From 0c32179dece01113d7aed4e2d07c4e84588efe1c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 19 Dec 2019 19:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/15xxx/CVE-2017-15095.json | 5 +++ 2017/7xxx/CVE-2017-7525.json | 5 +++ 2018/14xxx/CVE-2018-14526.json | 5 +++ 2019/18xxx/CVE-2019-18181.json | 62 +++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19909.json | 72 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19910.json | 67 +++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19911.json | 18 +++++++++ 2019/19xxx/CVE-2019-19912.json | 18 +++++++++ 2019/19xxx/CVE-2019-19913.json | 18 +++++++++ 9 files changed, 270 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18181.json create mode 100644 2019/19xxx/CVE-2019-19909.json create mode 100644 2019/19xxx/CVE-2019-19910.json create mode 100644 2019/19xxx/CVE-2019-19911.json create mode 100644 2019/19xxx/CVE-2019-19912.json create mode 100644 2019/19xxx/CVE-2019-19913.json diff --git a/2017/15xxx/CVE-2017-15095.json b/2017/15xxx/CVE-2017-15095.json index a2ad78540d4..b2ac9df4cc6 100644 --- a/2017/15xxx/CVE-2017-15095.json +++ b/2017/15xxx/CVE-2017-15095.json @@ -200,6 +200,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3892", "url": "https://access.redhat.com/errata/RHSA-2019:3892" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x", + "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7525.json b/2017/7xxx/CVE-2017-7525.json index 9dc1d535d34..2ce36da8bbf 100644 --- a/2017/7xxx/CVE-2017-7525.json +++ b/2017/7xxx/CVE-2017-7525.json @@ -323,6 +323,11 @@ "refsource": "MLIST", "name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x", "url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x", + "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2018/14xxx/CVE-2018-14526.json b/2018/14xxx/CVE-2018-14526.json index 4a1f64773ca..fd1ff2fc0b3 100644 --- a/2018/14xxx/CVE-2018-14526.json +++ b/2018/14xxx/CVE-2018-14526.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01" } ] } diff --git a/2019/18xxx/CVE-2019-18181.json b/2019/18xxx/CVE-2019-18181.json new file mode 100644 index 00000000000..e87fdf2feb6 --- /dev/null +++ b/2019/18xxx/CVE-2019-18181.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/9001-security-advisory-44", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/9001-security-advisory-44" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19909.json b/2019/19xxx/CVE-2019-19909.json new file mode 100644 index 00000000000..e5904f41f1f --- /dev/null +++ b/2019/19xxx/CVE-2019-19909.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pkp/pkp-lib/issues/5302", + "refsource": "MISC", + "name": "https://github.com/pkp/pkp-lib/issues/5302" + }, + { + "url": "https://pkp.sfu.ca/ojs/ojs_download/", + "refsource": "MISC", + "name": "https://pkp.sfu.ca/ojs/ojs_download/" + }, + { + "url": "https://github.com/pkp/pkp-lib/compare/3_1_2-1...3_1_2-2", + "refsource": "MISC", + "name": "https://github.com/pkp/pkp-lib/compare/3_1_2-1...3_1_2-2" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19910.json b/2019/19xxx/CVE-2019-19910.json new file mode 100644 index 00000000000..2b44b725128 --- /dev/null +++ b/2019/19xxx/CVE-2019-19910.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T240487", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T240487" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19911.json b/2019/19xxx/CVE-2019-19911.json new file mode 100644 index 00000000000..2f9688c0c11 --- /dev/null +++ b/2019/19xxx/CVE-2019-19911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19912.json b/2019/19xxx/CVE-2019-19912.json new file mode 100644 index 00000000000..b8d8fe21477 --- /dev/null +++ b/2019/19xxx/CVE-2019-19912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19913.json b/2019/19xxx/CVE-2019-19913.json new file mode 100644 index 00000000000..2df9e85d316 --- /dev/null +++ b/2019/19xxx/CVE-2019-19913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file