admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-20 00:00:45 +00:00
parent 57ba922c4f
commit faaf86a676
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 294 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2018/11xxx/CVE-2018-11688.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." "value": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
} }
] ]
}, },
@ -71,6 +71,21 @@
"name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)", "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
},
{
"refsource": "FULLDISC",
"name": "20180608 Re: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
"url": "http://seclists.org/fulldisclosure/2018/Jun/24"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2",
"url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a",
"url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12795.json
View File

@ -71,6 +71,11 @@
"refsource": "BID", "refsource": "BID",
"name": "108741", "name": "108741",
"url": "http://www.securityfocus.com/bid/108741" "url": "http://www.securityfocus.com/bid/108741"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190619 [SECURITY] [DLA 1827-1] gvfs security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html"
} }
] ]
} }

67
2019/12xxx/CVE-2019-12901.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/",
"refsource": "MISC",
"name": "https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/"
},
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security",
"refsource": "MISC",
"name": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security"
}
]
}
}

67
2019/12xxx/CVE-2019-12902.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/",
"refsource": "MISC",
"name": "https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/"
},
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security",
"refsource": "MISC",
"name": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security"
}
]
}
}

67
2019/12xxx/CVE-2019-12903.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/",
"refsource": "MISC",
"name": "https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/"
},
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security",
"refsource": "MISC",
"name": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security"
}
]
}
}

72
2019/12xxx/CVE-2019-12904.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dev.gnupg.org/T4541",
"refsource": "MISC",
"name": "https://dev.gnupg.org/T4541"
},
{
"url": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"refsource": "MISC",
"name": "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762"
},
{
"url": "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020",
"refsource": "MISC",
"name": "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020"
}
]
}
}