From 200c44eeaecd79a8837827cd13ead1ced7ff5bf8 Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Tue, 15 Oct 2019 13:20:38 -0700 Subject: [PATCH] Bill Situ Update Oracle owned CVEs for 2019 CPU October. On branch cna/Oracle/CPU2019Oct Changes to be committed: modified: 2018/2xxx/CVE-2018-2875.json modified: 2018/3xxx/CVE-2018-3300.json modified: 2019/2xxx/CVE-2019-2734.json modified: 2019/2xxx/CVE-2019-2765.json modified: 2019/2xxx/CVE-2019-2872.json modified: 2019/2xxx/CVE-2019-2883.json modified: 2019/2xxx/CVE-2019-2884.json modified: 2019/2xxx/CVE-2019-2886.json modified: 2019/2xxx/CVE-2019-2887.json modified: 2019/2xxx/CVE-2019-2888.json modified: 2019/2xxx/CVE-2019-2889.json modified: 2019/2xxx/CVE-2019-2890.json modified: 2019/2xxx/CVE-2019-2891.json modified: 2019/2xxx/CVE-2019-2894.json modified: 2019/2xxx/CVE-2019-2895.json modified: 2019/2xxx/CVE-2019-2896.json modified: 2019/2xxx/CVE-2019-2897.json modified: 2019/2xxx/CVE-2019-2898.json modified: 2019/2xxx/CVE-2019-2899.json modified: 2019/2xxx/CVE-2019-2900.json modified: 2019/2xxx/CVE-2019-2901.json modified: 2019/2xxx/CVE-2019-2902.json modified: 2019/2xxx/CVE-2019-2903.json modified: 2019/2xxx/CVE-2019-2904.json modified: 2019/2xxx/CVE-2019-2905.json modified: 2019/2xxx/CVE-2019-2906.json modified: 2019/2xxx/CVE-2019-2907.json modified: 2019/2xxx/CVE-2019-2909.json modified: 2019/2xxx/CVE-2019-2910.json modified: 2019/2xxx/CVE-2019-2911.json modified: 2019/2xxx/CVE-2019-2913.json modified: 2019/2xxx/CVE-2019-2914.json modified: 2019/2xxx/CVE-2019-2915.json modified: 2019/2xxx/CVE-2019-2920.json modified: 2019/2xxx/CVE-2019-2922.json modified: 2019/2xxx/CVE-2019-2923.json modified: 2019/2xxx/CVE-2019-2924.json modified: 2019/2xxx/CVE-2019-2925.json modified: 2019/2xxx/CVE-2019-2926.json modified: 2019/2xxx/CVE-2019-2927.json modified: 2019/2xxx/CVE-2019-2929.json modified: 2019/2xxx/CVE-2019-2930.json modified: 2019/2xxx/CVE-2019-2931.json modified: 2019/2xxx/CVE-2019-2932.json modified: 2019/2xxx/CVE-2019-2933.json modified: 2019/2xxx/CVE-2019-2934.json modified: 2019/2xxx/CVE-2019-2935.json modified: 2019/2xxx/CVE-2019-2936.json modified: 2019/2xxx/CVE-2019-2937.json modified: 2019/2xxx/CVE-2019-2938.json modified: 2019/2xxx/CVE-2019-2939.json modified: 2019/2xxx/CVE-2019-2940.json modified: 2019/2xxx/CVE-2019-2941.json modified: 2019/2xxx/CVE-2019-2942.json modified: 2019/2xxx/CVE-2019-2943.json modified: 2019/2xxx/CVE-2019-2944.json modified: 2019/2xxx/CVE-2019-2945.json modified: 2019/2xxx/CVE-2019-2946.json modified: 2019/2xxx/CVE-2019-2947.json modified: 2019/2xxx/CVE-2019-2948.json modified: 2019/2xxx/CVE-2019-2949.json modified: 2019/2xxx/CVE-2019-2950.json modified: 2019/2xxx/CVE-2019-2951.json modified: 2019/2xxx/CVE-2019-2952.json modified: 2019/2xxx/CVE-2019-2953.json modified: 2019/2xxx/CVE-2019-2954.json modified: 2019/2xxx/CVE-2019-2955.json modified: 2019/2xxx/CVE-2019-2956.json modified: 2019/2xxx/CVE-2019-2957.json modified: 2019/2xxx/CVE-2019-2958.json modified: 2019/2xxx/CVE-2019-2959.json modified: 2019/2xxx/CVE-2019-2960.json modified: 2019/2xxx/CVE-2019-2961.json modified: 2019/2xxx/CVE-2019-2962.json modified: 2019/2xxx/CVE-2019-2963.json modified: 2019/2xxx/CVE-2019-2964.json modified: 2019/2xxx/CVE-2019-2965.json modified: 2019/2xxx/CVE-2019-2966.json modified: 2019/2xxx/CVE-2019-2967.json modified: 2019/2xxx/CVE-2019-2968.json modified: 2019/2xxx/CVE-2019-2969.json modified: 2019/2xxx/CVE-2019-2970.json modified: 2019/2xxx/CVE-2019-2971.json modified: 2019/2xxx/CVE-2019-2972.json modified: 2019/2xxx/CVE-2019-2973.json modified: 2019/2xxx/CVE-2019-2974.json modified: 2019/2xxx/CVE-2019-2975.json modified: 2019/2xxx/CVE-2019-2976.json modified: 2019/2xxx/CVE-2019-2977.json modified: 2019/2xxx/CVE-2019-2978.json modified: 2019/2xxx/CVE-2019-2979.json modified: 2019/2xxx/CVE-2019-2980.json modified: 2019/2xxx/CVE-2019-2981.json modified: 2019/2xxx/CVE-2019-2982.json modified: 2019/2xxx/CVE-2019-2983.json modified: 2019/2xxx/CVE-2019-2984.json modified: 2019/2xxx/CVE-2019-2985.json modified: 2019/2xxx/CVE-2019-2986.json modified: 2019/2xxx/CVE-2019-2987.json modified: 2019/2xxx/CVE-2019-2988.json modified: 2019/2xxx/CVE-2019-2989.json modified: 2019/2xxx/CVE-2019-2990.json modified: 2019/2xxx/CVE-2019-2991.json modified: 2019/2xxx/CVE-2019-2992.json modified: 2019/2xxx/CVE-2019-2993.json modified: 2019/2xxx/CVE-2019-2994.json modified: 2019/2xxx/CVE-2019-2995.json modified: 2019/2xxx/CVE-2019-2996.json modified: 2019/2xxx/CVE-2019-2997.json modified: 2019/2xxx/CVE-2019-2998.json modified: 2019/2xxx/CVE-2019-2999.json modified: 2019/3xxx/CVE-2019-3000.json modified: 2019/3xxx/CVE-2019-3001.json modified: 2019/3xxx/CVE-2019-3002.json modified: 2019/3xxx/CVE-2019-3003.json modified: 2019/3xxx/CVE-2019-3004.json modified: 2019/3xxx/CVE-2019-3005.json modified: 2019/3xxx/CVE-2019-3008.json modified: 2019/3xxx/CVE-2019-3009.json modified: 2019/3xxx/CVE-2019-3010.json modified: 2019/3xxx/CVE-2019-3011.json modified: 2019/3xxx/CVE-2019-3012.json modified: 2019/3xxx/CVE-2019-3014.json modified: 2019/3xxx/CVE-2019-3015.json modified: 2019/3xxx/CVE-2019-3017.json modified: 2019/3xxx/CVE-2019-3018.json modified: 2019/3xxx/CVE-2019-3019.json modified: 2019/3xxx/CVE-2019-3020.json modified: 2019/3xxx/CVE-2019-3021.json modified: 2019/3xxx/CVE-2019-3022.json modified: 2019/3xxx/CVE-2019-3023.json modified: 2019/3xxx/CVE-2019-3024.json modified: 2019/3xxx/CVE-2019-3025.json modified: 2019/3xxx/CVE-2019-3026.json modified: 2019/3xxx/CVE-2019-3027.json modified: 2019/3xxx/CVE-2019-3028.json modified: 2019/3xxx/CVE-2019-3031.json --- 2018/2xxx/CVE-2018-2875.json | 82 +++++++++++++++++++++++++------ 2018/3xxx/CVE-2018-3300.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2734.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2765.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2872.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2883.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2884.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2886.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2887.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2888.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2889.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2890.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2891.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2894.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2895.json | 86 +++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2896.json | 94 ++++++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2897.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2898.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2899.json | 86 +++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2900.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2901.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2902.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2903.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2904.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2905.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2906.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2907.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2909.json | 90 ++++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2910.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2911.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2913.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2914.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2915.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2920.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2922.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2923.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2924.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2925.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2926.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2927.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2929.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2930.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2931.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2932.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2933.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2934.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2935.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2936.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2937.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2938.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2939.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2940.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2941.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2942.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2943.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2944.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2945.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2946.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2947.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2948.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2949.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2950.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2951.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2952.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2953.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2954.json | 90 ++++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2955.json | 90 ++++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2956.json | 86 +++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2957.