From e40ce1bf99be42a8f195f40b887a930650956269 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 Feb 2019 15:03:42 -0500 Subject: [PATCH] - Synchronized data. --- 2015/5xxx/CVE-2015-5454.json | 4 ++-- 2016/8xxx/CVE-2016-8745.json | 10 +++++----- 2017/12xxx/CVE-2017-12625.json | 2 +- 2017/15xxx/CVE-2017-15701.json | 2 +- 2018/16xxx/CVE-2018-16447.json | 4 ++-- 2018/19xxx/CVE-2018-19844.json | 4 ++-- 2018/19xxx/CVE-2018-19845.json | 4 ++-- 2018/19xxx/CVE-2018-19918.json | 4 ++-- 2018/8xxx/CVE-2018-8018.json | 2 +- 2018/8xxx/CVE-2018-8024.json | 2 +- 2019/3xxx/CVE-2019-3924.json | 2 ++ 11 files changed, 21 insertions(+), 19 deletions(-) diff --git a/2015/5xxx/CVE-2015-5454.json b/2015/5xxx/CVE-2015-5454.json index ddb2c98eec4..027c1809a10 100644 --- a/2015/5xxx/CVE-2015-5454.json +++ b/2015/5xxx/CVE-2015-5454.json @@ -58,9 +58,9 @@ "url" : "http://packetstormsecurity.com/files/132461/Nucleus-CMS-3.65-Cross-Site-Scripting.html" }, { - "name" : "https://github.com/security-provensec/CVE-2015-5454/blob/master/nucleus.pdf", + "name" : "https://github.com/security-breachlock/CVE-2015-5454/blob/master/nucleus.pdf", "refsource" : "MISC", - "url" : "https://github.com/security-provensec/CVE-2015-5454/blob/master/nucleus.pdf" + "url" : "https://github.com/security-breachlock/CVE-2015-5454/blob/master/nucleus.pdf" }, { "name" : "https://github.com/NucleusCMS/NucleusCMS/issues/83", diff --git a/2016/8xxx/CVE-2016-8745.json b/2016/8xxx/CVE-2016-8745.json index 978c791927c..ad8d2845aae 100644 --- a/2016/8xxx/CVE-2016-8745.json +++ b/2016/8xxx/CVE-2016-8745.json @@ -16,19 +16,19 @@ "version" : { "version_data" : [ { - "version_value" : "9.0.0.M1 to 9.0.0.M13" + "version_value" : "9.0.0.M1 to 9.0.0.M13" }, { - "version_value" : "8.5.0 to 8.5.8" + "version_value" : "8.5.0 to 8.5.8" }, { - "version_value" : "8.0.0.RC1 to 8.0.39" + "version_value" : "8.0.0.RC1 to 8.0.39" }, { - "version_value" : "7.0.0 to 7.0.73" + "version_value" : "7.0.0 to 7.0.73" }, { - "version_value" : "6.0.16 to 6.0.48" + "version_value" : "6.0.16 to 6.0.48" } ] } diff --git a/2017/12xxx/CVE-2017-12625.json b/2017/12xxx/CVE-2017-12625.json index 5e8865744ca..6c3036fc3cb 100644 --- a/2017/12xxx/CVE-2017-12625.json +++ b/2017/12xxx/CVE-2017-12625.json @@ -19,7 +19,7 @@ "version_value" : "2.1.x before 2.1.2" }, { - "version_value" : "2.2.x before 2.2.1" + "version_value" : "2.2.x before 2.2.1" }, { "version_value" : "2.3.0" diff --git a/2017/15xxx/CVE-2017-15701.json b/2017/15xxx/CVE-2017-15701.json index 8d99dfb0e17..0f109b78aa3 100644 --- a/2017/15xxx/CVE-2017-15701.json +++ b/2017/15xxx/CVE-2017-15701.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected." + "value" : "In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected." } ] }, diff --git a/2018/16xxx/CVE-2018-16447.json b/2018/16xxx/CVE-2018-16447.json index 42d4adb8ec5..0c44ae22fb9 100644 --- a/2018/16xxx/CVE-2018-16447.json +++ b/2018/16xxx/CVE-2018-16447.json @@ -58,9 +58,9 @@ "url" : "https://github.com/philippe/FrogCMS/issues/12" }, { - "name" : "https://github.com/security-provensec/CVE-2018-16447/blob/master/frog_CSRF.pdf", + "name" : "https://github.com/security-breachlock/CVE-2018-16447/blob/master/frog_CSRF.pdf", "refsource" : "MISC", - "url" : "https://github.com/security-provensec/CVE-2018-16447/blob/master/frog_CSRF.pdf" + "url" : "https://github.com/security-breachlock/CVE-2018-16447/blob/master/frog_CSRF.