-09T00:00:00",
"ID": "CVE-2018-1275",
"STATE": "PUBLIC"
@ -102,6 +102,11 @@
"refsource": "MLIST",
"name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
}
]
}

97
2018/1xxx/CVE-2018-1921.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1921",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887995 (Campaign)",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887995",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887995"
},
{
"name": "ibm-campaign-cve20181921-xss (152857)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152857"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Campaign",
"version": {
"version_data": [
{
"version_value": "9.1.2"
},
{
"version_value": "9.1.0"
},
{
"version_value": "10.1"
},
{
"version_value": "11.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"UI": "R",
"AC": "L",
"SCORE": "5.400",
"S": "C",
"AV": "N",
"PR": "L",
"C": "L",
"A": "N",
"I": "L"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-1921",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-07-10T00:00:00"
},
"data_type": "CVE"
}

15
2018/20xxx/CVE-2018-20836.json
View File

@ -71,6 +71,21 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K11225249",
"url": "https://support.f5.com/csp/article/K11225249"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190719-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1716",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1757",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
}
]
}

10
2018/20xxx/CVE-2018-20843.json
View File

@ -116,6 +116,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-139fcda84d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K51011533",
"url": "https://support.f5.com/csp/article/K51011533"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1777",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html"
}
]
}

87
2018/2xxx/CVE-2018-2021.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2018-2021",
"STATE": "RESERVED"
"DATE_PUBLIC": "2019-07-10T00:00:00"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888117",
"title": "IBM Security Bulletin 888117 (QRadar SIEM)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888117"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155345",
"name": "ibm-qradar-cve20182021-xss (155345)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
},
"product_name": "QRadar SIEM"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"UI": "R",
"AC": "L",
"SCORE": "6.100",
"AV": "N",
"PR": "N",
"S": "C",
"C": "L",
"A": "N",
"I": "L"
}
}
},
"data_version": "4.0"
}

91
2018/2xxx/CVE-2018-2022.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2022",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-07-10T00:00:00",
"ID": "CVE-2018-2022",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888133",
"title": "IBM Security Bulletin 888133 (QRadar SIEM)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888133"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155346",
"name": "ibm-qradar-cve20182022-info-disc (155346)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.300",
"UI": "N",
"AC": "L",
"A": "N",
"I": "N",
"S": "U",
"PR": "N",
"AV": "N",
"C": "L"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
}
}

5
2018/6xxx/CVE-2018-6914.json
View File

@ -126,6 +126,11 @@
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/7xxx/CVE-2018-7073.json
View File

@ -61,11 +61,6 @@
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03843en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03843en_us"
},
{
"name": "USN-3590-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3590-1/"
}
]
}

5
2018/8xxx/CVE-2018-8777.json
View File

@ -126,6 +126,11 @@
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/8xxx/CVE-2018-8778.json
View File

@ -126,6 +126,11 @@
"name": "103693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103693"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/8xxx/CVE-2018-8779.json
View File

@ -126,6 +126,11 @@
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/8xxx/CVE-2018-8780.json
View File

@ -126,6 +126,11 @@
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1771",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
]
}

5
2018/9xxx/CVE-2018-9861.json
View File

@ -61,6 +61,11 @@
"name": "https://www.drupal.org/sa-core-2018-003",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/sa-core-2018-003"
},
{
"refsource": "BID",
"name": "103924",
"url": "http://www.securityfocus.com/bid/103924"
}
]
}

5
2019/0xxx/CVE-2019-0046.json
View File

@ -107,6 +107,11 @@
"name": "https://kb.juniper.net/JSA10938",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10938"
},
{
"refsource": "BID",
"name": "109272",
"url": "http://www.securityfocus.com/bid/109272"
}
]
},

5
2019/0xxx/CVE-2019-0199.json
View File

@ -153,6 +153,11 @@
"refsource": "BID",
"name": "107674",
"url": "http://www.securityfocus.com/bid/107674"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1723",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html"
}
]
},

58
2019/1010xxx/CVE-2019-1010048.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UPX",
"version": {
"version_data": [
{
"version_value": "3.95"
}
]
}
}
]
},
"vendor_name": "UPX"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-1010048",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/upx/upx/pull/190",
"refsource": "MISC",
"name": "https://github.com/upx/upx/pull/190"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