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2958.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2959.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2960.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2961.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2962.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2963.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2964.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2965.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2966.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2967.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2968.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2969.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2970.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2971.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2972.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2973.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2974.json | 82 +++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2975.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2976.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2977.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2978.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2979.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2980.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2981.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2982.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2983.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2984.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2985.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2986.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2987.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2988.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2989.json | 94 ++++++++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2990.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2991.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2992.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2993.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2994.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2995.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2996.json | 78 ++++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2997.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2998.json | 74 ++++++++++++++++++++++------ 2019/2xxx/CVE-2019-2999.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3000.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3001.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3002.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3003.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3004.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3005.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3008.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3009.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3010.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3011.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3012.json | 82 +++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3014.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3015.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3017.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3018.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3019.json | 86 +++++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3020.json | 86 +++++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3021.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3022.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3023.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3024.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3025.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3026.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3027.json | 74 ++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3028.json | 78 ++++++++++++++++++++++++------ 2019/3xxx/CVE-2019-3031.json | 78 ++++++++++++++++++++++++------ 137 files changed, 8458 insertions(+), 2192 deletions(-) diff --git a/2018/2xxx/CVE-2018-2875.json b/2018/2xxx/CVE-2018-2875.json index 0ccaf6f75f2..f24165f803e 100644 --- a/2018/2xxx/CVE-2018-2875.json +++ b/2018/2xxx/CVE-2018-2875.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-2875", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2018-2875" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2018/3xxx/CVE-2018-3300.json b/2018/3xxx/CVE-2018-3300.json index f0de6ec0dad..49695ccd41c 100644 --- a/2018/3xxx/CVE-2018-3300.json +++ b/2018/3xxx/CVE-2018-3300.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3300", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2018-3300" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Retail Xstore Office", + "version" : { + "version_data" : [ + { + "version_value" : "7.1", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Office accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Office accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2734.json b/2019/2xxx/CVE-2019-2734.json index 9e4f02fbaed..5a91820aec3 100644 --- a/2019/2xxx/CVE-2019-2734.json +++ b/2019/2xxx/CVE-2019-2734.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2734", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2734" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMS_ADVISOR privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMS_ADVISOR privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2765.json b/2019/2xxx/CVE-2019-2765.json index 20efc5a56a3..f408b16d3f3 100644 --- a/2019/2xxx/CVE-2019-2765.json +++ b/2019/2xxx/CVE-2019-2765.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2765", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2765" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Solaris Operating System", + "version" : { + "version_data" : [ + { + "version_value" : "10", + "version_affected" : "=" + }, + { + "version_value" : "11", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2872.json b/2019/2xxx/CVE-2019-2872.json index 814e5ff8b75..369a90d1509 100644 --- a/2019/2xxx/CVE-2019-2872.json +++ b/2019/2xxx/CVE-2019-2872.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2872", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2872" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Retail Xstore Point of Service", + "version" : { + "version_data" : [ + { + "version_value" : "17.0.3", + "version_affected" : "=" + }, + { + "version_value" : "18.0.1", + "version_affected" : "=" + }, + { + "version_value" : "19.0.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale). Supported versions that are affected are 17.0.3, 18.0.1 and 19.0.0. Difficult to exploit vulnerability allows physical access to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows physical access to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2883.json b/2019/2xxx/CVE-2019-2883.json index 3637c014dcb..1608712c8cd 100644 --- a/2019/2xxx/CVE-2019-2883.json +++ b/2019/2xxx/CVE-2019-2883.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2883", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2883" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Retail Customer Management and Segmentation Foundation", + "version" : { + "version_data" : [ + { + "version_value" : "17.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2884.json b/2019/2xxx/CVE-2019-2884.json index 48a3da4e433..b895a97be07 100644 --- a/2019/2xxx/CVE-2019-2884.json +++ b/2019/2xxx/CVE-2019-2884.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2884", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2884" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Retail Customer Management and Segmentation Foundation", + "version" : { + "version_data" : [ + { + "version_value" : "17.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2886.json b/2019/2xxx/CVE-2019-2886.json index d3e43eac20a..c593d4c5346 100644 --- a/2019/2xxx/CVE-2019-2886.json +++ b/2019/2xxx/CVE-2019-2886.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2886", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2886" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Forms", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Forms. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Forms, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Forms accessible data as well as unauthorized read access to a subset of Oracle Forms accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Forms. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Forms, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Forms accessible data as well as unauthorized read access to a subset of Oracle Forms accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2887.json b/2019/2xxx/CVE-2019-2887.json index eb2fc78cbd0..67ba7a5df64 100644 --- a/2019/2xxx/CVE-2019-2887.json +++ b/2019/2xxx/CVE-2019-2887.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2887", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2887" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WebLogic Server", + "version" : { + "version_data" : [ + { + "version_value" : "10.3.6.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.1.3.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2888.json b/2019/2xxx/CVE-2019-2888.json index d5740ee5752..8f9832426e6 100644 --- a/2019/2xxx/CVE-2019-2888.json +++ b/2019/2xxx/CVE-2019-2888.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2888", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2888" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WebLogic Server", + "version" : { + "version_data" : [ + { + "version_value" : "10.3.6.