From 1fe971b3a80fd20e97c80d63e419cb18a6c4aead Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Apr 2019 15:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/1xxx/CVE-2018-1903.json | 184 ++++++++++++++++----------------- 2018/1xxx/CVE-2018-1994.json | 182 ++++++++++++++++---------------- 2019/0xxx/CVE-2019-0199.json | 58 +++++++++-- 2019/10xxx/CVE-2019-10843.json | 4 +- 2019/4xxx/CVE-2019-4013.json | 174 +++++++++++++++---------------- 2019/6xxx/CVE-2019-6287.json | 53 +++++++++- 2019/7xxx/CVE-2019-7385.json | 5 + 2019/7xxx/CVE-2019-7386.json | 5 + 2019/9xxx/CVE-2019-9489.json | 5 + 9 files changed, 389 insertions(+), 281 deletions(-) diff --git a/2018/1xxx/CVE-2018-1903.json b/2018/1xxx/CVE-2018-1903.json index dffd235e3a8..9c7bf5cb8f2 100644 --- a/2018/1xxx/CVE-2018-1903.json +++ b/2018/1xxx/CVE-2018-1903.json @@ -1,96 +1,96 @@ { - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4.2.0" - }, - { - "version_value" : "4.3.0" - }, - { - "version_value" : "6.0.0" - } - ] - }, - "product_name" : "Sterling Connect:Direct for UNIX" - } - ] - } + "value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.", + "lang": "eng" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 875386 (Sterling Connect:Direct for UNIX)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875386", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875386" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve20181903-priv-escalation (152532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152532" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.2.0" + }, + { + "version_value": "4.3.0" + }, + { + "version_value": "6.0.0" + } + ] + }, + "product_name": "Sterling Connect:Direct for UNIX" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1903", - "DATE_PUBLIC" : "2019-04-01T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "UI" : "N", - "AC" : "L", - "SCORE" : "6.700", - "AV" : "L", - "I" : "H", - "A" : "H", - "S" : "U", - "PR" : "H" - } - } - } -} + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 875386 (Sterling Connect:Direct for UNIX)", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875386", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875386" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve20181903-priv-escalation (152532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152532" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2018-1903", + "DATE_PUBLIC": "2019-04-01T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "H", + "UI": "N", + "AC": "L", + "SCORE": "6.700", + "AV": "L", + "I": "H", + "A": "H", + "S": "U", + "PR": "H" + } + } + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1994.json b/2018/1xxx/CVE-2018-1994.json index 7286a3fa129..2a1897b5eab 100644 --- a/2018/1xxx/CVE-2018-1994.json +++ b/2018/1xxx/CVE-2018-1994.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.5" - }, - { - "version_value" : "11.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 793871 (InfoSphere Information Server)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10793871", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10793871" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154494", - "name" : "ibm-infosphere-cve20181994-sql-injection (154494)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494." - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-04-04T00:00:00", - "ID" : "CVE-2018-1994", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "C" : "L", - "UI" : "N", - "I" : "L", - "A" : "L", - "S" : "U", - "PR" : "L", - "SCORE" : "6.300", - "AV" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.5" + }, + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0" -} + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 793871 (InfoSphere Information Server)", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10793871", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10793871" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154494", + "name": "ibm-infosphere-cve20181994-sql-injection (154494)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494." + } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-04-04T00:00:00", + "ID": "CVE-2018-1994", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "C": "L", + "UI": "N", + "I": "L", + "A": "L", + "S": "U", + "PR": "L", + "SCORE": "6.300", + "AV": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index 644c66e5f60..3d92a606818 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0199", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0199", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.14, 8.5.0 to 8.5.37" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E", + "url": "https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS." } ] } diff --git a/2019/10xxx/CVE-2019-10843.json b/2019/10xxx/CVE-2019-10843.json index 78f35884c29..466f3e1408e 100644 --- a/2019/10xxx/CVE-2019-10843.json +++ b/2019/10xxx/CVE-2019-10843.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2019-10843", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/4xxx/CVE-2019-4013.json b/2019/4xxx/CVE-2019-4013.json index a69f579caf7..372a112ada0 100644 --- a/2019/4xxx/CVE-2019-4013.json +++ b/2019/4xxx/CVE-2019-4013.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-11T00:00:00", - "ID" : "CVE-2019-4013" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "C" : "H", - "UI" : "R", - "A" : "H", - "I" : "H", - "PR" : "L", - "S" : "C", - "AV" : "N", - "SCORE" : "9.000" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10874666", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10874666", - "title" : "IBM Security Bulletin 874666 (BigFix Platform)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155887", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-bigfix-cve2019-4013-code-exec (155887)" - } - ] - }, - "data_type" : "CVE", - "data_format" : "MITRE" -} + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-11T00:00:00", + "ID": "CVE-2019-4013" + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "C": "H", + "UI": "R", + "A": "H", + "I": "H", + "PR": "L", + "S": "C", + "AV": "N", + "SCORE": "9.000" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10874666", + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10874666", + "title": "IBM Security Bulletin 874666 (BigFix Platform)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155887", + "title": "X-Force Vulnerability Report", + "name": "ibm-bigfix-cve2019-4013-code-exec (155887)" + } + ] + }, + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6287.json b/2019/6xxx/CVE-2019-6287.json index 8586eb5c54c..aa72694c1a2 100644 --- a/2019/6xxx/CVE-2019-6287.json +++ b/2019/6xxx/CVE-2019-6287.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6287", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/", + "url": "https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/" + }, + { + "refsource": "CONFIRM", + "name": "https://forums.rancher.com/c/announcements", + "url": "https://forums.rancher.com/c/announcements" } ] } diff --git a/2019/7xxx/CVE-2019-7385.json b/2019/7xxx/CVE-2019-7385.json index 2d524e107b6..e669657bdda 100644 --- a/2019/7xxx/CVE-2019-7385.json +++ b/2019/7xxx/CVE-2019-7385.json @@ -81,6 +81,11 @@ "url": "https://s3curityb3ast.github.io", "refsource": "MISC", "name": "https://s3curityb3ast.github.io" + }, + { + "refsource": "MISC", + "name": "https://s3curityb3ast.github.io/KSA-Dev-006.md", + "url": "https://s3curityb3ast.github.io/KSA-Dev-006.md" } ] } diff --git a/2019/7xxx/CVE-2019-7386.json b/2019/7xxx/CVE-2019-7386.json index 5f9c3118566..baaf8c3b04e 100644 --- a/2019/7xxx/CVE-2019-7386.json +++ b/2019/7xxx/CVE-2019-7386.json @@ -76,6 +76,11 @@ "url": "http://www.breakthesec.com", "refsource": "MISC", "name": "http://www.breakthesec.com" + }, + { + "refsource": "MISC", + "name": "https://s3curityb3ast.github.io/KSA-Dev-007.md", + "url": "https://s3curityb3ast.github.io/KSA-Dev-007.md" } ] } diff --git a/2019/9xxx/CVE-2019-9489.json b/2019/9xxx/CVE-2019-9489.json index 86b4e8074ef..a2a7cc19cb1 100644 --- a/2019/9xxx/CVE-2019-9489.json +++ b/2019/9xxx/CVE-2019-9489.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://success.trendmicro.com/solution/1122250", "url": "https://success.trendmicro.com/solution/1122250" + }, + { + "refsource": "CONFIRM", + "name": "https://success.trendmicro.com/jp/solution/1122253", + "url": "https://success.trendmicro.com/jp/solution/1122253" } ] }