From b3676c8daf4477fcb5120f01ee9db81bde4eed77 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Oct 2019 21:01:00 +0000 Subject: [PATCH 01/18] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10906.json | 5 +++ 2018/20xxx/CVE-2018-20856.json | 5 +++ 2019/17xxx/CVE-2019-17355.json | 62 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17356.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17394.json | 62 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17396.json | 62 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17398.json | 62 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17601.json | 62 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17602.json | 62 +++++++++++++++++++++++++++++++ 9 files changed, 449 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17355.json create mode 100644 2019/17xxx/CVE-2019-17356.json create mode 100644 2019/17xxx/CVE-2019-17394.json create mode 100644 2019/17xxx/CVE-2019-17396.json create mode 100644 2019/17xxx/CVE-2019-17398.json create mode 100644 2019/17xxx/CVE-2019-17601.json create mode 100644 2019/17xxx/CVE-2019-17602.json diff --git a/2016/10xxx/CVE-2016-10906.json b/2016/10xxx/CVE-2016-10906.json index dafd4f7a425..7026de8961d 100644 --- a/2016/10xxx/CVE-2016-10906.json +++ b/2016/10xxx/CVE-2016-10906.json @@ -56,6 +56,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c278c253f3d992c6994d08aa0efb2b6806ca396f", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c278c253f3d992c6994d08aa0efb2b6806ca396f" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K01993501?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K01993501?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json index cb6c9d2bc01..22ad8b4c9a5 100644 --- a/2018/20xxx/CVE-2018-20856.json +++ b/2018/20xxx/CVE-2018-20856.json @@ -116,6 +116,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K14673240?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K14673240?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2019/17xxx/CVE-2019-17355.json b/2019/17xxx/CVE-2019-17355.json new file mode 100644 index 00000000000..350f815ce48 --- /dev/null +++ b/2019/17xxx/CVE-2019-17355.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/GgpFz3ZW", + "refsource": "MISC", + "name": "https://pastebin.com/GgpFz3ZW" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17356.json b/2019/17xxx/CVE-2019-17356.json new file mode 100644 index 00000000000..4cfccc17e3b --- /dev/null +++ b/2019/17xxx/CVE-2019-17356.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bit.ly/2kfL7xE", + "refsource": "MISC", + "name": "https://bit.ly/2kfL7xE" + }, + { + "refsource": "MISC", + "name": "https://pastebin.com/yUFxs2J7", + "url": "https://pastebin.com/yUFxs2J7" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17394.json b/2019/17xxx/CVE-2019-17394.json new file mode 100644 index 00000000000..b243ea3dd80 --- /dev/null +++ b/2019/17xxx/CVE-2019-17394.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/h8v0qxZH", + "refsource": "MISC", + "name": "https://pastebin.com/h8v0qxZH" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17396.json b/2019/17xxx/CVE-2019-17396.json new file mode 100644 index 00000000000..af839c46ab9 --- /dev/null +++ b/2019/17xxx/CVE-2019-17396.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/9VBiRpAR", + "refsource": "MISC", + "name": "https://pastebin.com/9VBiRpAR" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17398.json b/2019/17xxx/CVE-2019-17398.json new file mode 100644 index 00000000000..d267cc49b42 --- /dev/null +++ b/2019/17xxx/CVE-2019-17398.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/5ZDDCqgL", + "refsource": "MISC", + "name": "https://pastebin.com/5ZDDCqgL" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17601.json b/2019/17xxx/CVE-2019-17601.json new file mode 100644 index 00000000000..443c8c3d760 --- /dev/null +++ b/2019/17xxx/CVE-2019-17601.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/154819/MiniShare-1.4.1-CONNECT-Remote-Buffer-Overflow.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/154819/MiniShare-1.4.1-CONNECT-Remote-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17602.json b/2019/17xxx/CVE-2019-17602.json new file mode 100644 index 00000000000..b6cd19a92ff --- /dev/null +++ b/2019/17xxx/CVE-2019-17602.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html" + } + ] + } +} \ No newline at end of file From 3f45a6d142900fbb260af1153815bf51523a1c62 Mon Sep 17 00:00:00 2001 From: Brian Conry Date: Tue, 15 Oct 2019 16:35:56 -0500 Subject: [PATCH 02/18] [ISC] Update information for 3 Kea CVEs from August 2019 --- 2019/6xxx/CVE-2019-6472.json | 83 ++++++++++++++++++++++++++++++++++-- 2019/6xxx/CVE-2019-6473.json | 83 ++++++++++++++++++++++++++++++++++-- 2019/6xxx/CVE-2019-6474.json | 83 ++++++++++++++++++++++++++++++++++-- 3 files changed, 237 insertions(+), 12 deletions(-) diff --git a/2019/6xxx/CVE-2019-6472.json b/2019/6xxx/CVE-2019-6472.json index 07e90103579..c13b358a4d2 100644 --- a/2019/6xxx/CVE-2019-6472.json +++ b/2019/6xxx/CVE-2019-6472.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2019-08-28T21:08:44.000Z", "ID": "CVE-2019-6472", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kea", + "version": { + "version_data": [ + { + "version_name": "Kea", + "version_value": "1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2" + } + ] + } + } + ] + }, + "vendor_name": "ISC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions Affected: 1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker who is able to send a request containing a malformed DUID to the server (either directly or via a relay) can cause the DHCPv6 server process to terminate, denying service to clients. Only the DHCPv6 service is affected by this vulnerability." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.isc.org/docs/cve-2019-6472", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/docs/cve-2019-6472" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0" + } + ], + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2019/6xxx/CVE-2019-6473.json b/2019/6xxx/CVE-2019-6473.json index 269a6660324..cd0d794a0ca 100644 --- a/2019/6xxx/CVE-2019-6473.json +++ b/2019/6xxx/CVE-2019-6473.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2019-08-28T21:08:49.000Z", "ID": "CVE-2019-6473", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kea", + "version": { + "version_data": [ + { + "version_name": "Kea", + "version_value": "1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2" + } + ] + } + } + ] + }, + "vendor_name": "ISC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions Affected: 1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker who is able to deliberately exploit this vulnerability can cause the kea-dhcp4 server to stop executing, resulting in denial of service to clients. Only the DHCPv4 service is affected by this vulnerability." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.isc.org/docs/cve-2019-6473", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/docs/cve-2019-6473" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0" + } + ], + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2019/6xxx/CVE-2019-6474.json b/2019/6xxx/CVE-2019-6474.json index 297ee280eea..e3fb7932272 100644 --- a/2019/6xxx/CVE-2019-6474.json +++ b/2019/6xxx/CVE-2019-6474.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2019-08-28T21:08:56.000Z", "ID": "CVE-2019-6474", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kea", + "version": { + "version_data": [ + { + "version_name": "Kea", + "version_value": "1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2" + } + ] + } + } + ] + }, + "vendor_name": "ISC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions Affected: 1.4.0 -> 1.5.0; 1.6.0-beta1; 1.6.0-beta2" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Only Kea servers which use memfile storage for leases are affected by this vulnerability. An attacker can exploit the missing check to deliberately create a situation where the server will not restart properly should it stop for any reason." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.isc.org/docs/cve-2019-6474", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/docs/cve-2019-6474" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to a version of Kea containing a fix, available via\n https://www.isc.org/downloads.