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.1.3.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2889.json b/2019/2xxx/CVE-2019-2889.json index fcb9e72e81d..1c62e5c25dd 100644 --- a/2019/2xxx/CVE-2019-2889.json +++ b/2019/2xxx/CVE-2019-2889.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2889", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2889" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WebLogic Server", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2890.json b/2019/2xxx/CVE-2019-2890.json index 2d32b77741d..43aab61845f 100644 --- a/2019/2xxx/CVE-2019-2890.json +++ b/2019/2xxx/CVE-2019-2890.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2890", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2890" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WebLogic Server", + "version" : { + "version_data" : [ + { + "version_value" : "10.3.6.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.1.3.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2891.json b/2019/2xxx/CVE-2019-2891.json index c38aed76ebe..8328f8829ec 100644 --- a/2019/2xxx/CVE-2019-2891.json +++ b/2019/2xxx/CVE-2019-2891.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2891", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2891" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WebLogic Server", + "version" : { + "version_data" : [ + { + "version_value" : "10.3.6.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.1.3.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2894.json b/2019/2xxx/CVE-2019-2894.json index 7a54c241fc1..4e3d1d3a644 100644 --- a/2019/2xxx/CVE-2019-2894.json +++ b/2019/2xxx/CVE-2019-2894.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2894", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2894" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2895.json b/2019/2xxx/CVE-2019-2895.json index b385142159c..035fbdf8902 100644 --- a/2019/2xxx/CVE-2019-2895.json +++ b/2019/2xxx/CVE-2019-2895.json @@ -1,18 +1,72 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2895", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2895" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Enterprise Manager for Exadata", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.0.5.0", + "version_affected" : "=" + }, + { + "version_value" : "13.2.2.0.0", + "version_affected" : "=" + }, + { + "version_value" : "13.3.1.0.0", + "version_affected" : "=" + }, + { + "version_value" : "13.3.2.0.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Exadata. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Exadata. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Exadata. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Exadata." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2896.json b/2019/2xxx/CVE-2019-2896.json index 4b4cab81ab0..fcda07772e1 100644 --- a/2019/2xxx/CVE-2019-2896.json +++ b/2019/2xxx/CVE-2019-2896.json @@ -1,18 +1,80 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2896", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2896" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MICROS Relate CRM Software", + "version" : { + "version_data" : [ + { + "version_value" : "7.1.0", + "version_affected" : "=" + }, + { + "version_value" : "15.0.0", + "version_affected" : "=" + }, + { + "version_value" : "16.0.0", + "version_affected" : "=" + }, + { + "version_value" : "17.0.0", + "version_affected" : "=" + }, + { + "version_value" : "18.0.0", + "version_affected" : "=" + }, + { + "version_value" : "", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications (component: Internal Operations). Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, 18.0.0 and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Relate CRM Software. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Relate CRM Software accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Relate CRM Software. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Relate CRM Software accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2897.json b/2019/2xxx/CVE-2019-2897.json index d68cbe657d3..2d819e98d8e 100644 --- a/2019/2xxx/CVE-2019-2897.json +++ b/2019/2xxx/CVE-2019-2897.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2897", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2897" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Business Intelligence Enterprise Edition", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.4.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2898.json b/2019/2xxx/CVE-2019-2898.json index 7af2ec376a8..eefe13301f1 100644 --- a/2019/2xxx/CVE-2019-2898.json +++ b/2019/2xxx/CVE-2019-2898.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2898", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2898" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BI Publisher (formerly XML Publisher)", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.1.9.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.4.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2899.json b/2019/2xxx/CVE-2019-2899.json index 7a9159460fc..0e9eb3ad32f 100644 --- a/2019/2xxx/CVE-2019-2899.json +++ b/2019/2xxx/CVE-2019-2899.json @@ -1,18 +1,72 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2899", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2899" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "JDeveloper", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.1.9.0", + "version_affected" : "=" + }, + { + "version_value" : "11.1.2.4.0", + "version_affected" : "=" + }, + { + "version_value" : "12.1.3.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2900.json b/2019/2xxx/CVE-2019-2900.json index c92ee37ec26..d20acf131d3 100644 --- a/2019/2xxx/CVE-2019-2900.json +++ b/2019/2xxx/CVE-2019-2900.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2900", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2900" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Business Intelligence Enterprise Edition", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.4.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2901.json b/2019/2xxx/CVE-2019-2901.json index 574c992e038..1b5825a8b87 100644 --- a/2019/2xxx/CVE-2019-2901.json +++ b/2019/2xxx/CVE-2019-2901.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2901", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2901" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Outside In Technology", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2902.json b/2019/2xxx/CVE-2019-2902.json index 9c31d67b5b7..ccb029f0d7c 100644 --- a/2019/2xxx/CVE-2019-2902.json +++ b/2019/2xxx/CVE-2019-2902.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2902", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2902" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Outside In Technology", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2903.json b/2019/2xxx/CVE-2019-2903.json index ba35cc1293e..4018b1dcc17 100644 --- a/2019/2xxx/CVE-2019-2903.json +++ b/2019/2xxx/CVE-2019-2903.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2903", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2903" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Outside In Technology", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index da83b51b353..2e4f303b404 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2904", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2904" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "JDeveloper", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.1.9.0", + "version_affected" : "=" + }, + { + "version_value" : "12.1.3.0.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2905.json b/2019/2xxx/CVE-2019-2905.json index 30b726c2e11..eb959d114c1 100644 --- a/2019/2xxx/CVE-2019-2905.json +++ b/2019/2xxx/CVE-2019-2905.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2905", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2905" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Business Intelligence Enterprise Edition", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.4.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2906.json b/2019/2xxx/CVE-2019-2906.json index cefdcdffff6..661e33461c7 100644 --- a/2019/2xxx/CVE-2019-2906.json +++ b/2019/2xxx/CVE-2019-2906.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2906", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2906" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "BI Publisher (formerly XML Publisher)", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.1.9.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.4.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data as well as unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data as well as unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2907.json b/2019/2xxx/CVE-2019-2907.json index 02a6c29aae5..3b6e9f7be68 100644 --- a/2019/2xxx/CVE-2019-2907.json +++ b/2019/2xxx/CVE-2019-2907.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2907", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2907" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Web Services", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2909.json b/2019/2xxx/CVE-2019-2909.json index 601e0567223..c0f0e192b55 100644 --- a/2019/2xxx/CVE-2019-2909.json +++ b/2019/2xxx/CVE-2019-2909.json @@ -1,18 +1,76 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2909", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2909" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "11.2.0.4", + "version_affected" : "=" + }, + { + "version_value" : "12.1.0.2", + "version_affected" : "=" + }, + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2910.json b/2019/2xxx/CVE-2019-2910.json index e36f95a249e..d7d5e370074 100644 --- a/2019/2xxx/CVE-2019-2910.json +++ b/2019/2xxx/CVE-2019-2910.