admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-29 16:00:57 +00:00
parent 57abe4faac
commit f860db9c15
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
21 changed files with 653 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2015/5xxx/CVE-2015-5601.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5601",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://open.edx.org/announcements/CVE-2015-5601",
"url": "https://open.edx.org/announcements/CVE-2015-5601"
}
]
}

53
2015/6xxx/CVE-2015-6253.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6253",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "edx-platform before 2015-08-17 allows XSS in the Studio listing of courses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://open.edx.org/CVE-2015-6253",
"refsource": "MISC",
"name": "https://open.edx.org/CVE-2015-6253"
},
{
"refsource": "CONFIRM",
"name": "https://open.edx.org/announcements/cve-2015-6253/",
"url": "https://open.edx.org/announcements/cve-2015-6253/"
}
]
}

48
2015/6xxx/CVE-2015-6960.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6960",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "edx-platform before 2015-09-17 allows XSS via a team name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://open.edx.org/announcements/cve-2015-6960/",
"url": "https://open.edx.org/announcements/cve-2015-6960/"
}
]
}

62
2015/9xxx/CVE-2015-9288.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player/",
"url": "https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player/"
}
]
}
}

56
2019/11xxx/CVE-2019-11199.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"
}
]
}

56
2019/11xxx/CVE-2019-11200.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"
}
]
}

56
2019/11xxx/CVE-2019-11201.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11201",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities",
"url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"
}
]
}

5
2019/11xxx/CVE-2019-11709.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11711.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552541",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552541"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11712.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543804",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543804"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11713.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11715.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11717.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11719.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11729.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

5
2019/11xxx/CVE-2019-11730.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1558299",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1558299"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},

61
2019/12xxx/CVE-2019-12743.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://humhub.org/en/news",
"refsource": "MISC",
"name": "https://humhub.org/en/news"
},
{
"refsource": "MISC",
"name": "https://github.com/chanpu9/CVE/blob/master/2019-12743",
"url": "https://github.com/chanpu9/CVE/blob/master/2019-12743"
}
]
}

66
2019/12xxx/CVE-2019-12948.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An RCE (Remote Code Execution) vulnerability exists in the UCS software through 6.0.0 used by Polycom Products. The vulnerability could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system and uploading an arbitrary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.poly.com/us/en",
"refsource": "MISC",
"name": "https://www.poly.com/us/en"
},
{
"refsource": "MISC",
"name": "https://support.polycom.com/content/support/security-center.html",
"url": "https://support.polycom.com/content/support/security-center.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-0.pdf",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-execution-vulnerability-in-ucs-software-v1-0.pdf"
}
]
}

67
2019/14xxx/CVE-2019-14267.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/enferex/pdfresurrect/commits/master",
"refsource": "MISC",
"name": "https://github.com/enferex/pdfresurrect/commits/master"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.html"
}
]
}
}

68
2019/6xxx/CVE-2019-6726.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6726",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-fastest-cache/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-fastest-cache/#developers"
},
{
"url": "https://wordpress.org/plugins/wp-fastest-cache/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-fastest-cache/"
},
{
"url": "https://www.wpfastestcache.com/",
"refsource": "MISC",
"name": "https://www.wpfastestcache.com/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/152042",
"url": "https://packetstormsecurity.com/files/152042"
}
]
}

5
2019/9xxx/CVE-2019-9811.json
View File

@ -96,6 +96,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1811",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
}
]
},