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19844.json b/2018/19xxx/CVE-2018-19844.json index 6051a836dc0..aab38fd7a27 100644 --- a/2018/19xxx/CVE-2018-19844.json +++ b/2018/19xxx/CVE-2018-19844.json @@ -53,9 +53,9 @@ "references" : { "reference_data" : [ { - "name" : "https://github.com/security-provensec/CVE-2018-19844/blob/master/frog_CMS.pdf", + "name" : "https://github.com/security-breachlock/CVE-2018-19844/blob/master/frog_CMS.pdf", "refsource" : "MISC", - "url" : "https://github.com/security-provensec/CVE-2018-19844/blob/master/frog_CMS.pdf" + "url" : "https://github.com/security-breachlock/CVE-2018-19844/blob/master/frog_CMS.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19845.json b/2018/19xxx/CVE-2018-19845.json index cb66af5b3b9..5e4c406bc36 100644 --- a/2018/19xxx/CVE-2018-19845.json +++ b/2018/19xxx/CVE-2018-19845.json @@ -53,9 +53,9 @@ "references" : { "reference_data" : [ { - "name" : "https://github.com/security-provensec/CVE-2018-19845/blob/master/XSS.pdf", + "name" : "https://github.com/security-breachlock/CVE-2018-19845/blob/master/XSS.pdf", "refsource" : "MISC", - "url" : "https://github.com/security-provensec/CVE-2018-19845/blob/master/XSS.pdf" + "url" : "https://github.com/security-breachlock/CVE-2018-19845/blob/master/XSS.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19918.json b/2018/19xxx/CVE-2018-19918.json index abc9e594617..eded938ef8b 100644 --- a/2018/19xxx/CVE-2018-19918.json +++ b/2018/19xxx/CVE-2018-19918.json @@ -53,9 +53,9 @@ "references" : { "reference_data" : [ { - "name" : "https://github.com/security-provensec/CVE-2018-19918/blob/master/cuppa_svg.pdf", + "name" : "https://github.com/security-breachlock/CVE-2018-19918/blob/master/cuppa_svg.pdf", "refsource" : "MISC", - "url" : "https://github.com/security-provensec/CVE-2018-19918/blob/master/cuppa_svg.pdf" + "url" : "https://github.com/security-breachlock/CVE-2018-19918/blob/master/cuppa_svg.pdf" }, { "name" : "https://github.com/CuppaCMS/CuppaCMS/issues/3", diff --git a/2018/8xxx/CVE-2018-8018.json b/2018/8xxx/CVE-2018-8018.json index 61d8f4f2353..7c63e860e9b 100644 --- a/2018/8xxx/CVE-2018-8018.json +++ b/2018/8xxx/CVE-2018-8018.json @@ -38,7 +38,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint." + "value" : "In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint." } ] }, diff --git a/2018/8xxx/CVE-2018-8024.json b/2018/8xxx/CVE-2018-8024.json index 6be1d59db1d..1d5b9f0dc89 100644 --- a/2018/8xxx/CVE-2018-8024.json +++ b/2018/8xxx/CVE-2018-8024.json @@ -41,7 +41,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not." + "value" : "In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not." } ] }, diff --git a/2019/3xxx/CVE-2019-3924.json b/2019/3xxx/CVE-2019-3924.json index 082492ceab9..f959cc47d8a 100644 --- a/2019/3xxx/CVE-2019-3924.json +++ b/2019/3xxx/CVE-2019-3924.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://www.tenable.com/security/research/tra-2019-07", + "refsource" : "MISC", "url" : "https://www.tenable.com/security/research/tra-2019-07" } ]