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2910", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2910" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.6.45 and prior", + "version_affected" : "=" + }, + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2911.json b/2019/2xxx/CVE-2019-2911.json index 910e1e62fae..61699ac9164 100644 --- a/2019/2xxx/CVE-2019-2911.json +++ b/2019/2xxx/CVE-2019-2911.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2911", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2911" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.6.45 and prior", + "version_affected" : "=" + }, + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2913.json b/2019/2xxx/CVE-2019-2913.json index ac80dd2d724..5776381a3c3 100644 --- a/2019/2xxx/CVE-2019-2913.json +++ b/2019/2xxx/CVE-2019-2913.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2913", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2913" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2914.json b/2019/2xxx/CVE-2019-2914.json index 7117d6c264a..5b6d0bdd3c4 100644 --- a/2019/2xxx/CVE-2019-2914.json +++ b/2019/2xxx/CVE-2019-2914.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2914", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2914" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2915.json b/2019/2xxx/CVE-2019-2915.json index 68c719e9503..9f3259827cf 100644 --- a/2019/2xxx/CVE-2019-2915.json +++ b/2019/2xxx/CVE-2019-2915.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2915", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2915" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2920.json b/2019/2xxx/CVE-2019-2920.json index 20c40c6c116..f2cd883c30b 100644 --- a/2019/2xxx/CVE-2019-2920.json +++ b/2019/2xxx/CVE-2019-2920.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2920", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2920" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Connectors", + "version" : { + "version_data" : [ + { + "version_value" : "5.3.13 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2922.json b/2019/2xxx/CVE-2019-2922.json index 6c11485b49e..90984985c72 100644 --- a/2019/2xxx/CVE-2019-2922.json +++ b/2019/2xxx/CVE-2019-2922.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2922", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2922" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.6.45 and prior", + "version_affected" : "=" + }, + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2923.json b/2019/2xxx/CVE-2019-2923.json index 1d70433623c..63bbc6d0d6b 100644 --- a/2019/2xxx/CVE-2019-2923.json +++ b/2019/2xxx/CVE-2019-2923.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2923", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2923" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.6.45 and prior", + "version_affected" : "=" + }, + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2924.json b/2019/2xxx/CVE-2019-2924.json index d6a6c1203b0..94a601220db 100644 --- a/2019/2xxx/CVE-2019-2924.json +++ b/2019/2xxx/CVE-2019-2924.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2924", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2924" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.6.45 and prior", + "version_affected" : "=" + }, + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2925.json b/2019/2xxx/CVE-2019-2925.json index 99b7d688bed..61241a28f5e 100644 --- a/2019/2xxx/CVE-2019-2925.json +++ b/2019/2xxx/CVE-2019-2925.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2925", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2925" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Workflow", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.3", + "version_affected" : "=" + }, + { + "version_value" : "12.2.3-12.2.8", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2926.json b/2019/2xxx/CVE-2019-2926.json index 4db2676c5af..a168f6f690a 100644 --- a/2019/2xxx/CVE-2019-2926.json +++ b/2019/2xxx/CVE-2019-2926.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2926", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2926" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2927.json b/2019/2xxx/CVE-2019-2927.json index d1af6a3692c..25ec2263d5f 100644 --- a/2019/2xxx/CVE-2019-2927.json +++ b/2019/2xxx/CVE-2019-2927.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2927", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2927" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hyperion Data Relationship Management", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.2.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Hyperion Data Relationship Management. CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Hyperion Data Relationship Management." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2929.json b/2019/2xxx/CVE-2019-2929.json index 20a7f563539..daa9799250f 100644 --- a/2019/2xxx/CVE-2019-2929.json +++ b/2019/2xxx/CVE-2019-2929.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2929", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2929" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2930.json b/2019/2xxx/CVE-2019-2930.json index cdd64c26a55..09c8a582111 100644 --- a/2019/2xxx/CVE-2019-2930.json +++ b/2019/2xxx/CVE-2019-2930.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2930", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2930" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Field Service", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.1-12.1.3", + "version_affected" : "=" + }, + { + "version_value" : "12.2.3-12.2.8", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2931.json b/2019/2xxx/CVE-2019-2931.json index 20fbfa10cce..a2d14f00cbb 100644 --- a/2019/2xxx/CVE-2019-2931.json +++ b/2019/2xxx/CVE-2019-2931.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2931", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2931" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2932.json b/2019/2xxx/CVE-2019-2932.json index 7c6c0dea9b7..57b340bc269 100644 --- a/2019/2xxx/CVE-2019-2932.json +++ b/2019/2xxx/CVE-2019-2932.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2932", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2932" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2933.json b/2019/2xxx/CVE-2019-2933.json index 13cc710d6b3..a2337ecf8a7 100644 --- a/2019/2xxx/CVE-2019-2933.json +++ b/2019/2xxx/CVE-2019-2933.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2933", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2933" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2934.json b/2019/2xxx/CVE-2019-2934.json index af23401b8ee..ddc454b812b 100644 --- a/2019/2xxx/CVE-2019-2934.json +++ b/2019/2xxx/CVE-2019-2934.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2934", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2934" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hospitality Reporting and Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "9.1.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2935.json b/2019/2xxx/CVE-2019-2935.json index 4e19ca1aea9..504045117a9 100644 --- a/2019/2xxx/CVE-2019-2935.json +++ b/2019/2xxx/CVE-2019-2935.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2935", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2935" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Siebel UI Framework", + "version" : { + "version_data" : [ + { + "version_value" : "19.8 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2936.json b/2019/2xxx/CVE-2019-2936.json index ae818f9d981..6481351bc46 100644 --- a/2019/2xxx/CVE-2019-2936.json +++ b/2019/2xxx/CVE-2019-2936.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2936", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2936" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hospitality Reporting and Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "9.1.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2937.json b/2019/2xxx/CVE-2019-2937.json index 9d6ae3ee9ce..9cd29977344 100644 --- a/2019/2xxx/CVE-2019-2937.json +++ b/2019/2xxx/CVE-2019-2937.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2937", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2937" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hospitality Reporting and Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "9.1.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2938.json b/2019/2xxx/CVE-2019-2938.json index 6795da87bd0..2227b508a13 100644 --- a/2019/2xxx/CVE-2019-2938.json +++ b/2019/2xxx/CVE-2019-2938.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2938", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2938" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2939.json b/2019/2xxx/CVE-2019-2939.json index 648b3c456b4..45229315489 100644 --- a/2019/2xxx/CVE-2019-2939.json +++ b/2019/2xxx/CVE-2019-2939.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2939", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2939" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2940.json b/2019/2xxx/CVE-2019-2940.json index 102bdce8f6c..6b315f2b050 100644 --- a/2019/2xxx/CVE-2019-2940.json +++ b/2019/2xxx/CVE-2019-2940.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2940", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2940" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.0.2", + "version_affected" : "=" + }, + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker having Create Session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2941.json b/2019/2xxx/CVE-2019-2941.json index 57f21730c59..482831ae3ec 100644 --- a/2019/2xxx/CVE-2019-2941.json +++ b/2019/2xxx/CVE-2019-2941.