\n\n - Kea 1.4.0-P2\n - Kea 1.5.0-P1\n - Kea 1.6.0" + } + ], + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 397868e89098918f051a6c57c7c0606c7906e3b2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Oct 2019 22:00:58 +0000 Subject: [PATCH 03/18] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20856.json | 10 ++++++ 2019/10xxx/CVE-2019-10126.json | 10 ++++++ 2019/12xxx/CVE-2019-12264.json | 5 +++ 2019/14xxx/CVE-2019-14823.json | 5 +++ 2019/14xxx/CVE-2019-14838.json | 5 +++ 2019/17xxx/CVE-2019-17395.json | 62 ++++++++++++++++++++++++++++++++++ 2019/3xxx/CVE-2019-3846.json | 10 ++++++ 2019/9xxx/CVE-2019-9506.json | 10 ++++++ 8 files changed, 117 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17395.json diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json index 22ad8b4c9a5..a48efa6eda5 100644 --- a/2018/20xxx/CVE-2018-20856.json +++ b/2018/20xxx/CVE-2018-20856.json @@ -121,6 +121,16 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K14673240?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K14673240?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3076", + "url": "https://access.redhat.com/errata/RHSA-2019:3076" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3055", + "url": "https://access.redhat.com/errata/RHSA-2019:3055" } ] } diff --git a/2019/10xxx/CVE-2019-10126.json b/2019/10xxx/CVE-2019-10126.json index 48ed0aceeb7..1766d32d461 100644 --- a/2019/10xxx/CVE-2019-10126.json +++ b/2019/10xxx/CVE-2019-10126.json @@ -138,6 +138,16 @@ "refsource": "UBUNTU", "name": "USN-4118-1", "url": "https://usn.ubuntu.com/4118-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3076", + "url": "https://access.redhat.com/errata/RHSA-2019:3076" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3055", + "url": "https://access.redhat.com/errata/RHSA-2019:3055" } ] }, diff --git a/2019/12xxx/CVE-2019-12264.json b/2019/12xxx/CVE-2019-12264.json index 608962efb7b..c8e39992f51 100644 --- a/2019/12xxx/CVE-2019-12264.json +++ b/2019/12xxx/CVE-2019-12264.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us" } ] } diff --git a/2019/14xxx/CVE-2019-14823.json b/2019/14xxx/CVE-2019-14823.json index 2fa7a349e26..18865798c97 100644 --- a/2019/14xxx/CVE-2019-14823.json +++ b/2019/14xxx/CVE-2019-14823.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3067", + "url": "https://access.redhat.com/errata/RHSA-2019:3067" } ] }, diff --git a/2019/14xxx/CVE-2019-14838.json b/2019/14xxx/CVE-2019-14838.json index 02b17fe3e66..6c956a74c7e 100644 --- a/2019/14xxx/CVE-2019-14838.json +++ b/2019/14xxx/CVE-2019-14838.json @@ -53,6 +53,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3083", "url": "https://access.redhat.com/errata/RHSA-2019:3083" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3082", + "url": "https://access.redhat.com/errata/RHSA-2019:3082" } ] }, diff --git a/2019/17xxx/CVE-2019-17395.json b/2019/17xxx/CVE-2019-17395.json new file mode 100644 index 00000000000..85141fadab3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17395.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/8dvs5RcJ", + "refsource": "MISC", + "name": "https://pastebin.com/8dvs5RcJ" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json index 586a75fcc07..bb81e67c162 100644 --- a/2019/3xxx/CVE-2019-3846.json +++ b/2019/3xxx/CVE-2019-3846.json @@ -158,6 +158,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:2741", "url": "https://access.redhat.com/errata/RHSA-2019:2741" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3076", + "url": "https://access.redhat.com/errata/RHSA-2019:3076" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3055", + "url": "https://access.redhat.com/errata/RHSA-2019:3055" } ] }, diff --git a/2019/9xxx/CVE-2019-9506.json b/2019/9xxx/CVE-2019-9506.json index e44bff330e5..73e1e834cbb 100644 --- a/2019/9xxx/CVE-2019-9506.json +++ b/2019/9xxx/CVE-2019-9506.json @@ -172,6 +172,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2308", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3076", + "url": "https://access.redhat.com/errata/RHSA-2019:3076" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3055", + "url": "https://access.redhat.com/errata/RHSA-2019:3055" } ] }, From bb9d4fa6ae55a5610193947158d595ce9eb600d5 Mon Sep 17 00:00:00 2001 From: Steven Locke Date: Tue, 15 Oct 2019 15:02:31 -0700 Subject: [PATCH 04/18] Add CVE-2019-11281 Signed-off-by: Ramkumar Vengadakrishnan --- 2019/11xxx/CVE-2019-11281.json | 95 ++++++++++++++++++++++++++++++++-- 1 file changed, 92 insertions(+), 3 deletions(-) diff --git a/2019/11xxx/CVE-2019-11281.json b/2019/11xxx/CVE-2019-11281.json index 2703ca6451d..b2eabd70a97 100644 --- a/2019/11xxx/CVE-2019-11281.json +++ b/2019/11xxx/CVE-2019-11281.json @@ -3,16 +3,105 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2019-10-15T20:59:25.000Z", "ID": "CVE-2019-11281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "RabbitMQ XSS attack" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RabbitMQ", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "v3.7.18" + } + ] + } + }, + { + "product_name": "RabbitMQ for PCF", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "1.15", + "version_value": "1.15.13" + }, + { + "affected": "<", + "version_name": "1.16", + "version_value": "1.16.6" + }, + { + "affected": "<", + "version_name": "1.17", + "version_value": "1.17.3" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Cross-site Scripting (XSS) - Generic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-11281", + "name": "https://pivotal.io/security/cve-2019-11281" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } } \ No newline at end of file From 3237fd514d1cc894c5cfe231ec0816fac22cdebc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Oct 2019 23:01:00 +0000 Subject: [PATCH 05/18] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17612.json | 62 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17613.json | 62 ++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17612.json create mode 100644 2019/17xxx/CVE-2019-17613.json diff --git a/2019/17xxx/CVE-2019-17612.json b/2019/17xxx/CVE-2019-17612.json new file mode 100644 index 00000000000..c315a0e9709 --- /dev/null +++ b/2019/17xxx/CVE-2019-17612.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Ers4tz/vuln/blob/master/74cms_5.2.8_SQLI.md", + "refsource": "MISC", + "name": "https://github.com/Ers4tz/vuln/blob/master/74cms_5.2.8_SQLI.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17613.json b/2019/17xxx/CVE-2019-17613.json new file mode 100644 index 00000000000..47314cf8fad --- /dev/null +++ b/2019/17xxx/CVE-2019-17613.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md", + "refsource": "MISC", + "name": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md" + } + ] + } +} \ No newline at end of file From 3812b0564ac3d103846b0dbbf448808c2af33f12 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 00:00:59 +0000 Subject: [PATCH 06/18] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13392.json | 72 ++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 2019/13xxx/CVE-2019-13392.json diff --git a/2019/13xxx/CVE-2019-13392.json b/2019/13xxx/CVE-2019-13392.json new file mode 100644 index 00000000000..c55fa45574d --- /dev/null +++ b/2019/13xxx/CVE-2019-13392.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mindpalette.com/tag/natemail/", + "refsource": "MISC", + "name": "https://mindpalette.com/tag/natemail/" + }, + { + "url": "https://twitter.com/mindpalette", + "refsource": "MISC", + "name": "https://twitter.com/mindpalette" + }, + { + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/natemail-vulnerabilities", + "url": "https://www.doyler.net/security-not-included/natemail-vulnerabilities" + } + ] + } +} \ No newline at end of file From 3e83bf0ac57b63a72dd943e0362325c4219b367a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 01:01:01 +0000 Subject: [PATCH 07/18] "-Synchronized-Data." --- 2016/11xxx/CVE-2016-11014.json | 77 +++++++++++++++++++++++++++++++ 2016/11xxx/CVE-2016-11015.json | 77 +++++++++++++++++++++++++++++++ 2016/11xxx/CVE-2016-11016.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16378.json | 5 +++ 2019/16xxx/CVE-2019-16884.json | 10 +++++ 5 files changed, 251 insertions(+) create mode 100644 2016/11xxx/CVE-2016-11014.json create mode 100644 2016/11xxx/CVE-2016-11015.json create mode 100644 2016/11xxx/CVE-2016-11016.json diff --git a/2016/11xxx/CVE-2016-11014.json b/2016/11xxx/CVE-2016-11014.json new file mode 100644 index 00000000000..6d9ebc08d81 --- /dev/null +++ b/2016/11xxx/CVE-2016-11014.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-11014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/14", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/14" + }, + { + "url": "https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html" + }, + { + "url": "https://lists.openwall.net/full-disclosure/2016/01/11/5", + "refsource": "MISC", + "name": "https://lists.openwall.net/full-disclosure/2016/01/11/5" + }, + { + "url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html", + "refsource": "MISC", + "name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/11xxx/CVE-2016-11015.json b/2016/11xxx/CVE-2016-11015.json new file mode 100644 index 00000000000..b1e764831b4 --- /dev/null +++ b/2016/11xxx/CVE-2016-11015.