From 0645fe672688209237ad30301d85d0c455c19474 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 21:01:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/14xxx/CVE-2018-14498.json | 5 +++ 2018/18xxx/CVE-2018-18466.json | 48 ++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20736.json | 58 ++++++++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20737.json | 58 ++++++++++++++++++++++++++++++++-- 2019/6xxx/CVE-2019-6970.json | 48 ++++++++++++++++++++++++++-- 2019/7xxx/CVE-2019-7161.json | 53 +++++++++++++++++++++++++++++-- 2019/8xxx/CVE-2019-8331.json | 12 ++++++- 7 files changed, 271 insertions(+), 11 deletions(-) diff --git a/2018/14xxx/CVE-2018-14498.json b/2018/14xxx/CVE-2018-14498.json index 4742121d161..18e489bc4eb 100644 --- a/2018/14xxx/CVE-2018-14498.json +++ b/2018/14xxx/CVE-2018-14498.json @@ -66,6 +66,11 @@ "name": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55", "refsource": "MISC", "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html" } ] } diff --git a/2018/18xxx/CVE-2018-18466.json b/2018/18xxx/CVE-2018-18466.json index 124ced49a7b..3c07d9cd6b9 100644 --- a/2018/18xxx/CVE-2018-18466.json +++ b/2018/18xxx/CVE-2018-18466.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18466", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-18466/", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-18466/" } ] } diff --git a/2018/20xxx/CVE-2018-20736.json b/2018/20xxx/CVE-2018-20736.json index 0bbd0da7b13..30e9d2f7e06 100644 --- a/2018/20xxx/CVE-2018-20736.json +++ b/2018/20xxx/CVE-2018-20736.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20736", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wso2.com/security-patch-releases/api-manager", + "url": "https://wso2.com/security-patch-releases/api-manager" + }, + { + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20736/", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20736/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wso2/carbon-apimgt/pull/5844/files", + "url": "https://github.com/wso2/carbon-apimgt/pull/5844/files" } ] } diff --git a/2018/20xxx/CVE-2018-20737.json b/2018/20xxx/CVE-2018-20737.json index 4f509d4ea84..a0d4c40e8fe 100644 --- a/2018/20xxx/CVE-2018-20737.json +++ b/2018/20xxx/CVE-2018-20737.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20737", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737/", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files", + "url": "https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files" + }, + { + "refsource": "CONFIRM", + "name": "https://wso2.com/security-patch-releases/api-manager", + "url": "https://wso2.com/security-patch-releases/api-manager" } ] } diff --git a/2019/6xxx/CVE-2019-6970.json b/2019/6xxx/CVE-2019-6970.json index 3ecbf423b60..181e94aafd9 100644 --- a/2019/6xxx/CVE-2019-6970.json +++ b/2019/6xxx/CVE-2019-6970.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6970", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Moodle 3.5.x before 3.5.4 allows SSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6970/", + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6970/" } ] } diff --git a/2019/7xxx/CVE-2019-7161.json b/2019/7xxx/CVE-2019-7161.json index c7c51638b4c..fddfe31aea4 100644 --- a/2019/7xxx/CVE-2019-7161.json +++ b/2019/7xxx/CVE-2019-7161.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7161", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/self-service-password/release-notes.html", + "url": "https://www.manageengine.com/products/self-service-password/release-notes.html" } ] } diff --git a/2019/8xxx/CVE-2019-8331.json b/2019/8xxx/CVE-2019-8331.json index c417c27702c..0d595dc3f78 100644 --- a/2019/8xxx/CVE-2019-8331.json +++ b/2019/8xxx/CVE-2019-8331.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute." + "value": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute." } ] }, @@ -66,6 +66,16 @@ "name": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1" + }, + { + "refsource": "CONFIRM", + "name": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", + "url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/" + }, + { + "refsource": "MISC", + "name": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", + "url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1" } ] }