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2941", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2941" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hyperion Profitability and Cost Management", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.2.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Hyperion Enterprise Performance Management Architect product of Oracle Hyperion (component: Workspace). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Enterprise Performance Management Architect. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Enterprise Performance Management Architect, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Enterprise Performance Management Architect accessible data as well as unauthorized read access to a subset of Hyperion Enterprise Performance Management Architect accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Enterprise Performance Management Architect. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Enterprise Performance Management Architect, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Enterprise Performance Management Architect accessible data as well as unauthorized read access to a subset of Hyperion Enterprise Performance Management Architect accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2942.json b/2019/2xxx/CVE-2019-2942.json index e8380c8adf5..a5872a97223 100644 --- a/2019/2xxx/CVE-2019-2942.json +++ b/2019/2xxx/CVE-2019-2942.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2942", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2942" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Advanced Outbound Telephony", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.1-12.1.3", + "version_affected" : "=" + }, + { + "version_value" : "12.2.3-12.2.8", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2943.json b/2019/2xxx/CVE-2019-2943.json index da2f9e7512c..b8847623380 100644 --- a/2019/2xxx/CVE-2019-2943.json +++ b/2019/2xxx/CVE-2019-2943.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2943", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2943" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Data Integrator", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Studio). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2944.json b/2019/2xxx/CVE-2019-2944.json index 04e9680abf5..971afb2880f 100644 --- a/2019/2xxx/CVE-2019-2944.json +++ b/2019/2xxx/CVE-2019-2944.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2944", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2944" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2945.json b/2019/2xxx/CVE-2019-2945.json index d9eff810ce7..03dc932dec0 100644 --- a/2019/2xxx/CVE-2019-2945.json +++ b/2019/2xxx/CVE-2019-2945.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2945", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2945" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2946.json b/2019/2xxx/CVE-2019-2946.json index 654d4b94042..60ff0eeddf2 100644 --- a/2019/2xxx/CVE-2019-2946.json +++ b/2019/2xxx/CVE-2019-2946.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2946", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2946" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2947.json b/2019/2xxx/CVE-2019-2947.json index 3958ed557ab..906a92da22a 100644 --- a/2019/2xxx/CVE-2019-2947.json +++ b/2019/2xxx/CVE-2019-2947.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2947", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2947" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hospitality Reporting and Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "9.1.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Inventory Integration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Inventory Integration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2948.json b/2019/2xxx/CVE-2019-2948.json index 3cba0de940b..43520459a5d 100644 --- a/2019/2xxx/CVE-2019-2948.json +++ b/2019/2xxx/CVE-2019-2948.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2948", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2948" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.7.26 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.16 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2949.json b/2019/2xxx/CVE-2019-2949.json index 3d9fe5a15ba..a9c15fdd845 100644 --- a/2019/2xxx/CVE-2019-2949.json +++ b/2019/2xxx/CVE-2019-2949.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2949", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2949" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2950.json b/2019/2xxx/CVE-2019-2950.json index 625e94a0285..cae89392a1e 100644 --- a/2019/2xxx/CVE-2019-2950.json +++ b/2019/2xxx/CVE-2019-2950.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2950", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2950" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.16 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2951.json b/2019/2xxx/CVE-2019-2951.json index 1272cf8f152..6485f5b9b31 100644 --- a/2019/2xxx/CVE-2019-2951.json +++ b/2019/2xxx/CVE-2019-2951.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2951", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2951" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise HCM Human Resources", + "version" : { + "version_data" : [ + { + "version_value" : "9.2", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: US Federal Specific). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2952.json b/2019/2xxx/CVE-2019-2952.json index f1372a0b31a..bcd36d9bf48 100644 --- a/2019/2xxx/CVE-2019-2952.json +++ b/2019/2xxx/CVE-2019-2952.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2952", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2952" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hospitality Reporting and Analytics", + "version" : { + "version_data" : [ + { + "version_value" : "9.1.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2953.json b/2019/2xxx/CVE-2019-2953.json index 54a4dc139bf..2e8e6e096c6 100644 --- a/2019/2xxx/CVE-2019-2953.json +++ b/2019/2xxx/CVE-2019-2953.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2953", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2953" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hospitality Cruise Dining Room Management", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.80", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Hospitality Cruise Dining Room Management product of Oracle Hospitality Applications (component: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Dining Room Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Dining Room Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Dining Room Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Dining Room Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Dining Room Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Dining Room Management accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2954.json b/2019/2xxx/CVE-2019-2954.json index c5e8eecddcf..2d0f54a3ae7 100644 --- a/2019/2xxx/CVE-2019-2954.json +++ b/2019/2xxx/CVE-2019-2954.json @@ -1,18 +1,76 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2954", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2954" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "11.2.0.4", + "version_affected" : "=" + }, + { + "version_value" : "12.1.0.2", + "version_affected" : "=" + }, + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2955.json b/2019/2xxx/CVE-2019-2955.json index 043c750b599..693ba0551eb 100644 --- a/2019/2xxx/CVE-2019-2955.json +++ b/2019/2xxx/CVE-2019-2955.json @@ -1,18 +1,76 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2955", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2955" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "11.2.0.4", + "version_affected" : "=" + }, + { + "version_value" : "12.1.0.2", + "version_affected" : "=" + }, + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2956.json b/2019/2xxx/CVE-2019-2956.json index 8906978f73a..a61ce443ad5 100644 --- a/2019/2xxx/CVE-2019-2956.json +++ b/2019/2xxx/CVE-2019-2956.json @@ -1,18 +1,72 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2956", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2956" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Oracle Database", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.0.2", + "version_affected" : "=" + }, + { + "version_value" : "12.2.0.1", + "version_affected" : "=" + }, + { + "version_value" : "18c", + "version_affected" : "=" + }, + { + "version_value" : "19c", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Core RDBMS (jackson-databind). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS (jackson-databind). CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Core RDBMS (jackson-databind). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS (jackson-databind)." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2957.json b/2019/2xxx/CVE-2019-2957.json index cea4bc91519..bedb356d76b 100644 --- a/2019/2xxx/CVE-2019-2957.json +++ b/2019/2xxx/CVE-2019-2957.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2957", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2957" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2958.json b/2019/2xxx/CVE-2019-2958.json index c338f2a3578..9ace22edc57 100644 --- a/2019/2xxx/CVE-2019-2958.json +++ b/2019/2xxx/CVE-2019-2958.