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-11015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.openwall.net/full-disclosure/2016/01/11/4", + "refsource": "MISC", + "name": "https://lists.openwall.net/full-disclosure/2016/01/11/4" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/13", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/13" + }, + { + "url": "https://packetstormsecurity.com/files/135215/Netgear-1.0.0.24-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/135215/Netgear-1.0.0.24-Cross-Site-Request-Forgery.html" + }, + { + "url": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/", + "refsource": "MISC", + "name": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/" + } + ] + } +} \ No newline at end of file diff --git a/2016/11xxx/CVE-2016-11016.json b/2016/11xxx/CVE-2016-11016.json new file mode 100644 index 00000000000..a8e7bb5ff30 --- /dev/null +++ b/2016/11xxx/CVE-2016-11016.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-11016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.openwall.net/full-disclosure/2016/01/11/1", + "refsource": "MISC", + "name": "https://lists.openwall.net/full-disclosure/2016/01/11/1" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/12", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/12" + }, + { + "url": "https://packetstormsecurity.com/files/135194/Netgear-1.0.0.24-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/135194/Netgear-1.0.0.24-Cross-Site-Scripting.html" + }, + { + "url": "http://007software.net/multiple-cross-site-scripting-in-netgear-router-version1-0-0-24/", + "refsource": "MISC", + "name": "http://007software.net/multiple-cross-site-scripting-in-netgear-router-version1-0-0-24/" + }, + { + "url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html", + "refsource": "MISC", + "name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16378.json b/2019/16xxx/CVE-2019-16378.json index f903d05bdcf..a3a96986e31 100644 --- a/2019/16xxx/CVE-2019-16378.json +++ b/2019/16xxx/CVE-2019-16378.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e1f0417a24", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-24b3f84f6e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E/" } ] } diff --git a/2019/16xxx/CVE-2019-16884.json b/2019/16xxx/CVE-2019-16884.json index 55e7861381d..5bb68b62e44 100644 --- a/2019/16xxx/CVE-2019-16884.json +++ b/2019/16xxx/CVE-2019-16884.json @@ -61,6 +61,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-bd4843561c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGK6IV5JGVDXHOXEKJOJWKOVNZLT6MYR/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-3fc86a518b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62OQ2P7K5YDZ5BRCH2Q6DHUJIHQD3QCD/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-96946c39dd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPK4JWP32BUIVDJ3YODZSOEVEW6BHQCF/" } ] } From dc0b9ba0252331c65eb73bc7b4d455dafa53b6bd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 08:00:56 +0000 Subject: [PATCH 08/18] "-Synchronized-Data." --- 2016/4xxx/CVE-2016-4977.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/2016/4xxx/CVE-2016-4977.json b/2016/4xxx/CVE-2016-4977.json index 19f62d3c36f..ae0f7ec530f 100644 --- a/2016/4xxx/CVE-2016-4977.json +++ b/2016/4xxx/CVE-2016-4977.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security_alert@emc.com", + "ASSIGNER": "secure@dell.com", "ID": "CVE-2016-4977", "STATE": "PUBLIC" }, @@ -59,6 +59,11 @@ "name": "https://pivotal.io/security/cve-2016-4977", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2016-4977" + }, + { + "refsource": "MLIST", + "name": "[fineract-dev] 20191016 [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0", + "url": "https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0@%3Cdev.fineract.apache.org%3E" } ] } From 373e8d03d09e8698efd2e4d9b78b340692d63b48 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 10:00:59 +0000 Subject: [PATCH 09/18] "-Synchronized-Data." --- 2016/4xxx/CVE-2016-4977.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2016/4xxx/CVE-2016-4977.json b/2016/4xxx/CVE-2016-4977.json index ae0f7ec530f..49b639c80fe 100644 --- a/2016/4xxx/CVE-2016-4977.json +++ b/2016/4xxx/CVE-2016-4977.json @@ -64,6 +64,11 @@ "refsource": "MLIST", "name": "[fineract-dev] 20191016 [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0", "url": "https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0@%3Cdev.fineract.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[fineract-dev] 20191016 Re: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0", + "url": "https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488@%3Cdev.fineract.apache.org%3E" } ] } From 9466146e3fdab2671d2cde59d214c30a2da1a9ab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 11:00:58 +0000 Subject: [PATCH 10/18] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17624.json | 67 ++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17624.json diff --git a/2019/17xxx/CVE-2019-17624.json b/2019/17xxx/CVE-2019-17624.json new file mode 100644 index 00000000000..db2fd4ca402 --- /dev/null +++ b/2019/17xxx/CVE-2019-17624.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47507", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47507" + }, + { + "url": "https://www.x.org/releases/individual/xserver/", + "refsource": "MISC", + "name": "https://www.x.org/releases/individual/xserver/" + } + ] + } +} \ No newline at end of file From e9552f4785fdf1b8661cc5730522c4d4b26837c5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 12:01:11 +0000 Subject: [PATCH 11/18] "-Synchronized-Data." --- 2016/4xxx/CVE-2016-4977.json | 5 +++ 2018/11xxx/CVE-2018-11396.json | 5 +++ 2018/20xxx/CVE-2018-20856.json | 5 +++ 2019/10xxx/CVE-2019-10126.json | 5 +++ 2019/16xxx/CVE-2019-16709.json | 5 +++ 2019/17xxx/CVE-2019-17113.json | 5 +++ 2019/17xxx/CVE-2019-17625.json | 62 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17626.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17627.json | 62 +++++++++++++++++++++++++++++++ 2019/3xxx/CVE-2019-3846.json | 5 +++ 2019/9xxx/CVE-2019-9506.json | 5 +++ 11 files changed, 231 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17625.json create mode 100644 2019/17xxx/CVE-2019-17626.json create mode 100644 2019/17xxx/CVE-2019-17627.json diff --git a/2016/4xxx/CVE-2016-4977.json b/2016/4xxx/CVE-2016-4977.json index 49b639c80fe..536a0abdd1a 100644 --- a/2016/4xxx/CVE-2016-4977.json +++ b/2016/4xxx/CVE-2016-4977.json @@ -69,6 +69,11 @@ "refsource": "MLIST", "name": "[fineract-dev] 20191016 Re: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0", "url": "https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488@%3Cdev.fineract.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191015 Fwd: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/1" } ] } diff --git a/2018/11xxx/CVE-2018-11396.json b/2018/11xxx/CVE-2018-11396.json index 94aa42efbee..3f92b9f8f57 100644 --- a/2018/11xxx/CVE-2018-11396.json +++ b/2018/11xxx/CVE-2018-11396.json @@ -56,6 +56,11 @@ "name": "https://bugzilla.gnome.org/show_bug.cgi?id=795740", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=795740" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2318", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00043.html" } ] } diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json index a48efa6eda5..407752d8a1d 100644 --- a/2018/20xxx/CVE-2018-20856.json +++ b/2018/20xxx/CVE-2018-20856.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3055", "url": "https://access.redhat.com/errata/RHSA-2019:3055" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3089", + "url": "https://access.redhat.com/errata/RHSA-2019:3089" } ] } diff --git a/2019/10xxx/CVE-2019-10126.json b/2019/10xxx/CVE-2019-10126.json index 1766d32d461..2f34bb6fa74 100644 --- a/2019/10xxx/CVE-2019-10126.json +++ b/2019/10xxx/CVE-2019-10126.json @@ -148,6 +148,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3055", "url": "https://access.redhat.com/errata/RHSA-2019:3055" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3089", + "url": "https://access.redhat.com/errata/RHSA-2019:3089" } ] }, diff --git a/2019/16xxx/CVE-2019-16709.json b/2019/16xxx/CVE-2019-16709.json index 4041757d70c..65008276980 100644 --- a/2019/16xxx/CVE-2019-16709.json +++ b/2019/16xxx/CVE-2019-16709.json @@ -56,6 +56,11 @@ "url": "https://github.com/ImageMagick/ImageMagick/issues/1531", "refsource": "MISC", "name": "https://github.com/ImageMagick/ImageMagick/issues/1531" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2317", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html" } ] } diff --git a/2019/17xxx/CVE-2019-17113.json b/2019/17xxx/CVE-2019-17113.json index aa084ae618a..d8b1a64bbaa 100644 --- a/2019/17xxx/CVE-2019-17113.json +++ b/2019/17xxx/CVE-2019-17113.