56
2019/1010xxx/CVE-2019-1010054.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dolibarr ERP & CRM",
"product": {
"product_data": [
{
"product_name": "Dolibarr",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/lucasgcilento/CVE/blob/master/Dolibarr_CSRF",
"refsource": "MISC",
"name": "https://github.com/lucasgcilento/CVE/blob/master/Dolibarr_CSRF"
}
]
}

61
2019/1010xxx/CVE-2019-1010065.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Sleuth Kit",
"product": {
"product_data": [
{
"product_name": "The Sleuth Kit",
"version": {
"version_data": [
{
"version_value": "\u2264 4.6.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://issuetracker.google.com/issues/77809383",
"refsource": "MISC",
"name": "https://issuetracker.google.com/issues/77809383"
},
{
"refsource": "MISC",
"name": "https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b",
"url": "https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b"
}
]
}

61
2019/1010xxx/CVE-2019-1010066.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "msr-safe",
"version": {
"version_data": [
{
"version_value": "v1.1.0 [fixed: v1.2.0]"
}
]
}
}
]
},
"vendor_name": "Lawrence Livermore National Laboratory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LLNL/msr-safe/compare/v1.1.0...v1.2.0",
"refsource": "MISC",
"name": "https://github.com/LLNL/msr-safe/compare/v1.1.0...v1.2.0"
},
{
"url": "https://www.tldp.org/LDP/lkmpg/2.4/html/x856.html",
"refsource": "MISC",
"name": "https://www.tldp.org/LDP/lkmpg/2.4/html/x856.html"
}
]
}

61
2019/1010xxx/CVE-2019-1010069.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "abcm2ps",
"version": {
"version_data": [
{
"version_value": "8.13.20 [fixed: after commit commit 08aef597656d065e86075f3d53fda89765845eae]"
}
]
}
}
]
},
"vendor_name": "moinejf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S",
"refsource": "MISC",
"name": "https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S"
},
{
"url": "https://github.com/leesavide/abcm2ps/issues/18",
"refsource": "MISC",
"name": "https://github.com/leesavide/abcm2ps/issues/18"
}
]
}

61
2019/1010xxx/CVE-2019-1010073.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010073",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bacserv",
"version": {
"version_data": [
{
"version_value": "0.9.1 and 0.8.5 [fixed: 0.8.6]"
}
]
}
}
]
},
"vendor_name": "BACnet Stack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BACnet Stack bacserv 0.9.1 and 0.8.5 is affected by: Buffer Overflow. The impact is: exploit was not explored. The component is: bacserv BVLC forwarded NPDU. bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/bacnet/bugs/55/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/bacnet/bugs/55/"
},
{
"url": "https://sourceforge.net/p/bacnet/code/3169/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/bacnet/code/3169/"
}
]
}

56
2019/1010xxx/CVE-2019-1010083.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Pallets Project",
"product": {
"product_data": [
{
"product_name": "Flask",
"version": {
"version_data": [
{
"version_value": "\u2264 1.0 [fixed: 1]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unexpected memory usage"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.palletsprojects.com/blog/flask-1-0-released/",
"url": "https://www.palletsprojects.com/blog/flask-1-0-released/"
}
]
}

56
2019/1010xxx/CVE-2019-1010084.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010084",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dancer::Plugin::SimpleCRUD",
"product": {
"product_data": [
{
"product_name": "Dancer::Plugin::SimpleCRUD",
"version": {
"version_data": [
{
"version_value": "\u2264 1.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bigpresh/Dancer-Plugin-SimpleCRUD/pull/109",
"refsource": "MISC",
"name": "https://github.com/bigpresh/Dancer-Plugin-SimpleCRUD/pull/109"
}
]
}

56
2019/1010xxx/CVE-2019-1010091.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tinymce",
"version": {
"version_data": [
{
"version_value": "4.7.11, 4.7.12"
}
]
}
}
]
},
"vendor_name": "tinymce"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tinymce/tinymce/issues/4394",
"refsource": "MISC",
"name": "https://github.com/tinymce/tinymce/issues/4394"
}
]
}

56
2019/1010xxx/CVE-2019-1010094.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DomainMOD",
"product": {
"product_data": [
{
"product_name": "DomainMOD",
"version": {
"version_data": [
{
"version_value": "v4.10.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/domainmod/domainmod/issues/65",
"refsource": "MISC",
"name": "https://github.com/domainmod/domainmod/issues/65"
}
]
}

