admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-27 16:00:56 +00:00
parent d7c239e1bc
commit d1624f0a83
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 407 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/19xxx/CVE-2018-19592.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19592",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \"CLink4Service\" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://forum.corsair.com/v3/showthread.php?t=155646",
"url": "http://forum.corsair.com/v3/showthread.php?t=155646"
},
{
"refsource": "MISC",
"name": "https://github.com/BradyDonovan/CVE-2018-19592/blob/master/CLink4Service",
"url": "https://github.com/BradyDonovan/CVE-2018-19592/blob/master/CLink4Service"
}
]
}

5
2019/14xxx/CVE-2019-14835.json
View File

@ -178,6 +178,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2899",
"url": "https://access.redhat.com/errata/RHSA-2019:2899"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2924",
"url": "https://access.redhat.com/errata/RHSA-2019:2924"
}
]
},

62
2019/16xxx/CVE-2019-16922.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8",
"refsource": "MISC",
"name": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8"
}
]
}
}

5
2019/3xxx/CVE-2019-3855.json
View File

@ -171,6 +171,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT210609",
"url": "https://support.apple.com/kb/HT210609"
},
{
"refsource": "BUGTRAQ",
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"url": "https://seclists.org/bugtraq/2019/Sep/49"
}
]
},

61
2019/8xxx/CVE-2019-8072.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8072",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-8072",
"ASSIGNER": "psirt@adobe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Adobe",
"product": {
"product_data": [
{
"product_name": "Cold Fusion",
"version": {
"version_data": [
{
"version_value": "ColdFusion 2018- update 4 and earlier"
},
{
"version_value": "ColdFusion 2016- update 11 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user."
}
]
}

61
2019/8xxx/CVE-2019-8073.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8073",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-8073",
"ASSIGNER": "psirt@adobe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Adobe",
"product": {
"product_data": [
{
"product_name": "Cold Fusion",
"version": {
"version_data": [
{
"version_value": "ColdFusion 2018- update 4 and earlier"
},
{
"version_value": "ColdFusion 2016- update 11 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection via Vulnerable component"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user."
}
]
}

61
2019/8xxx/CVE-2019-8074.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8074",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-8074",
"ASSIGNER": "psirt@adobe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Adobe",
"product": {
"product_data": [
{
"product_name": "Cold Fusion",
"version": {
"version_data": [
{
"version_value": "ColdFusion 2018- update 4 and earlier"
},
{
"version_value": "ColdFusion 2016- update 11 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user."
}
]
}

58
2019/8xxx/CVE-2019-8075.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8075",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-8075",
"ASSIGNER": "psirt@adobe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Adobe",
"product": {
"product_data": [
{
"product_name": "Flash Player",
"version": {
"version_data": [
{
"version_value": "32.0.0.192 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Same Origin Policy Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user."
}
]
}

77
2019/9xxx/CVE-2019-9853.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"DATE_PUBLIC": "2019-09-27T00:00:00.000Z",
"ID": "CVE-2019-9853",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Insufficient URL decoding flaw in categorizing macro location"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.2 series",
"version_value": "6.2.7"
},
{
"version_affected": "<",
"version_name": "6.3 series",
"version_value": "6.3.1"
}
]
}
}
]
},
"vendor_name": "Document Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}