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2306", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00035.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2319", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00044.html" } ] } diff --git a/2019/17xxx/CVE-2019-17625.json b/2019/17xxx/CVE-2019-17625.json new file mode 100644 index 00000000000..616a84860ee --- /dev/null +++ b/2019/17xxx/CVE-2019-17625.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ramboxapp/community-edition/issues/2418", + "refsource": "MISC", + "name": "https://github.com/ramboxapp/community-edition/issues/2418" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json new file mode 100644 index 00000000000..d755081bd0d --- /dev/null +++ b/2019/17xxx/CVE-2019-17626.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with ' Date: Wed, 16 Oct 2019 14:40:40 +0200 Subject: [PATCH 12/18] Add CVEs for Jenkins 2019-10-16 security advisory --- 2019/10xxx/CVE-2019-10436.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10437.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10438.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10439.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10440.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10441.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10442.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10443.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10444.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10445.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10446.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10447.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10448.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10449.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10450.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10451.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10452.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10453.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10454.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10455.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10456.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10457.json | 55 ++++++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10458.json | 55 ++++++++++++++++++++++++++++++---- 23 files changed, 1127 insertions(+), 138 deletions(-) diff --git a/2019/10xxx/CVE-2019-10436.json b/2019/10xxx/CVE-2019-10436.json index 0433b97473a..5c5c3b923fc 100644 --- a/2019/10xxx/CVE-2019-10436.json +++ b/2019/10xxx/CVE-2019-10436.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10436", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Google OAuth Credentials Plugin", + "version": { + "version_data": [ + { + "version_value": "0.9 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10437.json b/2019/10xxx/CVE-2019-10437.json index 027c05e7f6a..dc63108dde4 100644 --- a/2019/10xxx/CVE-2019-10437.json +++ b/2019/10xxx/CVE-2019-10437.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins CRX Content Package Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "1.8.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10438.json b/2019/10xxx/CVE-2019-10438.json index 8e5916d7f1c..f1d914bbda6 100644 --- a/2019/10xxx/CVE-2019-10438.json +++ b/2019/10xxx/CVE-2019-10438.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins CRX Content Package Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "1.8.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10439.json b/2019/10xxx/CVE-2019-10439.json index 2d4293328ad..f1b88745508 100644 --- a/2019/10xxx/CVE-2019-10439.json +++ b/2019/10xxx/CVE-2019-10439.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins CRX Content Package Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "1.8.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(2)", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(2)", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10440.json b/2019/10xxx/CVE-2019-10440.json index e5e75724604..5ef9625763e 100644 --- a/2019/10xxx/CVE-2019-10440.json +++ b/2019/10xxx/CVE-2019-10440.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins NeoLoad Plugin", + "version": { + "version_data": [ + { + "version_value": "2.2.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10441.json b/2019/10xxx/CVE-2019-10441.json index 66135a3f039..26a7742e1ac 100644 --- a/2019/10xxx/CVE-2019-10441.json +++ b/2019/10xxx/CVE-2019-10441.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins iceScrum Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10442.json b/2019/10xxx/CVE-2019-10442.json index 085ee1d2ada..75418b5efa2 100644 --- a/2019/10xxx/CVE-2019-10442.json +++ b/2019/10xxx/CVE-2019-10442.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins iceScrum Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10443.json b/2019/10xxx/CVE-2019-10443.json index e9d5baf5448..b47425e81df 100644 --- a/2019/10xxx/CVE-2019-10443.json +++ b/2019/10xxx/CVE-2019-10443.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins iceScrum Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1436", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1436", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10444.json b/2019/10xxx/CVE-2019-10444.json index 567bf02b203..64d75c1dd89 100644 --- a/2019/10xxx/CVE-2019-10444.json +++ b/2019/10xxx/CVE-2019-10444.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Bumblebee HP ALM Plugin", + "version": { + "version_data": [ + { + "version_value": "4.1.3 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10445.json b/2019/10xxx/CVE-2019-10445.json index b931de92d66..fb664a315fb 100644 --- a/2019/10xxx/CVE-2019-10445.json +++ b/2019/10xxx/CVE-2019-10445.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Google Kubernetes Engine Plugin", + "version": { + "version_data": [ + { + "version_value": "0.7.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1607", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1607", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10446.json b/2019/10xxx/CVE-2019-10446.json index 099b3dca635..9d6fa7047e3 100644 --- a/2019/10xxx/CVE-2019-10446.json +++ b/2019/10xxx/CVE-2019-10446.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10446", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Cadence vManager Plugin", + "version": { + "version_data": [ + { + "version_value": "2.7.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1615", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1615", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10447.json b/2019/10xxx/CVE-2019-10447.json index 6de152b2925..a82a465d1c6 100644 --- a/2019/10xxx/CVE-2019-10447.json +++ b/2019/10xxx/CVE-2019-10447.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10447", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sofy.AI Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.3 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10448.json b/2019/10xxx/CVE-2019-10448.json index b7848d996c3..70d43b5c500 100644 --- a/2019/10xxx/CVE-2019-10448.json +++ b/2019/10xxx/CVE-2019-10448.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Extensive Testing Plugin", + "version": { + "version_data": [ + { + "version_value": "1.4.4b and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1432", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1432", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10449.json b/2019/10xxx/CVE-2019-10449.json index 1d4ec33bbc3..771fcedf0df 100644 --- a/2019/10xxx/CVE-2019-10449.json +++ b/2019/10xxx/CVE-2019-10449.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Fortify on Demand Plugin", + "version": { + "version_data": [ + { + "version_value": "4.0.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1433", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1433", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10450.json b/2019/10xxx/CVE-2019-10450.json index b42615bb4ac..ab410bd5d87 100644 --- a/2019/10xxx/CVE-2019-10450.json +++ b/2019/10xxx/CVE-2019-10450.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins ElasticBox CI Plugin", + "version": { + "version_data": [ + { + "version_value": "5.0.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10451.json b/2019/10xxx/CVE-2019-10451.json index c3d4c0a7a9e..d84fa8c50c3 100644 --- a/2019/10xxx/CVE-2019-10451.json +++ b/2019/10xxx/CVE-2019-10451.