admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-08 19:00:48 +00:00
parent d1b97bba4a
commit eb50d6e8a7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 113 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2018/1000xxx/CVE-2018-1000874.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a three backtick wrapped payload with a character in front: L: \"```<script>alert();</script>```\""
"value": "** DISPUTED ** PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a three backtick wrapped payload with a character in front: L: \"```<script>alert();</script>```\". NOTE: This has been argued as a non-issue (see references) since it is not the parser's job to sanitize malicious code from a parsed document."
}
]
},
@ -59,6 +59,11 @@
"name": "https://github.com/cebe/markdown/issues/166",
"refsource": "MISC",
"url": "https://github.com/cebe/markdown/issues/166"
},
{
"refsource": "MISC",
"name": "https://github.com/cebe/markdown/issues/166#issuecomment-508230493",
"url": "https://github.com/cebe/markdown/issues/166#issuecomment-508230493"
}
]
}

5
2019/11xxx/CVE-2019-11479.json
View File

@ -199,6 +199,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1699",
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"refsource": "UBUNTU",
"name": "USN-4041-1",
"url": "https://usn.ubuntu.com/4041-1/"
}
]
},

5
2019/12xxx/CVE-2019-12814.json
View File

@ -101,6 +101,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190625-0006/",
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"
}
]
}

5
2019/13xxx/CVE-2019-13012.json
View File

@ -66,6 +66,11 @@
"url": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"
},
{
"refsource": "UBUNTU",
"name": "USN-4049-1",
"url": "https://usn.ubuntu.com/4049-1/"
}
]
}

48
2019/9xxx/CVE-2019-9629.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9629",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/",
"url": "https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/"
}
]
}

48
2019/9xxx/CVE-2019-9630.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9630",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/",
"url": "https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/"
}
]
}