diff --git a/2013/2xxx/CVE-2013-2159.json b/2013/2xxx/CVE-2013-2159.json index b3a92f78551..e0891be75ff 100644 --- a/2013/2xxx/CVE-2013-2159.json +++ b/2013/2xxx/CVE-2013-2159.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2159", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "monkey", + "product": { + "product_data": [ + { + "product_name": "monkey", + "version": { + "version_data": [ + { + "version_value": "< 1.2.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Monkey HTTP Daemon: broken user name authentication" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "broken authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2159", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2159" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/06/07/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/07/4" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60415", + "url": "http://www.securityfocus.com/bid/60415" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85138", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85138" } ] } diff --git a/2013/2xxx/CVE-2013-2166.json b/2013/2xxx/CVE-2013-2166.json index b2fef74e884..e2f3612f81a 100644 --- a/2013/2xxx/CVE-2013-2166.json +++ b/2013/2xxx/CVE-2013-2166.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2166", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "python-keystoneclient", + "product": { + "product_data": [ + { + "product_name": "python-keystoneclient", + "version": { + "version_data": [ + { + "version_value": "< 0.2.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,63 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memcache encryption bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2166", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2166" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-2166", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-2166" + }, + { + "url": "http://www.securityfocus.com/bid/60684", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60684" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/19/5", + "url": "http://www.openwall.com/lists/oss-security/2013/06/19/5" } ] } diff --git a/2013/2xxx/CVE-2013-2167.json b/2013/2xxx/CVE-2013-2167.json index 69e50a6ae5c..f2e8496a09d 100644 --- a/2013/2xxx/CVE-2013-2167.json +++ b/2013/2xxx/CVE-2013-2167.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2167", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "python-keystoneclient", + "product": { + "product_data": [ + { + "product_name": "python-keystoneclient", + "version": { + "version_data": [ + { + "version_value": "< 0.2.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,68 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memcache signing bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2167", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2167" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-2167", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-2167" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/19/5", + "url": "http://www.openwall.com/lists/oss-security/2013/06/19/5" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60680", + "url": "http://www.securityfocus.com/bid/60680" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492" } ] } diff --git a/2013/2xxx/CVE-2013-2183.json b/2013/2xxx/CVE-2013-2183.json index 61348cfc72c..ad77445a616 100644 --- a/2013/2xxx/CVE-2013-2183.json +++ b/2013/2xxx/CVE-2013-2183.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2183", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "monkey", + "product": { + "product_data": [ + { + "product_name": "monkey", + "version": { + "version_data": [ + { + "version_value": "through 2013-06-14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Monkey HTTP Daemon has local security bypass" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNKNOWN_TYPE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2183", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2183" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/06/14/13", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/14/13" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/14/12", + "url": "http://www.openwall.com/lists/oss-security/2013/06/14/12" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/60589", + "url": "https://www.securityfocus.com/bid/60589" } ] } diff --git a/2013/4xxx/CVE-2013-4120.json b/2013/4xxx/CVE-2013-4120.json index 341c2ee7641..698f273c288 100644 --- a/2013/4xxx/CVE-2013-4120.json +++ b/2013/4xxx/CVE-2013-4120.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4120", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Katello", + "version": { + "version_data": [ + { + "version_value": "through 2013-07-12" + } + ] + } + } + ] + }, + "vendor_name": "Katello" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Katello has a Denial of Service vulnerability in API OAuth authentication" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS in API OAuth authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4120", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4120" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-4120", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-4120" } ] } diff --git a/2013/4xxx/CVE-2013-4133.json b/2013/4xxx/CVE-2013-4133.json index 3bd027f77e1..e0f16062531 100644 --- a/2013/4xxx/CVE-2013-4133.json +++ b/2013/4xxx/CVE-2013-4133.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4133", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kde-workspace", + "product": { + "product_data": [ + { + "product_name": "kde-workspace", + "version": { + "version_data": [ + { + "version_value": "< 4.10.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "kde-workspace before 4.10.5 has a memory leak in plasma desktop" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-4133", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-4133" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4133", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4133" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-4133", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-4133" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/16/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/16/4" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61201", + "url": "http://www.securityfocus.com/bid/61201" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85797", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85797" } ] } diff --git a/2013/4xxx/CVE-2013-4184.json b/2013/4xxx/CVE-2013-4184.json index ac061001d1f..b2677a5397d 100644 --- a/2013/4xxx/CVE-2013-4184.json +++ b/2013/4xxx/CVE-2013-4184.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4184", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libdata-uuid-perl", + "product": { + "product_data": [ + { + "product_name": "libdata-uuid-perl", + "version": { + "version_data": [ + { + "version_value": "1.219" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "attacks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-4184", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-4184" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-4184", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-4184" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/31/4", + "url": "http://www.openwall.com/lists/oss-security/2013/07/31/4" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61534", + "url": "http://www.securityfocus.com/bid/61534" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86103", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86103" } ] } diff --git a/2016/1000xxx/CVE-2016-1000108.json b/2016/1000xxx/CVE-2016-1000108.json index b8b97017590..e63daaf8ae7 100644 --- a/2016/1000xxx/CVE-2016-1000108.json +++ b/2016/1000xxx/CVE-2016-1000108.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1000108", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/07/18/6", + "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000108", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000108" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1", + "url": "https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1" } ] } diff --git a/2017/17xxx/CVE-2017-17742.json b/2017/17xxx/CVE-2017-17742.json index c175ab9cf7d..430a86e7857 100644 --- a/2017/17xxx/CVE-2017-17742.json +++ b/2017/17xxx/CVE-2017-17742.json @@ -136,6 +136,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2028", "url": "https://access.redhat.com/errata/RHSA-2019:2028" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" } ] } diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json index 6f95fdaf1d6..26c40a94e3c 100644 --- a/2019/16xxx/CVE-2019-16201.json +++ b/2019/16xxx/CVE-2019-16201.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" } ] } diff --git a/2019/16xxx/CVE-2019-16254.json b/2019/16xxx/CVE-2019-16254.json index 77032e64c58..72bf40fe3e0 100644 --- a/2019/16xxx/CVE-2019-16254.json +++ b/2019/16xxx/CVE-2019-16254.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" } ] } diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json index a48e1f1216d..d8654428280 100644 --- a/2019/16xxx/CVE-2019-16255.json +++ b/2019/16xxx/CVE-2019-16255.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", "url": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html" } ] } diff --git a/2019/19xxx/CVE-2019-19251.json b/2019/19xxx/CVE-2019-19251.json index 6a127363b4d..3c34a52737b 100644 --- a/2019/19xxx/CVE-2019-19251.json +++ b/2019/19xxx/CVE-2019-19251.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19251", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19251", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://getsatisfaction.com/lastfm/topics/why-doesnt-the-macos-client-enable-ssl-by-default-c1nh5k1s054ak", + "refsource": "MISC", + "name": "https://getsatisfaction.com/lastfm/topics/why-doesnt-the-macos-client-enable-ssl-by-default-c1nh5k1s054ak" } ] } diff --git a/2019/19xxx/CVE-2019-19699.json b/2019/19xxx/CVE-2019-19699.json new file mode 100644 index 00000000000..9fad5aa0589 --- /dev/null +++ b/2019/19xxx/CVE-2019-19699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file