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10451", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins SOASTA CloudTest Plugin", + "version": { + "version_data": [ + { + "version_value": "2.25 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1439", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1439", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10452.json b/2019/10xxx/CVE-2019-10452.json index 3d28dac408c..23d599b9503 100644 --- a/2019/10xxx/CVE-2019-10452.json +++ b/2019/10xxx/CVE-2019-10452.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10452", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins View26 Test-Reporting Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.7 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1440", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1440", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10453.json b/2019/10xxx/CVE-2019-10453.json index 79ea02d7f77..7cbe6f34dd0 100644 --- a/2019/10xxx/CVE-2019-10453.json +++ b/2019/10xxx/CVE-2019-10453.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10453", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Delphix Plugin", + "version": { + "version_data": [ + { + "version_value": "2.0.4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10454.json b/2019/10xxx/CVE-2019-10454.json index 81f4ed91a38..e8d5f617cd1 100644 --- a/2019/10xxx/CVE-2019-10454.json +++ b/2019/10xxx/CVE-2019-10454.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10454", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Rundeck Plugin", + "version": { + "version_data": [ + { + "version_value": "3.6.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10455.json b/2019/10xxx/CVE-2019-10455.json index 46261d00ccd..d0225545baa 100644 --- a/2019/10xxx/CVE-2019-10455.json +++ b/2019/10xxx/CVE-2019-10455.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10455", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Rundeck Plugin", + "version": { + "version_data": [ + { + "version_value": "3.6.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10456.json b/2019/10xxx/CVE-2019-10456.json index 06ee42273e9..cca008439c1 100644 --- a/2019/10xxx/CVE-2019-10456.json +++ b/2019/10xxx/CVE-2019-10456.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Oracle Cloud Infrastructure Compute Classic Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10457.json b/2019/10xxx/CVE-2019-10457.json index c8d74f0c71e..b445fd46781 100644 --- a/2019/10xxx/CVE-2019-10457.json +++ b/2019/10xxx/CVE-2019-10457.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Oracle Cloud Infrastructure Compute Classic Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10458.json b/2019/10xxx/CVE-2019-10458.json index 99fcefe8754..403c69fe61e 100644 --- a/2019/10xxx/CVE-2019-10458.json +++ b/2019/10xxx/CVE-2019-10458.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Puppet Enterprise Pipeline", + "version": { + "version_data": [ + { + "version_value": "1.3.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-183" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918", + "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918", + "refsource": "CONFIRM" } ] } From 0fe6bed949ff73d8561c4fb5215ce0a653012f7a Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 16 Oct 2019 08:43:27 -0400 Subject: [PATCH 13/18] IBM20191016-84327 Added CVE-2019-4031 --- 2019/4xxx/CVE-2019-4031.json | 111 ++++++++++++++++++++++++++++++----- 1 file changed, 96 insertions(+), 15 deletions(-) diff --git a/2019/4xxx/CVE-2019-4031.json b/2019/4xxx/CVE-2019-4031.json index dc71f415ddb..7b292be282a 100644 --- a/2019/4xxx/CVE-2019-4031.json +++ b/2019/4xxx/CVE-2019-4031.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4031", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4031", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-10-09T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "AC" : "L", + "AV" : "L", + "A" : "H", + "I" : "H", + "UI" : "N", + "C" : "H", + "S" : "U", + "SCORE" : "8.400" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Workload Scheduler Distributed", + "version" : { + "version_data" : [ + { + "version_value" : "9.2" + }, + { + "version_value" : "9.3" + }, + { + "version_value" : "9.4" + }, + { + "version_value" : "9.5" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1076775", + "title" : "IBM Security Bulletin 1076775 (Workload Scheduler Distributed)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1076775" + }, + { + "refsource" : "XF", + "name" : "ibm-tivoli-cve20194031-priv-escalation (155997)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155997", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0" +} From 76a07c08d3bcd412d921e9cb66c7c1377e398bf5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 13:01:10 +0000 Subject: [PATCH 14/18] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15893.json | 62 +++++++++++ 2019/17xxx/CVE-2019-17629.json | 67 ++++++++++++ 2019/17xxx/CVE-2019-17630.json | 67 ++++++++++++ 2019/4xxx/CVE-2019-4031.json | 192 ++++++++++++++++----------------- 4 files changed, 292 insertions(+), 96 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15893.json create mode 100644 2019/17xxx/CVE-2019-17629.json create mode 100644 2019/17xxx/CVE-2019-17630.json diff --git a/2019/15xxx/CVE-2019-15893.json b/2019/15xxx/CVE-2019-15893.json new file mode 100644 index 00000000000..878f987ca52 --- /dev/null +++ b/2019/15xxx/CVE-2019-15893.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/360035055794", + "url": "https://support.sonatype.com/hc/en-us/articles/360035055794" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17629.json b/2019/17xxx/CVE-2019-17629.json new file mode 100644 index 00000000000..e5c5481a648 --- /dev/null +++ b/2019/17xxx/CVE-2019-17629.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the \"file manager > upload images\" screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.cmsmadesimple.org/viewforum.php?f=1", + "refsource": "MISC", + "name": "https://forum.cmsmadesimple.org/viewforum.php?f=1" + }, + { + "url": "http://dev.cmsmadesimple.org/bug/view/12146", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12146" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17630.json b/2019/17xxx/CVE-2019-17630.json new file mode 100644 index 00000000000..3e485bf8c12 --- /dev/null +++ b/2019/17xxx/CVE-2019-17630.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the \"News > Add Article\" screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.cmsmadesimple.org/viewforum.php?f=1", + "refsource": "MISC", + "name": "https://forum.cmsmadesimple.org/viewforum.php?f=1" + }, + { + "url": "http://dev.cmsmadesimple.org/bug/view/12149", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12149" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4031.json b/2019/4xxx/CVE-2019-4031.json index 7b292be282a..8f222c676a6 100644 --- a/2019/4xxx/CVE-2019-4031.json +++ b/2019/4xxx/CVE-2019-4031.json @@ -1,99 +1,99 @@ { - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4031", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-10-09T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "AC" : "L", - "AV" : "L", - "A" : "H", - "I" : "H", - "UI" : "N", - "C" : "H", - "S" : "U", - "SCORE" : "8.400" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Workload Scheduler Distributed", - "version" : { - "version_data" : [ - { - "version_value" : "9.2" - }, - { - "version_value" : "9.3" - }, - { - "version_value" : "9.4" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-4031", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-10-09T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "AC": "L", + "AV": "L", + "A": "H", + "I": "H", + "UI": "N", + "C": "H", + "S": "U", + "SCORE": "8.400" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1076775", - "title" : "IBM Security Bulletin 1076775 (Workload Scheduler Distributed)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1076775" - }, - { - "refsource" : "XF", - "name" : "ibm-tivoli-cve20194031-priv-escalation (155997)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155997", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Workload Scheduler Distributed", + "version": { + "version_data": [ + { + "version_value": "9.2" + }, + { + "version_value": "9.3" + }, + { + "version_value": "9.4" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0" -} + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1076775", + "title": "IBM Security Bulletin 1076775 (Workload Scheduler Distributed)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1076775" + }, + { + "refsource": "XF", + "name": "ibm-tivoli-cve20194031-priv-escalation (155997)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155997", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.", + "lang": "eng" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file From ce782f2778abefa5d136095b886784e2791a3852 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 