56
2019/1010xxx/CVE-2019-1010095.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DomainMOD",
"product": {
"product_data": [
{
"product_name": "DomainMOD",
"version": {
"version_data": [
{
"version_value": "v4.10.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: http://127.0.0.1/admin/users/add.php. The attack vector is: After the administrator logged in, open the html page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/domainmod/domainmod/issues/65",
"refsource": "MISC",
"name": "https://github.com/domainmod/domainmod/issues/65"
}
]
}

56
2019/1010xxx/CVE-2019-1010096.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DomainMOD",
"product": {
"product_data": [
{
"product_name": "DomainMOD",
"version": {
"version_data": [
{
"version_value": "v4.10.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/domainmod/domainmod/issues/65",
"refsource": "MISC",
"name": "https://github.com/domainmod/domainmod/issues/65"
}
]
}

56
2019/1010xxx/CVE-2019-1010100.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Akeo Consulting",
"product": {
"product_data": [
{
"product_name": "Rufus",
"version": {
"version_data": [
{
"version_value": "\u2264 3.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL search order hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/oss-sec/2018/q2/146",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2018/q2/146"
}
]
}

56
2019/1010xxx/CVE-2019-1010101.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rufus",
"version": {
"version_data": [
{
"version_value": "3.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Akeo Consulting"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/oss-sec/2018/q2/146",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2018/q2/146"
}
]
}

56
2019/1010xxx/CVE-2019-1010104.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010104",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TechyTalk",
"product": {
"product_data": [
{
"product_name": "Quick Chat WordPress Plugin",
"version": {
"version_data": [
{
"version_value": "All (At least as of date 2018-06-13)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: like_escape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://metalamin.github.io/Quick-Chat-SQLi-EN/",
"refsource": "MISC",
"name": "https://metalamin.github.io/Quick-Chat-SQLi-EN/"
}
]
}

59
2019/1010xxx/CVE-2019-1010112.json
View File

@ -1,17 +1,64 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OECMS",
"product": {
"product_data": [
{
"product_name": "OECMS",
"version": {
"version_data": [
{
"version_value": "v4.3.R60321"
},
{
"version_value": "v4.3 later [fixed: v4.3]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LiodAir/images/blob/master/csrf.md",
"refsource": "MISC",
"name": "https://github.com/LiodAir/images/blob/master/csrf.md"
}
]
}

56
2019/1010xxx/CVE-2019-1010113.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Premium Software",
"product": {
"product_data": [
{
"product_name": "CLEditor",
"version": {
"version_data": [
{
"version_value": "\u2264 1.4.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/drive/folders/1UxgdL8SJO6KKnG3bh0-LTl7C6i41VwoW?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1UxgdL8SJO6KKnG3bh0-LTl7C6i41VwoW?usp=sharing"
}
]
}

61
2019/1010xxx/CVE-2019-1010136.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010136",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPN2.4P21-C-CN",
"version": {
"version_data": [
{
"version_value": "W2001EN-00"
}
]
}
}
]
},
"vendor_name": "ChinaMobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control - Unauthenticated Remote Reboot"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.shodan.io/search?query=title%3APLC++pstVal-%3Evalue%3Ahtml%2Findex.html",
"refsource": "MISC",
"name": "https://www.shodan.io/search?query=title%3APLC++pstVal-%3Evalue%3Ahtml%2Findex.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-db.com/exploits/45187/"
}
]
}

66
2019/1010xxx/CVE-2019-1010142.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SecDev",
"product": {
"product_data": [
{
"product_name": "scapy",
"version": {
"version_data": [
{
"version_value": "2.4.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058",
"refsource": "MISC",
"name": "https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058"
},
{
"refsource": "MISC",
"name": "https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/",
"url": "https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/"
},
{
"refsource": "MISC",
"name": "https://github.com/secdev/scapy/pull/1409",
"url": "https://github.com/secdev/scapy/pull/1409"
}
]
}

56
2019/1010xxx/CVE-2019-1010151.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zzcms",
"product": {
"product_data": [
{
"product_name": "zzmcms",
"version": {
"version_data": [
{
"version_value": "\u2264 8.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Delete to getshell"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5",
"refsource": "MISC",
"name": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5"
}
]
}

