From 180582ef9e643eba409b5926fce824caff6b2d59 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 10 Jan 2019 12:05:10 -0500 Subject: [PATCH] - Synchronized data. --- 2018/0xxx/CVE-2018-0482.json | 166 +++++++++++++++++------------------ 2018/0xxx/CVE-2018-0483.json | 166 +++++++++++++++++------------------ 2019/5xxx/CVE-2019-5892.json | 73 ++++++++++++++- 2019/5xxx/CVE-2019-5893.json | 62 +++++++++++++ 4 files changed, 299 insertions(+), 168 deletions(-) create mode 100644 2019/5xxx/CVE-2019-5893.json diff --git a/2018/0xxx/CVE-2018-0482.json b/2018/0xxx/CVE-2018-0482.json index 20432c28eed..321785e5b39 100644 --- a/2018/0xxx/CVE-2018-0482.json +++ b/2018/0xxx/CVE-2018-0482.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-01-09T16:00:00-0800", - "ID": "CVE-2018-0482", - "STATE": "PUBLIC", - "TITLE": "Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Prime Network Control System ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-01-09T16:00:00-0800", + "ID" : "CVE-2018-0482", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Prime Network Control System ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "5.4", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "5.4", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190109 Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-pnc-stored-xss" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190109-pnc-stored-xss", - "defect": [ - [ - "CSCvj92813" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190109 Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-pnc-stored-xss" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190109-pnc-stored-xss", + "defect" : [ + [ + "CSCvj92813" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2018/0xxx/CVE-2018-0483.json b/2018/0xxx/CVE-2018-0483.json index af63696f3c3..49ea276b269 100644 --- a/2018/0xxx/CVE-2018-0483.json +++ b/2018/0xxx/CVE-2018-0483.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-01-09T16:00:00-0800", - "ID": "CVE-2018-0483", - "STATE": "PUBLIC", - "TITLE": "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Jabber IM for Android ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-01-09T16:00:00-0800", + "ID" : "CVE-2018-0483", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Jabber IM for Android ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "4.6", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "4.6", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190109-jcf-im-xss", - "defect": [ - [ - "CSCvm82721" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190109-jcf-im-xss", + "defect" : [ + [ + "CSCvm82721" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/5xxx/CVE-2019-5892.json b/2019/5xxx/CVE-2019-5892.json index 299c297c0c9..ce8ff0934e2 100644 --- a/2019/5xxx/CVE-2019-5892.json +++ b/2019/5xxx/CVE-2019-5892.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-5892", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,53 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2, as used in Cumulus Linux through 3.7.x and other products, when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a", + "refsource" : "MISC", + "url" : "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a" + }, + { + "name" : "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4", + "refsource" : "MISC", + "url" : "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4" + }, + { + "name" : "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1", + "refsource" : "MISC", + "url" : "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1" + }, + { + "name" : "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2", + "refsource" : "MISC", + "url" : "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2" + }, + { + "name" : "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2", + "refsource" : "MISC", + "url" : "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2" + }, + { + "name" : "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html", + "refsource" : "MISC", + "url" : "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html" } ] } diff --git a/2019/5xxx/CVE-2019-5893.json b/2019/5xxx/CVE-2019-5893.json new file mode 100644 index 00000000000..4138abbf84a --- /dev/null +++ b/2019/5xxx/CVE-2019-5893.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-5893", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/EmreOvunc/OpenSource-ERP-SQL-Injection", + "refsource" : "MISC", + "url" : "https://github.com/EmreOvunc/OpenSource-ERP-SQL-Injection" + } + ] + } +}