14:01:07 +0000 Subject: [PATCH 15/18] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10436.json | 3 +- 2019/10xxx/CVE-2019-10437.json | 3 +- 2019/10xxx/CVE-2019-10438.json | 3 +- 2019/10xxx/CVE-2019-10439.json | 3 +- 2019/10xxx/CVE-2019-10440.json | 3 +- 2019/10xxx/CVE-2019-10441.json | 3 +- 2019/10xxx/CVE-2019-10442.json | 3 +- 2019/10xxx/CVE-2019-10443.json | 3 +- 2019/10xxx/CVE-2019-10444.json | 3 +- 2019/10xxx/CVE-2019-10445.json | 3 +- 2019/10xxx/CVE-2019-10446.json | 3 +- 2019/10xxx/CVE-2019-10447.json | 3 +- 2019/10xxx/CVE-2019-10448.json | 3 +- 2019/10xxx/CVE-2019-10449.json | 3 +- 2019/10xxx/CVE-2019-10450.json | 3 +- 2019/10xxx/CVE-2019-10451.json | 3 +- 2019/10xxx/CVE-2019-10452.json | 3 +- 2019/10xxx/CVE-2019-10453.json | 3 +- 2019/10xxx/CVE-2019-10454.json | 3 +- 2019/10xxx/CVE-2019-10455.json | 3 +- 2019/10xxx/CVE-2019-10456.json | 3 +- 2019/10xxx/CVE-2019-10457.json | 3 +- 2019/10xxx/CVE-2019-10458.json | 3 +- 2019/16xxx/CVE-2019-16520.json | 77 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17449.json | 2 +- 25 files changed, 124 insertions(+), 24 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16520.json diff --git a/2019/10xxx/CVE-2019-10436.json b/2019/10xxx/CVE-2019-10436.json index 5c5c3b923fc..670dbdb2aca 100644 --- a/2019/10xxx/CVE-2019-10436.json +++ b/2019/10xxx/CVE-2019-10436.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10436", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10437.json b/2019/10xxx/CVE-2019-10437.json index dc63108dde4..3e1f1b33cee 100644 --- a/2019/10xxx/CVE-2019-10437.json +++ b/2019/10xxx/CVE-2019-10437.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10437", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10438.json b/2019/10xxx/CVE-2019-10438.json index f1d914bbda6..ba29f33b444 100644 --- a/2019/10xxx/CVE-2019-10438.json +++ b/2019/10xxx/CVE-2019-10438.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10438", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10439.json b/2019/10xxx/CVE-2019-10439.json index f1b88745508..912163ccf15 100644 --- a/2019/10xxx/CVE-2019-10439.json +++ b/2019/10xxx/CVE-2019-10439.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10439", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10440.json b/2019/10xxx/CVE-2019-10440.json index 5ef9625763e..d7caa645437 100644 --- a/2019/10xxx/CVE-2019-10440.json +++ b/2019/10xxx/CVE-2019-10440.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10440", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10441.json b/2019/10xxx/CVE-2019-10441.json index 26a7742e1ac..177979d52c9 100644 --- a/2019/10xxx/CVE-2019-10441.json +++ b/2019/10xxx/CVE-2019-10441.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10441", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10442.json b/2019/10xxx/CVE-2019-10442.json index 75418b5efa2..8203b095c36 100644 --- a/2019/10xxx/CVE-2019-10442.json +++ b/2019/10xxx/CVE-2019-10442.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10442", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10443.json b/2019/10xxx/CVE-2019-10443.json index b47425e81df..591ce9cfc59 100644 --- a/2019/10xxx/CVE-2019-10443.json +++ b/2019/10xxx/CVE-2019-10443.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10443", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10444.json b/2019/10xxx/CVE-2019-10444.json index 64d75c1dd89..cb2e6b78e3e 100644 --- a/2019/10xxx/CVE-2019-10444.json +++ b/2019/10xxx/CVE-2019-10444.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10444", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10445.json b/2019/10xxx/CVE-2019-10445.json index fb664a315fb..a608bb9f006 100644 --- a/2019/10xxx/CVE-2019-10445.json +++ b/2019/10xxx/CVE-2019-10445.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10445", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10446.json b/2019/10xxx/CVE-2019-10446.json index 9d6fa7047e3..f48103c674c 100644 --- a/2019/10xxx/CVE-2019-10446.json +++ b/2019/10xxx/CVE-2019-10446.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10446", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10447.json b/2019/10xxx/CVE-2019-10447.json index a82a465d1c6..0a2ad20fe97 100644 --- a/2019/10xxx/CVE-2019-10447.json +++ b/2019/10xxx/CVE-2019-10447.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10447", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10448.json b/2019/10xxx/CVE-2019-10448.json index 70d43b5c500..cb3d57ee47f 100644 --- a/2019/10xxx/CVE-2019-10448.json +++ b/2019/10xxx/CVE-2019-10448.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10448", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10449.json b/2019/10xxx/CVE-2019-10449.json index 771fcedf0df..f12e978122b 100644 --- a/2019/10xxx/CVE-2019-10449.json +++ b/2019/10xxx/CVE-2019-10449.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10449", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10450.json b/2019/10xxx/CVE-2019-10450.json index ab410bd5d87..e0868778318 100644 --- a/2019/10xxx/CVE-2019-10450.json +++ b/2019/10xxx/CVE-2019-10450.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10450", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10451.json b/2019/10xxx/CVE-2019-10451.json index d84fa8c50c3..a57347bd8b4 100644 --- a/2019/10xxx/CVE-2019-10451.json +++ b/2019/10xxx/CVE-2019-10451.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10451", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10452.json b/2019/10xxx/CVE-2019-10452.json index 23d599b9503..330e4a581d8 100644 --- a/2019/10xxx/CVE-2019-10452.json +++ b/2019/10xxx/CVE-2019-10452.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10452", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10453.json b/2019/10xxx/CVE-2019-10453.json index 7cbe6f34dd0..7b797ba3668 100644 --- a/2019/10xxx/CVE-2019-10453.json +++ b/2019/10xxx/CVE-2019-10453.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10453", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10454.json b/2019/10xxx/CVE-2019-10454.json index e8d5f617cd1..f854da9dcc4 100644 --- a/2019/10xxx/CVE-2019-10454.json +++ b/2019/10xxx/CVE-2019-10454.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10454", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10455.json b/2019/10xxx/CVE-2019-10455.json index d0225545baa..a933a9b8c83 100644 --- a/2019/10xxx/CVE-2019-10455.json +++ b/2019/10xxx/CVE-2019-10455.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10455", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10456.json b/2019/10xxx/CVE-2019-10456.json index cca008439c1..3a4fa345197 100644 --- a/2019/10xxx/CVE-2019-10456.json +++ b/2019/10xxx/CVE-2019-10456.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10456", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10457.json b/2019/10xxx/CVE-2019-10457.json index b445fd46781..92ff31fa6e5 100644 --- a/2019/10xxx/CVE-2019-10457.json +++ b/2019/10xxx/CVE-2019-10457.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10457", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/10xxx/CVE-2019-10458.json b/2019/10xxx/CVE-2019-10458.json index 403c69fe61e..4e7b708cab4 100644 --- a/2019/10xxx/CVE-2019-10458.json +++ b/2019/10xxx/CVE-2019-10458.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-10458", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/16xxx/CVE-2019-16520.json b/2019/16xxx/CVE-2019-16520.json new file mode 100644 index 00000000000..5ab51161a59 --- /dev/null +++ b/2019/16xxx/CVE-2019-16520.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers" + }, + { + "url": "https://semperplugins.com/all-in-one-seo-pack-changelog/", + "refsource": "MISC", + "name": "https://semperplugins.com/all-in-one-seo-pack-changelog/" + }, + { + "url": "https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888", + "refsource": "MISC", + "name": "https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888" + }, + { + "refsource": "MISC", + "name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack", + "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17449.json b/2019/17xxx/CVE-2019-17449.json index 9f7412a5674..e8591f03556 100644 --- a/2019/17xxx/CVE-2019-17449.json +++ b/2019/17xxx/CVE-2019-17449.