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2958", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2958" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2959.json b/2019/2xxx/CVE-2019-2959.json index 9b552097e10..2e7ee68cbb7 100644 --- a/2019/2xxx/CVE-2019-2959.json +++ b/2019/2xxx/CVE-2019-2959.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2959", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2959" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hyperion Financial Reporting", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.2.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Reporting accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2960.json b/2019/2xxx/CVE-2019-2960.json index af864400e04..4ed52f65c13 100644 --- a/2019/2xxx/CVE-2019-2960.json +++ b/2019/2xxx/CVE-2019-2960.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2960", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2960" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2961.json b/2019/2xxx/CVE-2019-2961.json index 0f688258a04..6e4da7a5010 100644 --- a/2019/2xxx/CVE-2019-2961.json +++ b/2019/2xxx/CVE-2019-2961.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2961", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2961" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Solaris Operating System", + "version" : { + "version_data" : [ + { + "version_value" : "11", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2962.json b/2019/2xxx/CVE-2019-2962.json index ee710f26a21..a1d6e187239 100644 --- a/2019/2xxx/CVE-2019-2962.json +++ b/2019/2xxx/CVE-2019-2962.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2962", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2962" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2963.json b/2019/2xxx/CVE-2019-2963.json index aaf3b377825..c8c71bf40e1 100644 --- a/2019/2xxx/CVE-2019-2963.json +++ b/2019/2xxx/CVE-2019-2963.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2963", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2963" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2964.json b/2019/2xxx/CVE-2019-2964.json index 39954ff18a9..a900678ba8f 100644 --- a/2019/2xxx/CVE-2019-2964.json +++ b/2019/2xxx/CVE-2019-2964.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2964", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2964" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2965.json b/2019/2xxx/CVE-2019-2965.json index d53d91d4313..7f5f72a0cce 100644 --- a/2019/2xxx/CVE-2019-2965.json +++ b/2019/2xxx/CVE-2019-2965.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2965", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2965" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Siebel Core - DB Deployment and Configuration", + "version" : { + "version_data" : [ + { + "version_value" : "19.8 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Install - Configuration). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - DB Deployment and Configuration accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - DB Deployment and Configuration accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2966.json b/2019/2xxx/CVE-2019-2966.json index 9336276c03c..a50da97a79c 100644 --- a/2019/2xxx/CVE-2019-2966.json +++ b/2019/2xxx/CVE-2019-2966.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2966", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2966" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2967.json b/2019/2xxx/CVE-2019-2967.json index 99b8b8d9aa1..1f5ca966d42 100644 --- a/2019/2xxx/CVE-2019-2967.json +++ b/2019/2xxx/CVE-2019-2967.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2967", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2967" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2968.json b/2019/2xxx/CVE-2019-2968.json index 7c1c744616c..13e9e0dc09f 100644 --- a/2019/2xxx/CVE-2019-2968.json +++ b/2019/2xxx/CVE-2019-2968.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2968", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2968" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2969.json b/2019/2xxx/CVE-2019-2969.json index 40c8a908011..e776ca121ab 100644 --- a/2019/2xxx/CVE-2019-2969.json +++ b/2019/2xxx/CVE-2019-2969.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2969", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2969" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.6.44 and prior", + "version_affected" : "=" + }, + { + "version_value" : "5.7.26 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.16 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2970.json b/2019/2xxx/CVE-2019-2970.json index 33d38fca240..5e40bbdbd8f 100644 --- a/2019/2xxx/CVE-2019-2970.json +++ b/2019/2xxx/CVE-2019-2970.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2970", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2970" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Outside In Technology", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2971.json b/2019/2xxx/CVE-2019-2971.json index 5373f0e9651..5cc7edf12ff 100644 --- a/2019/2xxx/CVE-2019-2971.json +++ b/2019/2xxx/CVE-2019-2971.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2971", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2971" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Outside In Technology", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2972.json b/2019/2xxx/CVE-2019-2972.json index 15780324bb7..85899c7ea38 100644 --- a/2019/2xxx/CVE-2019-2972.json +++ b/2019/2xxx/CVE-2019-2972.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2972", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2972" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Outside In Technology", + "version" : { + "version_data" : [ + { + "version_value" : "8.5.4", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2973.json b/2019/2xxx/CVE-2019-2973.json index 1deefd7952d..0a99f2cc92f 100644 --- a/2019/2xxx/CVE-2019-2973.json +++ b/2019/2xxx/CVE-2019-2973.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2973", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2973" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2974.json b/2019/2xxx/CVE-2019-2974.json index 65b4087825b..3ba3c89e409 100644 --- a/2019/2xxx/CVE-2019-2974.json +++ b/2019/2xxx/CVE-2019-2974.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2974", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2974" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.6.45 and prior", + "version_affected" : "=" + }, + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2975.json b/2019/2xxx/CVE-2019-2975.json index c33ebbe1961..4905a906072 100644 --- a/2019/2xxx/CVE-2019-2975.json +++ b/2019/2xxx/CVE-2019-2975.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2975", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2975" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2976.json b/2019/2xxx/CVE-2019-2976.json index 13e0c71918c..59a74581409 100644 --- a/2019/2xxx/CVE-2019-2976.json +++ b/2019/2xxx/CVE-2019-2976.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2976", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2976" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Primavera P6 Enterprise Project Portfolio Management", + "version" : { + "version_data" : [ + { + "version_value" : "17.1.0-17.12.12", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0-17.12.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2977.json b/2019/2xxx/CVE-2019-2977.json index 5780da74cc6..ac5f7100efe 100644 --- a/2019/2xxx/CVE-2019-2977.json +++ b/2019/2xxx/CVE-2019-2977.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2977", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2977" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 11.0.4, 13", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2978.json b/2019/2xxx/CVE-2019-2978.json index 80de2ec3a71..f5b806d2941 100644 --- a/2019/2xxx/CVE-2019-2978.json +++ b/2019/2xxx/CVE-2019-2978.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2978", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2978" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2979.json b/2019/2xxx/CVE-2019-2979.json index 548b0b1dd1e..4a332483946 100644 --- a/2019/2xxx/CVE-2019-2979.json +++ b/2019/2xxx/CVE-2019-2979.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2979", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2979" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "FLEXCUBE Direct Banking", + "version" : { + "version_data" : [ + { + "version_value" : "12.0.2", + "version_affected" : "=" + }, + { + "version_value" : "12.0.3", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 5.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Direct Banking accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2980.json b/2019/2xxx/CVE-2019-2980.json index c926ca7cdf7..aad546b9be8 100644 --- a/2019/2xxx/CVE-2019-2980.json +++ b/2019/2xxx/CVE-2019-2980.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2980", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2980" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "FLEXCUBE Direct Banking", + "version" : { + "version_data" : [ + { + "version_value" : "12.0.2", + "version_affected" : "=" + }, + { + "version_value" : "12.0.3", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: eMail). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2981.json b/2019/2xxx/CVE-2019-2981.json index 728b916d125..0f50c544138 100644 --- a/2019/2xxx/CVE-2019-2981.json +++ b/2019/2xxx/CVE-2019-2981.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2981", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2981" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2982.json b/2019/2xxx/CVE-2019-2982.json index f9026cc51f6..4fedf4a4172 100644 --- a/2019/2xxx/CVE-2019-2982.json +++ b/2019/2xxx/CVE-2019-2982.