diff --git a/2019/18xxx/CVE-2019-18234.json b/2019/18xxx/CVE-2019-18234.json new file mode 100644 index 00000000000..b7c40d5c44a --- /dev/null +++ b/2019/18xxx/CVE-2019-18234.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18234", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Equinox Control Expert", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (SQL INJECTION) CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-353-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-353-02" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19151.json b/2019/19xxx/CVE-2019-19151.json index a37328b6b01..dc1333a20b5 100644 --- a/2019/19xxx/CVE-2019-19151.json +++ b/2019/19xxx/CVE-2019-19151.json @@ -4,14 +4,85 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "BIG-IP 15.0.0-15.1.0" + }, + { + "version_value": "14.0.0-14.1.2.3" + }, + { + "version_value": "13.1.0-13.1.3.2" + }, + { + "version_value": "12.1.0-12.1.5" + }, + { + "version_value": "11.5.2-11.6.5.1" + }, + { + "version_value": "BIG-IQ 7.0.0" + }, + { + "version_value": "6.0.0-6.1.0" + }, + { + "version_value": "5.0.0-5.4.0" + }, + { + "version_value": "iWorkflow 2.3.0" + }, + { + "version_value": "Enterprise Manager 3.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K21711352", + "url": "https://support.f5.com/csp/article/K21711352" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed." } ] } diff --git a/2019/19xxx/CVE-2019-19944.json b/2019/19xxx/CVE-2019-19944.json new file mode 100644 index 00000000000..b9af53f7414 --- /dev/null +++ b/2019/19xxx/CVE-2019-19944.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mz-automation/libiec61850/issues/196", + "refsource": "MISC", + "name": "https://github.com/mz-automation/libiec61850/issues/196" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3429.json b/2019/3xxx/CVE-2019-3429.json index 7ab418f2c69..862c2d90b53 100644 --- a/2019/3xxx/CVE-2019-3429.json +++ b/2019/3xxx/CVE-2019-3429.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3429", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3429", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "ZXCLOUD GoldenData VAP", + "version": { + "version_data": [ + { + "version_value": "All versions up to V4.01.01.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "file reading vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information." } ] } diff --git a/2019/3xxx/CVE-2019-3430.json b/2019/3xxx/CVE-2019-3430.json index 36262c3c65a..9a7fa2b967b 100644 --- a/2019/3xxx/CVE-2019-3430.json +++ b/2019/3xxx/CVE-2019-3430.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3430", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3430", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "ZXCLOUD GoldenData VAP", + "version": { + "version_data": [ + { + "version_value": "All versions up to V4.01.01.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system." } ] } diff --git a/2019/3xxx/CVE-2019-3431.json b/2019/3xxx/CVE-2019-3431.json index a4b761c9d22..53e85565b79 100644 --- a/2019/3xxx/CVE-2019-3431.json +++ b/2019/3xxx/CVE-2019-3431.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3431", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3431", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "ZXCLOUD GoldenData VAP", + "version": { + "version_data": [ + { + "version_value": "All versions up to V4.01.01.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "encryption problems" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access." } ] } diff --git a/2019/3xxx/CVE-2019-3467.json b/2019/3xxx/CVE-2019-3467.json index 75dd849d030..a830dceb409 100644 --- a/2019/3xxx/CVE-2019-3467.json +++ b/2019/3xxx/CVE-2019-3467.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3467", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3467", + "ASSIGNER": "security@debian.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Debian", + "product": { + "product_data": [ + { + "product_name": "Debian Edu", + "version": { + "version_data": [ + { + "version_value": "all versions < 2.11.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "too permissive access control settings" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals." } ] } diff --git a/2019/5xxx/CVE-2019-5108.json b/2019/5xxx/CVE-2019-5108.json index a0958fb8ab9..a8e07979a16 100644 --- a/2019/5xxx/CVE-2019-5108.json +++ b/2019/5xxx/CVE-2019-5108.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5108", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5108", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Linux kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 4.14.98-v7+" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability." } ] } diff --git a/2019/8xxx/CVE-2019-8292.json b/2019/8xxx/CVE-2019-8292.json index 5707d95274c..478ee12e18a 100644 --- a/2019/8xxx/CVE-2019-8292.json +++ b/2019/8xxx/CVE-2019-8292.json @@ -16,6 +16,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.", "url": "http://www.openwall.com/lists/oss-security/2019/10/02/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0", + "url": "http://www.openwall.com/lists/oss-security/2019/12/23/1" } ] }, diff --git a/2019/8xxx/CVE-2019-8463.json b/2019/8xxx/CVE-2019-8463.json index f81afc65983..eb54815545e 100644 --- a/2019/8xxx/CVE-2019-8463.json +++ b/2019/8xxx/CVE-2019-8463.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8463", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8463", + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Check Point", + "product": { + "product_data": [ + { + "product_name": "Check Point Endpoint Security Client for Windows", + "version": { + "version_data": [ + { + "version_value": "before E82.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://supportcontent.checkpoint.com/solutions?id=sk163578", + "url": "https://supportcontent.checkpoint.com/solutions?id=sk163578" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations." } ] }