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack." + "value": "** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges." } ] }, From 5362d401ee96927148b6d470bad2713cebe379eb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 15:01:00 +0000 Subject: [PATCH 16/18] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10442.json | 5 +++ 2019/10xxx/CVE-2019-10443.json | 5 +++ 2019/10xxx/CVE-2019-10445.json | 5 +++ 2019/10xxx/CVE-2019-10447.json | 5 +++ 2019/10xxx/CVE-2019-10453.json | 5 +++ 2019/10xxx/CVE-2019-10457.json | 5 +++ 2019/16xxx/CVE-2019-16521.json | 67 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16522.json | 67 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16523.json | 67 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16866.json | 5 +++ 2019/6xxx/CVE-2019-6333.json | 5 +++ 2019/6xxx/CVE-2019-6334.json | 58 +++++++++++++++++++++++++---- 12 files changed, 292 insertions(+), 7 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16521.json create mode 100644 2019/16xxx/CVE-2019-16522.json create mode 100644 2019/16xxx/CVE-2019-16523.json diff --git a/2019/10xxx/CVE-2019-10442.json b/2019/10xxx/CVE-2019-10442.json index 8203b095c36..cf490e0ab45 100644 --- a/2019/10xxx/CVE-2019-10442.json +++ b/2019/10xxx/CVE-2019-10442.json @@ -56,6 +56,11 @@ "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484", "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/6" } ] } diff --git a/2019/10xxx/CVE-2019-10443.json b/2019/10xxx/CVE-2019-10443.json index 591ce9cfc59..48eee2bc299 100644 --- a/2019/10xxx/CVE-2019-10443.json +++ b/2019/10xxx/CVE-2019-10443.json @@ -56,6 +56,11 @@ "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1436", "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1436", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/6" } ] } diff --git a/2019/10xxx/CVE-2019-10445.json b/2019/10xxx/CVE-2019-10445.json index a608bb9f006..92543c759ce 100644 --- a/2019/10xxx/CVE-2019-10445.json +++ b/2019/10xxx/CVE-2019-10445.json @@ -56,6 +56,11 @@ "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1607", "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1607", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/6" } ] } diff --git a/2019/10xxx/CVE-2019-10447.json b/2019/10xxx/CVE-2019-10447.json index 0a2ad20fe97..140fac7a490 100644 --- a/2019/10xxx/CVE-2019-10447.json +++ b/2019/10xxx/CVE-2019-10447.json @@ -56,6 +56,11 @@ "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431", "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/6" } ] } diff --git a/2019/10xxx/CVE-2019-10453.json b/2019/10xxx/CVE-2019-10453.json index 7b797ba3668..72f350d542b 100644 --- a/2019/10xxx/CVE-2019-10453.json +++ b/2019/10xxx/CVE-2019-10453.json @@ -56,6 +56,11 @@ "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450", "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/6" } ] } diff --git a/2019/10xxx/CVE-2019-10457.json b/2019/10xxx/CVE-2019-10457.json index 92ff31fa6e5..dd4d96493f1 100644 --- a/2019/10xxx/CVE-2019-10457.json +++ b/2019/10xxx/CVE-2019-10457.json @@ -56,6 +56,11 @@ "name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462", "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/6" } ] } diff --git a/2019/16xxx/CVE-2019-16521.json b/2019/16xxx/CVE-2019-16521.json new file mode 100644 index 00000000000..460a226aa4e --- /dev/null +++ b/2019/16xxx/CVE-2019-16521.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/broken-link-checker/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/broken-link-checker/#developers" + }, + { + "refsource": "MISC", + "name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker", + "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16522.json b/2019/16xxx/CVE-2019-16522.json new file mode 100644 index 00000000000..2c6598d870f --- /dev/null +++ b/2019/16xxx/CVE-2019-16522.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/eu-cookie-law/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/eu-cookie-law/#developers" + }, + { + "refsource": "MISC", + "name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_Law", + "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-01_WordPress_Plugin_EU_Cookie_Law" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16523.json b/2019/16xxx/CVE-2019-16523.json new file mode 100644 index 00000000000..c6edbda343c --- /dev/null +++ b/2019/16xxx/CVE-2019-16523.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/events-manager/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/events-manager/#developers" + }, + { + "refsource": "MISC", + "name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager", + "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16866.json b/2019/16xxx/CVE-2019-16866.json index 77faff08ae5..f9a34bc7d47 100644 --- a/2019/16xxx/CVE-2019-16866.json +++ b/2019/16xxx/CVE-2019-16866.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4149-1", "url": "https://usn.ubuntu.com/4149-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4544", + "url": "https://www.debian.org/security/2019/dsa-4544" } ] } diff --git a/2019/6xxx/CVE-2019-6333.json b/2019/6xxx/CVE-2019-6333.json index 5bef61727d6..b70f5813e49 100644 --- a/2019/6xxx/CVE-2019-6333.json +++ b/2019/6xxx/CVE-2019-6333.json @@ -44,6 +44,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333", + "url": "https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333" + }, { "refsource": "CONFIRM", "name": "https://support.hp.com/us-en/document/c06463166", diff --git a/2019/6xxx/CVE-2019-6334.json b/2019/6xxx/CVE-2019-6334.json index cb6b3f29ec3..92497c58840 100644 --- a/2019/6xxx/CVE-2019-6334.json +++ b/2019/6xxx/CVE-2019-6334.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6334", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6334", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP Color LaserJet CM4540 MFP,HP Color LaserJet Managed flow MFP M880zm,HP Color LaserJet Enterprise flow MFP M880z,HP Color LaserJet Enterprise M552,HP Color LaserJet Managed M553,HP Color LaserJet Enterprise M553,HP Color LaserJet Managed M651,HP Color LaserJet Enterprise M651,HP Color LaserJet Enterprise M652,HP Color LaserJet Enterprise M653,HP Color LaserJet Enterprise M750,HP Color LaserJet Managed E75245,HP Color LaserJet Enterprise M751,HP Color LaserJet Enterprise M855,HP Color LaserJet Enterprise Flow MFP M577,HP Color LaserJet Enterprise MFP M577,HP Color LaserJet Enterprise Flow MFP M680,HP Color LaserJet Enterprise MFP M680,HP Color LaserJet Enterprise flow MFP M681,HP Color LaserJet Enterprise MFP M681,HP Color LaserJet Enterprise flow MFP M682,HP Color LaserJet Enterprise MFP M682,HP Color LaserJet Enterprises CP5525,HP Color LaserJet Managed E55040dw,HP Color LaserJet Managed E65050/60,HP Color LaserJet Managed flow MFP E77822/25/30,HP Color LaserJet Managed flow MFP E57540,HP Color LaserJet Managed MFP E57540,HP Color LaserJet Managed flow MFP E67550/60,HP Color LaserJet Managed MFP E67550/60,HP Color LaserJet Managed MFP E77422/28,HP Color LaserJet Managed MFP E77822/25/30,HP Color LaserJet Managed flow MFP E87640/50/60,HP Color LaserJet Managed MFP E87640/50/60,HP Color LaserJet Managed Flow MFP M577,HP Color LaserJet Managed MFP M577,HP Color LaserJet Managed Flow MFP M680,HP Color LaserJet Managed MFP M680,HP LaserJet Enterprise 500 Color M551HP LaserJet Enterprise color flow MFP M575,HP LaserJet Enterprise 500 color MFP M575,HP LaserJet Enterprise Flow MFP M525,HP LaserJet Enterprise 500 MFP M525f,HP LaserJet Enterprise 600 M601,HP LaserJet Enterprise 600 M602,HP LaserJet Enterprise 600 M603,HP Color LaserJet Managed MFP M775,HP LaserJet Enterprise 700 color MFP M775,HP LaserJet Enterprise 700 M712,HP LaserJet Managed flow MFP M630,HP LaserJet Enterprise flow MFP M630,HP LaserJet Managed flow MFP M830,HP LaserJet Enterprise flow MFP M830,HP LaserJet Enterprise M4555 MFP,HP LaserJet Managed M506,HP LaserJet Enterprise M506,HP LaserJet Managed E50145,HP LaserJet Enterprise M507,HP LaserJet Enterprise M604,HP LaserJet Managed M605,HP LaserJet Enterprise M605,HP LaserJet Enterprise M606,HP LaserJet Enterprise M607,HP LaserJet Enterprise M608,HP LaserJet Enterprise M609,HP LaserJet Enterprise M806,HP LaserJet Enterprise Flow MFP M527z,HP LaserJet Enterprise MFP M527,HP LaserJet Managed MFP E52645,HP LaserJet Enterprise MFP M528,HP LaserJet Managed MFP M630,HP LaserJet Enterprise MFP M630,HP LaserJet Enterprise flow MFP M631,HP LaserJet Enterprise MFP M631,HP LaserJet Enterprise flow MFP M632,HP LaserJet Enterprise MFP M632,HP LaserJet Enterprise flow MFP M633,HP LaserJet Enterprise MFP M633,HP LaserJet Managed MFP M725,HP LaserJet Enterprise MFP M725,HP LaserJet Managed color flow MFP M575,HP LaserJet Managed 500 color MFP M575,HP LaserJet Managed Flow MFP M525,HP LaserJet Managed 500 MFP M525,HP LaserJet Managed E50045,HP LaserJet Managed E60055/65/75,HP LaserJet Managed flow MFP E52545c,HP LaserJet Managed MFP E52545,HP LaserJet Managed flow MFP E62555/65/75,HP LaserJet Managed MFP E62555/65,HP LaserJet Managed MFP E72425/30,HP LaserJet Managed flow MFP E72525/30/35,HP LaserJet Managed MFP E72525/30/35,HP LaserJet Managed flow MFP E82540/50/60,HP LaserJet Managed MFP E82540/50/60,HP LaserJet Managed Flow MFP M527z,HP LaserJet Managed MFP M527,HP OfficeJet Managed Color flow MFP X585,HP OfficeJet Enterprise Color flow MFP X585,HP OfficeJet Managed Color MFP X585,HP