56
2019/1010xxx/CVE-2019-1010238.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pango",
"version": {
"version_data": [
{
"version_value": "1.42 and later"
}
]
}
}
]
},
"vendor_name": "Gnome"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/pango/blob/master/pango/pango-bidi-type.c",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/pango/blob/master/pango/pango-bidi-type.c"
}
]
}

61
2019/1010xxx/CVE-2019-1010239.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cJSON",
"version": {
"version_data": [
{
"version_value": "1.7.8 [fixed: 1.7.9 and later]"
}
]
}
}
]
},
"vendor_name": "DaveGamble/cJSON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/DaveGamble/cJSON/issues/315",
"refsource": "MISC",
"name": "https://github.com/DaveGamble/cJSON/issues/315"
},
{
"url": "https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b",
"refsource": "MISC",
"name": "https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b"
}
]
}

56
2019/1010xxx/CVE-2019-1010241.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "1.17"
}
]
}
}
]
},
"vendor_name": "Jenkins Credentials Binding Plugin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257: Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing",
"refsource": "MISC",
"name": "https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing"
}
]
}

61
2019/1010xxx/CVE-2019-1010245.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONOS SDN Controller",
"version": {
"version_data": [
{
"version_value": "1.15 and earlier versions [fixed: 1.15]"
}
]
}
}
]
},
"vendor_name": "The Linux Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv"
},
{
"url": "https://gerrit.onosproject.org/#/c/20767/",
"refsource": "MISC",
"name": "https://gerrit.onosproject.org/#/c/20767/"
}
]
}

56
2019/1010xxx/CVE-2019-1010246.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailCleaner",
"version": {
"version_data": [
{
"version_value": "before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]"
}
]
}
}
]
},
"vendor_name": "MailCleaner"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated MySQL database password information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9",
"refsource": "MISC",
"name": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
]
}

66
2019/1010xxx/CVE-2019-1010247.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mod_auth_openidc",
"version": {
"version_data": [
{
"version_value": "2.3.10.1 and earlier [fixed: 2.3.10.2]"
}
]
}
}
]
},
"vendor_name": "ZmartZone IAM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2",
"refsource": "MISC",
"name": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2"
},
{
"url": "https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b",
"refsource": "MISC",
"name": "https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b"
},
{
"url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt",
"refsource": "MISC",
"name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt"
}
]
}

56
2019/1010xxx/CVE-2019-1010248.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "I-doit",
"version": {
"version_data": [
{
"version_value": "1.12 and earlier [fixed: 1.12.1]"
}
]
}
}
]
},
"vendor_name": "Synetics GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/projects/i-doit/files/i-doit/1.12.1/CHANGELOG/download",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/i-doit/files/i-doit/1.12.1/CHANGELOG/download"
}
]
}

61
2019/1010xxx/CVE-2019-1010249.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010249",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONOS",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "The Linux Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ"
},
{
"url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"
}
]
}

61
2019/1010xxx/CVE-2019-1010250.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010250",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONOS",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "The Linux Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Poor Input-validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"
},
{
"url": "https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1"
}
]
}

66
2019/1010xxx/CVE-2019-1010251.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010251",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Suricata",
"version": {
"version_data": [
{
"version_value": "prior to version 4.1.2 [fixed: 4.1.2]"
}
]
}
}
]
},
"vendor_name": "Open Information Security Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service - DNS detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://redmine.openinfosecfoundation.org/issues/2736",
"refsource": "MISC",
"name": "https://redmine.openinfosecfoundation.org/issues/2736"
},
{
"url": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe"
},
{
"url": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b"
}
]
}

61
2019/1010xxx/CVE-2019-1010252.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ONOS",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "The Linux Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Poor Input-validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"
},
{
"url": "https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn",
"refsource": "MISC",
"name": "https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn"
}
]
}

66
2019/1010xxx/CVE-2019-1010259.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Salt",
"version": {
"version_data": [
{
"version_value": "2018.3, 2019.2 [fixed: 2018.3.4]"
}
]
}
}
]
},
"vendor_name": "SaltStack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt (https://github.com/saltstack/salt/blob/develop/salt/modules/mysql.py#L1462). The attack vector is: specially crafted password string. The fixed version is: 2018.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534",
"refsource": "MISC",
"name": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534"
},
{
"url": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a",
"refsource": "MISC",
"name": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a"
},
{
"url": "https://github.com/saltstack/salt/pull/51462",
"refsource": "MISC",
"name": "https://github.com/saltstack/salt/pull/51462"
}
]
}