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2982", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2982" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2983.json b/2019/2xxx/CVE-2019-2983.json index 9c6d34ac3cb..c51a121f4f0 100644 --- a/2019/2xxx/CVE-2019-2983.json +++ b/2019/2xxx/CVE-2019-2983.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2983", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2983" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2984.json b/2019/2xxx/CVE-2019-2984.json index 367c5e3d1d1..004a80dac83 100644 --- a/2019/2xxx/CVE-2019-2984.json +++ b/2019/2xxx/CVE-2019-2984.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2984", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2984" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2985.json b/2019/2xxx/CVE-2019-2985.json index 0191ff86730..e839b9709e8 100644 --- a/2019/2xxx/CVE-2019-2985.json +++ b/2019/2xxx/CVE-2019-2985.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2985", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2985" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2986.json b/2019/2xxx/CVE-2019-2986.json index c822cc186c3..77893e5509e 100644 --- a/2019/2xxx/CVE-2019-2986.json +++ b/2019/2xxx/CVE-2019-2986.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2986", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2986" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "GraalVM Enterprise Edition", + "version" : { + "version_data" : [ + { + "version_value" : "19.2.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2987.json b/2019/2xxx/CVE-2019-2987.json index 3e5520c6d30..966d1f7ec99 100644 --- a/2019/2xxx/CVE-2019-2987.json +++ b/2019/2xxx/CVE-2019-2987.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2987", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2987" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 11.0.4, 13", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2988.json b/2019/2xxx/CVE-2019-2988.json index 0218be01b5c..d54f7964ce4 100644 --- a/2019/2xxx/CVE-2019-2988.json +++ b/2019/2xxx/CVE-2019-2988.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2988", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2988" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2989.json b/2019/2xxx/CVE-2019-2989.json index f25981b4fcb..29f51fe230f 100644 --- a/2019/2xxx/CVE-2019-2989.json +++ b/2019/2xxx/CVE-2019-2989.json @@ -1,18 +1,80 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2989", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2989" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "GraalVM Enterprise Edition", + "version" : { + "version_data" : [ + { + "version_value" : "19.2.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation", + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2990.json b/2019/2xxx/CVE-2019-2990.json index 0e0d7279104..81964341aa8 100644 --- a/2019/2xxx/CVE-2019-2990.json +++ b/2019/2xxx/CVE-2019-2990.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2990", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2990" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "iStore", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.1-12.1.3", + "version_affected" : "=" + }, + { + "version_value" : "12.2.3-12.2.9", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2991.json b/2019/2xxx/CVE-2019-2991.json index 29b41d579a2..b94dde2405c 100644 --- a/2019/2xxx/CVE-2019-2991.json +++ b/2019/2xxx/CVE-2019-2991.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2991", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2991" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.017 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2992.json b/2019/2xxx/CVE-2019-2992.json index 7a19216b74c..13fd921e4b6 100644 --- a/2019/2xxx/CVE-2019-2992.json +++ b/2019/2xxx/CVE-2019-2992.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2992", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2992" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2993.json b/2019/2xxx/CVE-2019-2993.json index f7890cf7bbe..1d9200666e5 100644 --- a/2019/2xxx/CVE-2019-2993.json +++ b/2019/2xxx/CVE-2019-2993.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2993", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2993" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "5.7.27 and prior", + "version_affected" : "=" + }, + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2994.json b/2019/2xxx/CVE-2019-2994.json index 4e5311a3fe9..02ca7309bc7 100644 --- a/2019/2xxx/CVE-2019-2994.json +++ b/2019/2xxx/CVE-2019-2994.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2994", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2994" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Marketing", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.1-12.1.3", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2995.json b/2019/2xxx/CVE-2019-2995.json index 1d6ccde25ed..a238aa421f2 100644 --- a/2019/2xxx/CVE-2019-2995.json +++ b/2019/2xxx/CVE-2019-2995.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2995", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2995" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Marketing", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.1-12.1.3", + "version_affected" : "=" + }, + { + "version_value" : "12.2.3-12.2.9", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2996.json b/2019/2xxx/CVE-2019-2996.json index 73cca148b91..3646462e276 100644 --- a/2019/2xxx/CVE-2019-2996.json +++ b/2019/2xxx/CVE-2019-2996.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2996", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2996" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 8u221", + "version_affected" : "=" + }, + { + "version_value" : "Java SE Embedded: 8u221", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2997.json b/2019/2xxx/CVE-2019-2997.json index b793c0e45ac..130c5b371a1 100644 --- a/2019/2xxx/CVE-2019-2997.json +++ b/2019/2xxx/CVE-2019-2997.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2997", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2997" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2998.json b/2019/2xxx/CVE-2019-2998.json index a75779aae0f..9441c6b628c 100644 --- a/2019/2xxx/CVE-2019-2998.json +++ b/2019/2xxx/CVE-2019-2998.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2998", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2998" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/2xxx/CVE-2019-2999.json b/2019/2xxx/CVE-2019-2999.json index 2536533d7b2..df9992c95e7 100644 --- a/2019/2xxx/CVE-2019-2999.json +++ b/2019/2xxx/CVE-2019-2999.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2999", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-2999" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Java", + "version" : { + "version_data" : [ + { + "version_value" : "Java SE: 7u231, 8u221, 11.0.4, 13", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3000.json b/2019/3xxx/CVE-2019-3000.json index f7cf0127859..5140db3c6c5 100644 --- a/2019/3xxx/CVE-2019-3000.json +++ b/2019/3xxx/CVE-2019-3000.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3000", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3000" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Marketing", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.1-12.1.3", + "version_affected" : "=" + }, + { + "version_value" : "12.2.3-12.2.9", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3001.json b/2019/3xxx/CVE-2019-3001.json index 4f3fd3b8205..2832dec035c 100644 --- a/2019/3xxx/CVE-2019-3001.json +++ b/2019/3xxx/CVE-2019-3001.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3001", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3001" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise SCM eProcurement", + "version" : { + "version_data" : [ + { + "version_value" : "9.2", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component: eProcurement). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3002.json b/2019/3xxx/CVE-2019-3002.json index 267b0cbb21e..380d7556bda 100644 --- a/2019/3xxx/CVE-2019-3002.json +++ b/2019/3xxx/CVE-2019-3002.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3002", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3002" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3003.json b/2019/3xxx/CVE-2019-3003.json index bdcabaeedb6..990ed867ff8 100644 --- a/2019/3xxx/CVE-2019-3003.json +++ b/2019/3xxx/CVE-2019-3003.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3003", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3003" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.16 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3004.json b/2019/3xxx/CVE-2019-3004.json index 12fa3ac0309..a965a1b3920 100644 --- a/2019/3xxx/CVE-2019-3004.json +++ b/2019/3xxx/CVE-2019-3004.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3004", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3004" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3005.json b/2019/3xxx/CVE-2019-3005.json index a879a574d02..60b1c25805e 100644 --- a/2019/3xxx/CVE-2019-3005.json +++ b/2019/3xxx/CVE-2019-3005.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3005", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3005" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3008.json b/2019/3xxx/CVE-2019-3008.json index 1dcad9e255a..b341a5b4cb3 100644 --- a/2019/3xxx/CVE-2019-3008.json +++ b/2019/3xxx/CVE-2019-3008.