OfficeJet Enterprise Color MFP X585,HP OfficeJet Enterprise Color X555,HP PageWide Color 755,HP PageWide Color MFP 774,HP PageWide Color MFP 779,HP PageWide Enterprise Color 556,HP PageWide Enterprise Color 765,HP PageWide Enterprise Color Flow MFP 785,HP PageWide Enterprise Color flow MFP 586z,HP PageWide Enterprise Color MFP 586,HP PageWide Enterprise Color Flow MFP 780f,HP PageWide Enterprise Color MFP 780,HP PageWide Managed Color E55650,HP PageWide Managed Color E75160,HP PageWide Managed Color flow MFP E77660z,HP PageWide Managed Color flow MFP E58650z,HP PageWide Managed Color MFP E58650dn,HP PageWide Managed Color Flow MFP E77650/60z,HP PageWide Managed Color MFP E77650,HP PageWide Managed Color MFP P77440,HP PageWide Managed Color MFP P77940/50/60,HP PageWide Managed Color P75250,HP Scanjet Enterprise 8500 fn1 Document Capture Workstation,HP Digital Sender flow 8500 fn2 Document Capture Workstation,HP ScanJet Enterprise flow N9120 fn2 Document Scanner", + "version": { + "version_data": [ + { + "version_value": "Multiple" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of arbitrary code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06447795", + "url": "https://support.hp.com/us-en/document/c06447795" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code." } ] } From 60a68e1de6743edaa073d525c8d4090b00481f9b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 16:01:08 +0000 Subject: [PATCH 17/18] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10092.json | 5 +++ 2019/11xxx/CVE-2019-11281.json | 20 ++++------- 2019/16xxx/CVE-2019-16866.json | 5 +++ 2019/17xxx/CVE-2019-17660.json | 62 ++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+), 14 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17660.json diff --git a/2019/10xxx/CVE-2019-10092.json b/2019/10xxx/CVE-2019-10092.json index 3eab24040de..c2d48e09202 100644 --- a/2019/10xxx/CVE-2019-10092.json +++ b/2019/10xxx/CVE-2019-10092.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20191016 [SECURITY] [DSA 4509-3] apache2 security update", + "url": "https://seclists.org/bugtraq/2019/Oct/24" } ] }, diff --git a/2019/11xxx/CVE-2019-11281.json b/2019/11xxx/CVE-2019-11281.json index b2eabd70a97..d15006b8f0b 100644 --- a/2019/11xxx/CVE-2019-11281.json +++ b/2019/11xxx/CVE-2019-11281.json @@ -16,6 +16,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Pivotal", "product": { "product_data": [ { @@ -23,9 +24,7 @@ "version": { "version_data": [ { - "affected": "<", - "version_name": "All", - "version_value": "v3.7.18" + "version_value": "prior to v3.7.18" } ] } @@ -35,26 +34,19 @@ "version": { "version_data": [ { - "affected": "<", - "version_name": "1.15", - "version_value": "1.15.13" + "version_value": "1.15.x prior to 1.15.13" }, { - "affected": "<", - "version_name": "1.16", - "version_value": "1.16.6" + "version_value": "11.16.x prior to 1.16.6" }, { - "affected": "<", - "version_name": "1.17", - "version_value": "1.17.3" + "version_value": "1.17.x prior to 1.17.3" } ] } } ] - }, - "vendor_name": "Pivotal" + } } ] } diff --git a/2019/16xxx/CVE-2019-16866.json b/2019/16xxx/CVE-2019-16866.json index f9a34bc7d47..dfe7093c3c5 100644 --- a/2019/16xxx/CVE-2019-16866.json +++ b/2019/16xxx/CVE-2019-16866.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4544", "url": "https://www.debian.org/security/2019/dsa-4544" + }, + { + "refsource": "BUGTRAQ", + "name": "20191016 [SECURITY] [DSA 4544-1] unbound security update", + "url": "https://seclists.org/bugtraq/2019/Oct/23" } ] } diff --git a/2019/17xxx/CVE-2019-17660.json b/2019/17xxx/CVE-2019-17660.json new file mode 100644 index 00000000000..7c56d5e1791 --- /dev/null +++ b/2019/17xxx/CVE-2019-17660.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kbgsft/vuln-limesurvey/wiki/Reflected-XSS-in-LimeSurvey-3.19.1-by-xcuter", + "refsource": "MISC", + "name": "https://github.com/kbgsft/vuln-limesurvey/wiki/Reflected-XSS-in-LimeSurvey-3.19.1-by-xcuter" + } + ] + } +} \ No newline at end of file From 24a201a4618e98f463a6820867e7d2bde140f321 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Oct 2019 17:01:01 +0000 Subject: [PATCH 18/18] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11932.json | 7 ++++++- 2019/13xxx/CVE-2019-13616.json | 5 +++++ 2019/16xxx/CVE-2019-16520.json | 10 ++++++++++ 2019/17xxx/CVE-2019-17624.json | 5 +++++ 2019/7xxx/CVE-2019-7572.json | 5 +++++ 2019/7xxx/CVE-2019-7573.json | 5 +++++ 2019/7xxx/CVE-2019-7574.json | 5 +++++ 2019/7xxx/CVE-2019-7575.json | 5 +++++ 2019/7xxx/CVE-2019-7576.json | 5 +++++ 2019/7xxx/CVE-2019-7577.json | 5 +++++ 2019/7xxx/CVE-2019-7578.json | 5 +++++ 2019/7xxx/CVE-2019-7635.json | 5 +++++ 2019/7xxx/CVE-2019-7636.json | 5 +++++ 2019/7xxx/CVE-2019-7637.json | 5 +++++ 14 files changed, 76 insertions(+), 1 deletion(-) diff --git a/2019/11xxx/CVE-2019-11932.json b/2019/11xxx/CVE-2019-11932.json index f74b84a7532..21f40962e77 100644 --- a/2019/11xxx/CVE-2019-11932.json +++ b/2019/11xxx/CVE-2019-11932.json @@ -62,7 +62,12 @@ "refsource": "CONFIRM", "name": "https://www.facebook.com/security/advisories/cve-2019-11932", "url": "https://www.facebook.com/security/advisories/cve-2019-11932" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html" } ] } -} +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13616.json b/2019/13xxx/CVE-2019-13616.json index 2548fcc7400..6285364af5e 100644 --- a/2019/13xxx/CVE-2019-13616.json +++ b/2019/13xxx/CVE-2019-13616.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/16xxx/CVE-2019-16520.json b/2019/16xxx/CVE-2019-16520.json index 5ab51161a59..49c3920da39 100644 --- a/2019/16xxx/CVE-2019-16520.json +++ b/2019/16xxx/CVE-2019-16520.json @@ -71,6 +71,16 @@ "refsource": "MISC", "name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack", "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191016 [SBA-ADV-20190913-04] CVE-2019-16520: WordPress Plugin - All in One SEO Pack <= 3.2.6 - Stored XSS", + "url": "http://www.openwall.com/lists/oss-security/2019/10/16/5" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9915", + "url": "https://wpvulndb.com/vulnerabilities/9915" } ] } diff --git a/2019/17xxx/CVE-2019-17624.json b/2019/17xxx/CVE-2019-17624.json index db2fd4ca402..045c5a2c6d6 100644 --- a/2019/17xxx/CVE-2019-17624.json +++ b/2019/17xxx/CVE-2019-17624.json @@ -61,6 +61,11 @@ "url": "https://www.x.org/releases/individual/xserver/", "refsource": "MISC", "name": "https://www.x.org/releases/individual/xserver/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html", + "url": "http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html" } ] } diff --git a/2019/7xxx/CVE-2019-7572.json b/2019/7xxx/CVE-2019-7572.json index 0295b4bc0dd..6f746c9419c 100644 --- a/2019/7xxx/CVE-2019-7572.json +++ b/2019/7xxx/CVE-2019-7572.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7573.json b/2019/7xxx/CVE-2019-7573.json index a3fdb40848d..1acf3f25fd8 100644 --- a/2019/7xxx/CVE-2019-7573.json +++ b/2019/7xxx/CVE-2019-7573.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7574.json b/2019/7xxx/CVE-2019-7574.json index 3532c68b507..03ae2c2aa9f 100644 --- a/2019/7xxx/CVE-2019-7574.json +++ b/2019/7xxx/CVE-2019-7574.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7575.json b/2019/7xxx/CVE-2019-7575.json index c3832d05d7c..5b658277bbb 100644 --- a/2019/7xxx/CVE-2019-7575.json +++ b/2019/7xxx/CVE-2019-7575.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7576.json b/2019/7xxx/CVE-2019-7576.json index 5769b2b7bd4..839e4b2a5cd 100644 --- a/2019/7xxx/CVE-2019-7576.json +++ b/2019/7xxx/CVE-2019-7576.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7577.json b/2019/7xxx/CVE-2019-7577.json index a7279ace764..be408534be6 100644 --- a/2019/7xxx/CVE-2019-7577.json +++ b/2019/7xxx/CVE-2019-7577.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7578.json b/2019/7xxx/CVE-2019-7578.json index 69b2042e755..0e22ea88bab 100644 --- a/2019/7xxx/CVE-2019-7578.json +++ b/2019/7xxx/CVE-2019-7578.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7635.json b/2019/7xxx/CVE-2019-7635.json index 39029384a09..eec51621379 100644 --- a/2019/7xxx/CVE-2019-7635.json +++ b/2019/7xxx/CVE-2019-7635.json @@ -121,6 +121,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7636.json b/2019/7xxx/CVE-2019-7636.json index c369d64fb29..a86929003b5 100644 --- a/2019/7xxx/CVE-2019-7636.json +++ b/2019/7xxx/CVE-2019-7636.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7637.json b/2019/7xxx/CVE-2019-7637.json index 9f579c047e6..46fb3f09cf3 100644 --- a/2019/7xxx/CVE-2019-7637.json +++ b/2019/7xxx/CVE-2019-7637.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4156-1", "url": "https://usn.ubuntu.com/4156-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4156-2", + "url": "https://usn.ubuntu.com/4156-2/" } ] }