56
2019/1010xxx/CVE-2019-1010261.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gitea",
"version": {
"version_data": [
{
"version_value": "1.7.0 and earlier [fixed: 1.7.1 and later]"
}
]
}
}
]
},
"vendor_name": "Gitea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/go-gitea/gitea/pull/5905",
"refsource": "MISC",
"name": "https://github.com/go-gitea/gitea/pull/5905"
}
]
}

4
2019/1010xxx/CVE-2019-1010262.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2019-1010262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-1010142. Reason: This candidate is a reservation duplicate of CVE-2019-1010142. Notes: All CVE users should reference CVE-2019-1010142 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

61
2019/1010xxx/CVE-2019-1010263.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Perl Crypt::JWT",
"version": {
"version_data": [
{
"version_value": "prior to 0.023 [fixed: after commit b98a59b42ded9f9e51b2560410106207c2152d6c]"
}
]
}
}
]
},
"vendor_name": "Perl Crypt::JWT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2018/09/07/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2018/09/07/1"
},
{
"refsource": "MISC",
"name": "https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c",
"url": "https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c"
}
]
}

66
2019/1010xxx/CVE-2019-1010266.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "lodash",
"product": {
"product_data": [
{
"product_name": "lodash",
"version": {
"version_data": [
{
"version_value": "<4.17.11 [fixed: 4.7.11]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-73639",
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-LODASH-73639"
},
{
"url": "https://github.com/lodash/lodash/issues/3359",
"refsource": "MISC",
"name": "https://github.com/lodash/lodash/issues/3359"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/lodash/lodash/wiki/Changelog",
"url": "https://github.com/lodash/lodash/wiki/Changelog"
}
]
}

61
2019/1010xxx/CVE-2019-1010268.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ladon",
"product": {
"product_data": [
{
"product_name": "Ladon",
"version": {
"version_data": [
{
"version_value": "0.9.40 and previous (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/43113",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/43113"
},
{
"refsource": "MISC",
"name": "https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688",
"url": "https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688"
}
]
}

66
2019/1010xxx/CVE-2019-1010275.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "helm",
"version": {
"version_data": [
{
"version_value": "Before 2.7.2 [fixed: 2.7.2]"
}
]
}
}
]
},
"vendor_name": "helm"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/helm/helm/releases/tag/v2.7.2",
"refsource": "MISC",
"name": "https://github.com/helm/helm/releases/tag/v2.7.2"
},
{
"url": "https://github.com/helm/helm/pull/3152",
"refsource": "MISC",
"name": "https://github.com/helm/helm/pull/3152"
},
{
"url": "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50",
"refsource": "MISC",
"name": "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50"
}
]
}

66
2019/1010xxx/CVE-2019-1010279.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Suricata",
"version": {
"version_data": [
{
"version_value": "prior to version 4.1.3 [fixed: 4.1.3]"
}
]
}
}
]
},
"vendor_name": "Open Information Security Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service - TCP/HTTP detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://redmine.openinfosecfoundation.org/issues/2770",
"refsource": "MISC",
"name": "https://redmine.openinfosecfoundation.org/issues/2770"
},
{
"url": "https://github.com/OISF/suricata/pull/3625",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/pull/3625"
},
{
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
}
]
}

61
2019/1010xxx/CVE-2019-1010283.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "univention-directory-notifier",
"version": {
"version_data": [
{
"version_value": "12.0.1-3 and earlier [fixed: 12.0.1-4 and later]"
}
]
}
}
]
},
"vendor_name": "Univention Corporate Server"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213: Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34",
"refsource": "MISC",
"name": "https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34"
},
{
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427",
"refsource": "MISC",
"name": "https://forge.univention.org/bugzilla/show_bug.cgi?id=48427"
}
]
}

61
2019/1010xxx/CVE-2019-1010287.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010287",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Timesheet Next Gen",
"version": {
"version_data": [
{
"version_value": "1.5.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Timesheet Next Gen"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/"
},
{
"url": "https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40",
"refsource": "MISC",
"name": "https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40"
}
]
}

5
2019/1010xxx/CVE-2019-1010305.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d",
"refsource": "MISC",
"name": "https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d"
},
{
"refsource": "UBUNTU",
"name": "USN-4066-1",
"url": "https://usn.ubuntu.com/4066-1/"
}
]
}

Some files were not shown because too many files have changed in this diff Show More