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3008", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3008" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Solaris Operating System", + "version" : { + "version_data" : [ + { + "version_value" : "11", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3009.json b/2019/3xxx/CVE-2019-3009.json index cc6d4d3b52c..88532d384ce 100644 --- a/2019/3xxx/CVE-2019-3009.json +++ b/2019/3xxx/CVE-2019-3009.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3009", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3009" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3010.json b/2019/3xxx/CVE-2019-3010.json index d2a25a4e486..3e5f7b878b5 100644 --- a/2019/3xxx/CVE-2019-3010.json +++ b/2019/3xxx/CVE-2019-3010.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3010", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3010" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Solaris Operating System", + "version" : { + "version_data" : [ + { + "version_value" : "11", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3011.json b/2019/3xxx/CVE-2019-3011.json index dabdacb09d7..4248bcd47a4 100644 --- a/2019/3xxx/CVE-2019-3011.json +++ b/2019/3xxx/CVE-2019-3011.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3011", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3011" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3012.json b/2019/3xxx/CVE-2019-3012.json index 35cd8cb1778..5568fa328c8 100644 --- a/2019/3xxx/CVE-2019-3012.json +++ b/2019/3xxx/CVE-2019-3012.json @@ -1,18 +1,68 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3012", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3012" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Business Intelligence Enterprise Edition", + "version" : { + "version_data" : [ + { + "version_value" : "11.1.1.9.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.3.0", + "version_affected" : "=" + }, + { + "version_value" : "12.2.1.4.0", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3014.json b/2019/3xxx/CVE-2019-3014.json index bf6803b85fe..18af7832c45 100644 --- a/2019/3xxx/CVE-2019-3014.json +++ b/2019/3xxx/CVE-2019-3014.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3014", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3014" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3015.json b/2019/3xxx/CVE-2019-3015.json index 70a530d359e..c2dbc4c8f41 100644 --- a/2019/3xxx/CVE-2019-3015.json +++ b/2019/3xxx/CVE-2019-3015.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3015", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3015" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3017.json b/2019/3xxx/CVE-2019-3017.json index b97b3aff5bd..c0d9186afc0 100644 --- a/2019/3xxx/CVE-2019-3017.json +++ b/2019/3xxx/CVE-2019-3017.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3017", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3017" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3018.json b/2019/3xxx/CVE-2019-3018.json index b5b35b2ea01..f94c08f00ab 100644 --- a/2019/3xxx/CVE-2019-3018.json +++ b/2019/3xxx/CVE-2019-3018.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3018", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3018" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "MySQL Server", + "version" : { + "version_data" : [ + { + "version_value" : "8.0.17 and prior", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3019.json b/2019/3xxx/CVE-2019-3019.json index 80e7bd42f9a..21eab718f8a 100644 --- a/2019/3xxx/CVE-2019-3019.json +++ b/2019/3xxx/CVE-2019-3019.json @@ -1,18 +1,72 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3019", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3019" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Banking Digital Experience", + "version" : { + "version_data" : [ + { + "version_value" : "18.1", + "version_affected" : "=" + }, + { + "version_value" : "18.2", + "version_affected" : "=" + }, + { + "version_value" : "18.3", + "version_affected" : "=" + }, + { + "version_value" : "19.1", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator). Supported versions that are affected are 18.1, 18.2, 18.3 and 19.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3020.json b/2019/3xxx/CVE-2019-3020.json index 62ae6219340..4f5ceb45501 100644 --- a/2019/3xxx/CVE-2019-3020.json +++ b/2019/3xxx/CVE-2019-3020.json @@ -1,18 +1,72 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3020", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3020" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Primavera P6 Enterprise Project Portfolio Management", + "version" : { + "version_data" : [ + { + "version_value" : "15.1.0-15.2.18", + "version_affected" : "=" + }, + { + "version_value" : "16.1.0-16.2.18", + "version_affected" : "=" + }, + { + "version_value" : "17.1.0-17.12.14", + "version_affected" : "=" + }, + { + "version_value" : "18.1.0-18.8.11", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3021.json b/2019/3xxx/CVE-2019-3021.json index 719da2597c8..4ed500603f2 100644 --- a/2019/3xxx/CVE-2019-3021.json +++ b/2019/3xxx/CVE-2019-3021.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3021", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3021" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3022.json b/2019/3xxx/CVE-2019-3022.json index 8c318f1a116..fc5b6b4425d 100644 --- a/2019/3xxx/CVE-2019-3022.json +++ b/2019/3xxx/CVE-2019-3022.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3022", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3022" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Content Manager", + "version" : { + "version_data" : [ + { + "version_value" : "12.1.1-12.1.3", + "version_affected" : "=" + }, + { + "version_value" : "12.2.3-12.2.9", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Content Manager. While the vulnerability is in Oracle Content Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Content Manager accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Content Manager. While the vulnerability is in Oracle Content Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Content Manager accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3023.json b/2019/3xxx/CVE-2019-3023.json index 188b4fa53e9..ea2cc9e8b50 100644 --- a/2019/3xxx/CVE-2019-3023.json +++ b/2019/3xxx/CVE-2019-3023.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3023", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3023" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PeopleSoft Enterprise PT PeopleTools", + "version" : { + "version_data" : [ + { + "version_value" : "8.56", + "version_affected" : "=" + }, + { + "version_value" : "8.57", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Stylesheet). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3024.json b/2019/3xxx/CVE-2019-3024.json index b138448e5c3..745cc5c02b5 100644 --- a/2019/3xxx/CVE-2019-3024.json +++ b/2019/3xxx/CVE-2019-3024.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3024", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3024" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Installed Base", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.3-12.2.9", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3025.json b/2019/3xxx/CVE-2019-3025.json index 0377711d6b4..c746153d7c9 100644 --- a/2019/3xxx/CVE-2019-3025.json +++ b/2019/3xxx/CVE-2019-3025.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3025", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3025" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hospitality RES 3700", + "version" : { + "version_data" : [ + { + "version_value" : "5.7", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3026.json b/2019/3xxx/CVE-2019-3026.json index ffad2cb90ce..f58b0dcdf91 100644 --- a/2019/3xxx/CVE-2019-3026.json +++ b/2019/3xxx/CVE-2019-3026.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3026", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3026" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3027.json b/2019/3xxx/CVE-2019-3027.json index d6bc8c96cbc..d059fd3c36c 100644 --- a/2019/3xxx/CVE-2019-3027.json +++ b/2019/3xxx/CVE-2019-3027.json @@ -1,18 +1,60 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3027", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3027" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Application Object Library", + "version" : { + "version_data" : [ + { + "version_value" : "12.2.5-12.2.9", + "version_affected" : "=" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login Help). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3028.json b/2019/3xxx/CVE-2019-3028.json index 167711c732b..fd9065b6301 100644 --- a/2019/3xxx/CVE-2019-3028.json +++ b/2019/3xxx/CVE-2019-3028.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3028", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3028" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + } diff --git a/2019/3xxx/CVE-2019-3031.json b/2019/3xxx/CVE-2019-3031.json index ced327ce83c..cb7ac2fbe28 100644 --- a/2019/3xxx/CVE-2019-3031.json +++ b/2019/3xxx/CVE-2019-3031.json @@ -1,18 +1,64 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3031", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + { + "CVE_data_meta" : { + "ASSIGNER" : "secalert_us@oracle.com", + "ID" : "CVE-2019-3031" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "VM VirtualBox", + "version" : { + "version_data" : [ + { + "version_value" : "5.2.34", + "version_affected" : "<" + }, + { + "version_value" : "6.0.14", + "version_affected" : "<" + } + ] + } + } + ] + }, + "vendor_name" : "Oracle Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang" : "eng", + "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." } - ] - } -} \ No newline at end of file + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + } + ] + } + }