diff --git a/2019/6xxx/CVE-2019-6973.json b/2019/6xxx/CVE-2019-6973.json index 09590392d29..b6a2746c69e 100644 --- a/2019/6xxx/CVE-2019-6973.json +++ b/2019/6xxx/CVE-2019-6973.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6973", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "46261", + "url": "https://www.exploit-db.com/exploits/46261/" + }, + { + "url": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html" + }, + { + "url": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit", + "refsource": "MISC", + "name": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit" } ] } diff --git a/2019/7xxx/CVE-2019-7221.json b/2019/7xxx/CVE-2019-7221.json index e337b9fdd10..1731bdb003a 100644 --- a/2019/7xxx/CVE-2019-7221.json +++ b/2019/7xxx/CVE-2019-7221.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7221", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,63 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-164946aa7f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-3da64f3e61", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/" + }, + { + "url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm" + }, + { + "refsource": "SUSE", + "name": "SUSE-SA-2019:0203-1", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/02/18/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/02/18/2" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760" } ] } diff --git a/2019/7xxx/CVE-2019-7423.json b/2019/7xxx/CVE-2019-7423.json index de3fa5b2790..d799529bbe5 100644 --- a/2019/7xxx/CVE-2019-7423.json +++ b/2019/7xxx/CVE-2019-7423.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7423", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/editProfile.jsp\" file in the userName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/29" } ] } diff --git a/2019/7xxx/CVE-2019-7424.json b/2019/7xxx/CVE-2019-7424.json index 8f16a352ab0..5a951de593d 100644 --- a/2019/7xxx/CVE-2019-7424.json +++ b/2019/7xxx/CVE-2019-7424.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7424", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/index.jsp\" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/29" } ] } diff --git a/2019/8xxx/CVE-2019-8934.json b/2019/8xxx/CVE-2019-8934.json index 5d332945442..40e203e75cb 100644 --- a/2019/8xxx/CVE-2019-8934.json +++ b/2019/8xxx/CVE-2019-8934.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8934", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2019/02/21/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/02/21/1" + }, + { + "url": "http://www.securityfocus.com/bid/107115", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107115" + }, + { + "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html" } ] } diff --git a/2019/9xxx/CVE-2019-9083.json b/2019/9xxx/CVE-2019-9083.json index 14fb757830f..d9c1a7cd75a 100644 --- a/2019/9xxx/CVE-2019-9083.json +++ b/2019/9xxx/CVE-2019-9083.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9083", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2019/Feb/51", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Feb/51" } ] }