From ecde59dd3bd083b18983555adeed48378f655ec7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 24 May 2019 14:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12312.json | 72 ++++++++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12313.json | 72 ++++++++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12314.json | 62 +++++++++++++++++++++++++++++ 3 files changed, 206 insertions(+) create mode 100644 2019/12xxx/CVE-2019-12312.json create mode 100644 2019/12xxx/CVE-2019-12313.json create mode 100644 2019/12xxx/CVE-2019-12314.json diff --git a/2019/12xxx/CVE-2019-12312.json b/2019/12xxx/CVE-2019-12312.json new file mode 100644 index 00000000000..80d46db5f40 --- /dev/null +++ b/2019/12xxx/CVE-2019-12312.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Libreswan before 3.28, an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode to a Libreswan server. This affects send_v2N_spi_response_from_state in programs/pluto/ikev2_send.c when built with Network Security Services (NSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/218/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/218/" + }, + { + "url": "https://github.com/libreswan/libreswan/issues/246", + "refsource": "MISC", + "name": "https://github.com/libreswan/libreswan/issues/246" + }, + { + "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683", + "refsource": "MISC", + "name": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12313.json b/2019/12xxx/CVE-2019-12313.json new file mode 100644 index 00000000000..ce087b3577b --- /dev/null +++ b/2019/12xxx/CVE-2019-12313.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/advisories/822", + "refsource": "MISC", + "name": "https://www.npmjs.com/advisories/822" + }, + { + "url": "https://github.com/dollarshaveclub/shave/commit/da7371b0531ba14eae48ef1bb1456a3de4cfa954#diff-074799b511e4b61923dfd3f2a3bf9b54R67", + "refsource": "MISC", + "name": "https://github.com/dollarshaveclub/shave/commit/da7371b0531ba14eae48ef1bb1456a3de4cfa954#diff-074799b511e4b61923dfd3f2a3bf9b54R67" + }, + { + "url": "https://github.com/dollarshaveclub/shave/compare/852b537...da7371b", + "refsource": "MISC", + "name": "https://github.com/dollarshaveclub/shave/compare/852b537...da7371b" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12314.json b/2019/12xxx/CVE-2019-12314.json new file mode 100644 index 00000000000..3817c901026 --- /dev/null +++ b/2019/12xxx/CVE-2019-12314.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt", + "refsource": "MISC", + "name": "https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt" + } + ] + } +} \ No newline at end of file