From 0569817297c9b3d4f35f48176148972ea651b380 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 5 Dec 2019 17:01:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/0xxx/CVE-2013-0283.json | 55 ++++++++++++++++++++++++++-- 2013/0xxx/CVE-2013-0326.json | 65 ++++++++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20340.json | 5 +++ 2019/19xxx/CVE-2019-19466.json | 61 +++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19576.json | 10 ++++++ 2019/7xxx/CVE-2019-7183.json | 58 ++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7184.json | 58 ++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7185.json | 58 ++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7192.json | 58 ++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7193.json | 58 ++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7194.json | 58 ++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7195.json | 58 ++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9578.json | 5 +++ 13 files changed, 546 insertions(+), 61 deletions(-) diff --git a/2013/0xxx/CVE-2013-0283.json b/2013/0xxx/CVE-2013-0283.json index 2405b374acb..759c9cf737b 100644 --- a/2013/0xxx/CVE-2013-0283.json +++ b/2013/0xxx/CVE-2013-0283.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0283", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Katello", + "version": { + "version_data": [ + { + "version_value": "through 2013-02-13" + } + ] + } + } + ] + }, + "vendor_name": "Katello" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Katello: Username in Notification page has cross site scripting" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Username in Notification page XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0283", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0283" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-0283", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-0283" } ] } diff --git a/2013/0xxx/CVE-2013-0326.json b/2013/0xxx/CVE-2013-0326.json index 928ba9cac1c..019bb64dbf0 100644 --- a/2013/0xxx/CVE-2013-0326.json +++ b/2013/0xxx/CVE-2013-0326.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0326", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openstack-nova", + "product": { + "product_data": [ + { + "product_name": "openstack-nova", + "version": { + "version_data": [ + { + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenStack nova base images permissions are world readable" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "images permissions world readable" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-0326", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-0326" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0326", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0326" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-0326", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-0326" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-0326", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-0326" } ] } diff --git a/2018/20xxx/CVE-2018-20340.json b/2018/20xxx/CVE-2018-20340.json index 5790b99dc25..6ab0e550c7e 100644 --- a/2018/20xxx/CVE-2018-20340.json +++ b/2018/20xxx/CVE-2018-20340.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://developers.yubico.com/libu2f-host/Release_Notes.html", "url": "https://developers.yubico.com/libu2f-host/Release_Notes.html" + }, + { + "refsource": "MISC", + "name": "https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part1/", + "url": "https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part1/" } ] } diff --git a/2019/19xxx/CVE-2019-19466.json b/2019/19xxx/CVE-2019-19466.json index f581fd25bf3..acc48b59100 100644 --- a/2019/19xxx/CVE-2019-19466.json +++ b/2019/19xxx/CVE-2019-19466.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19466", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19466", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SCEditor 2.1.3 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sceditor.com/tags/releases/", + "refsource": "MISC", + "name": "https://www.sceditor.com/tags/releases/" + }, + { + "refsource": "MISC", + "name": "https://edricteo.com/sceditor-xss-vulnerability-in-version-2.1.3/", + "url": "https://edricteo.com/sceditor-xss-vulnerability-in-version-2.1.3/" } ] } diff --git a/2019/19xxx/CVE-2019-19576.json b/2019/19xxx/CVE-2019-19576.json index 465f1beb75a..7492dc8146b 100644 --- a/2019/19xxx/CVE-2019-19576.json +++ b/2019/19xxx/CVE-2019-19576.json @@ -86,6 +86,16 @@ "url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124", "refsource": "MISC", "name": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124" + }, + { + "refsource": "MISC", + "name": "https://github.com/jra89/CVE-2019-19576", + "url": "https://github.com/jra89/CVE-2019-19576" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779", + "url": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779" } ] } diff --git a/2019/7xxx/CVE-2019-7183.json b/2019/7xxx/CVE-2019-7183.json index 021e3a08935..a5dc8a224a9 100644 --- a/2019/7xxx/CVE-2019-7183.json +++ b/2019/7xxx/CVE-2019-7183.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7183", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7183", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: before build 20191109, QTS 4.3.6: before build 20190919, QTS 4.3.4: before build 20190921, QTS 4.3.3: before build 20190921, QTS 4.2.6: before build 20191107" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Link Resolution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions." } ] } diff --git a/2019/7xxx/CVE-2019-7184.json b/2019/7xxx/CVE-2019-7184.json index 5494186d895..380959f6c29 100644 --- a/2019/7xxx/CVE-2019-7184.json +++ b/2019/7xxx/CVE-2019-7184.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7184", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7184", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices running Video Station", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: Video Station before version 5.4.3, QTS 4.3.4 - QTS 4.4.0: Video Station before version 5.3.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator\u2019s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions." } ] } diff --git a/2019/7xxx/CVE-2019-7185.json b/2019/7xxx/CVE-2019-7185.json index f8efa5d9145..cd34bf92ef4 100644 --- a/2019/7xxx/CVE-2019-7185.json +++ b/2019/7xxx/CVE-2019-7185.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7185", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7185", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices running Music Station", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: Music Station before version 5.3.5, QTS 4.3.6 - QTS 4.4.0: Music Station before version 5.2.7, QTS 4.3.0 - QTS 4.3.4: Music Station before version 5.1.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator\u2019s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions." } ] } diff --git a/2019/7xxx/CVE-2019-7192.json b/2019/7xxx/CVE-2019-7192.json index aaf5327f200..7da52cc5522 100644 --- a/2019/7xxx/CVE-2019-7192.json +++ b/2019/7xxx/CVE-2019-7192.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7192", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7192", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices running Photo Station", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions." } ] } diff --git a/2019/7xxx/CVE-2019-7193.json b/2019/7xxx/CVE-2019-7193.json index ca6ec918d17..9afb009bd53 100644 --- a/2019/7xxx/CVE-2019-7193.json +++ b/2019/7xxx/CVE-2019-7193.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7193", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7193", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.0 - QTS 4.4.1: before build 20190918, QTS 4.3.6: before build 20190919" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions." } ] } diff --git a/2019/7xxx/CVE-2019-7194.json b/2019/7xxx/CVE-2019-7194.json index b308705b4c1..f860a4d8da8 100644 --- a/2019/7xxx/CVE-2019-7194.json +++ b/2019/7xxx/CVE-2019-7194.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7194", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7194", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices running Photo Station", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "External Control of File Name or Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions." } ] } diff --git a/2019/7xxx/CVE-2019-7195.json b/2019/7xxx/CVE-2019-7195.json index 3dfd4a2a02e..10533604f9d 100644 --- a/2019/7xxx/CVE-2019-7195.json +++ b/2019/7xxx/CVE-2019-7195.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7195", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7195", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices running Photo Station", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: Photo Station before version 6.0.3, QTS 4.3.4 - QTS 4.4.0: Photo Station before version 5.7.10, QTS 4.3.0 - QTS 4.3.3: Photo Station before version 5.4.9, QTS 4.2.6: Photo Station before version 5.2.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "External Control of File Name or Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-25" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions." } ] } diff --git a/2019/9xxx/CVE-2019-9578.json b/2019/9xxx/CVE-2019-9578.json index e2db028c7c1..b47bc8b1084 100644 --- a/2019/9xxx/CVE-2019-9578.json +++ b/2019/9xxx/CVE-2019-9578.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1725", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html" + }, + { + "refsource": "MISC", + "name": "https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/", + "url": "https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/" } ] }