From 318a9675cbc607b5e1cce600bcbb0aca953d69c4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 Nov 2019 21:01:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/2xxx/CVE-2013-2092.json | 60 ++++++++++++++++++- 2013/2xxx/CVE-2013-2093.json | 65 ++++++++++++++++++++- 2015/3xxx/CVE-2015-3166.json | 102 ++++++++++++++++++++++++++++++++- 2015/3xxx/CVE-2015-3167.json | 102 ++++++++++++++++++++++++++++++++- 2018/0xxx/CVE-2018-0734.json | 5 ++ 2018/0xxx/CVE-2018-0737.json | 5 ++ 2018/17xxx/CVE-2018-17189.json | 5 ++ 2018/17xxx/CVE-2018-17199.json | 5 ++ 2018/5xxx/CVE-2018-5407.json | 5 ++ 2019/0xxx/CVE-2019-0196.json | 5 ++ 2019/0xxx/CVE-2019-0197.json | 5 ++ 2019/0xxx/CVE-2019-0217.json | 5 ++ 2019/18xxx/CVE-2019-18858.json | 5 ++ 2019/9xxx/CVE-2019-9511.json | 5 ++ 2019/9xxx/CVE-2019-9513.json | 5 ++ 2019/9xxx/CVE-2019-9516.json | 5 ++ 2019/9xxx/CVE-2019-9517.json | 5 ++ 17 files changed, 382 insertions(+), 12 deletions(-) diff --git a/2013/2xxx/CVE-2013-2092.json b/2013/2xxx/CVE-2013-2092.json index 91590672db9..d4a1d08061e 100644 --- a/2013/2xxx/CVE-2013-2092.json +++ b/2013/2xxx/CVE-2013-2092.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2092", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dolibarr", + "version": { + "version_data": [ + { + "version_value": "3.3.4-1" + } + ] + } + } + ] + }, + "vendor_name": "dolibarr" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2092", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2092" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/05/14/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/14/3" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b04907005", + "url": "https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b04907005" } ] } diff --git a/2013/2xxx/CVE-2013-2093.json b/2013/2xxx/CVE-2013-2093.json index 80f58502dbd..b77be693192 100644 --- a/2013/2xxx/CVE-2013-2093.json +++ b/2013/2xxx/CVE-2013-2093.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2093", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dolibarr", + "version": { + "version_data": [ + { + "version_value": "3.3.4-1" + } + ] + } + } + ] + }, + "vendor_name": "dolibarr" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/14/3", + "url": "http://www.openwall.com/lists/oss-security/2013/05/14/3" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2093", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2093" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84249", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84249" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e97fff", + "url": "https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e97fff" } ] } diff --git a/2015/3xxx/CVE-2015-3166.json b/2015/3xxx/CVE-2015-3166.json index bf417fb5bd6..3a75c85f490 100644 --- a/2015/3xxx/CVE-2015-3166.json +++ b/2015/3xxx/CVE-2015-3166.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3166", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,103 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.20" + }, + { + "version_value": "9.1.x before 9.1.16" + }, + { + "version_value": "9.2.x before 9.2.11" + }, + { + "version_value": "9.3.x before 9.3.7" + }, + { + "version_value": "and 9.4.x before 9.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.postgresql.org/about/news/1587/", + "url": "http://www.postgresql.org/about/news/1587/" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", + "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", + "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", + "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", + "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3269", + "url": "http://www.debian.org/security/2015/dsa-3269" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3270", + "url": "http://www.debian.org/security/2015/dsa-3270" + }, + { + "refsource": "MISC", + "name": "http://ubuntu.com/usn/usn-2621-1", + "url": "http://ubuntu.com/usn/usn-2621-1" } ] } diff --git a/2015/3xxx/CVE-2015-3167.json b/2015/3xxx/CVE-2015-3167.json index 822760dff47..f3bee28a44d 100644 --- a/2015/3xxx/CVE-2015-3167.json +++ b/2015/3xxx/CVE-2015-3167.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3167", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,103 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.20" + }, + { + "version_value": "9.1.x before 9.1.16" + }, + { + "version_value": "9.2.x before 9.2.11" + }, + { + "version_value": "9.3.x before 9.3.7" + }, + { + "version_value": "and 9.4.x before 9.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.postgresql.org/about/news/1587/", + "url": "http://www.postgresql.org/about/news/1587/" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", + "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", + "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", + "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", + "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html" + }, + { + "refsource": "MISC", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3269", + "url": "http://www.debian.org/security/2015/dsa-3269" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3270", + "url": "http://www.debian.org/security/2015/dsa-3270" + }, + { + "refsource": "MISC", + "name": "http://ubuntu.com/usn/usn-2621-1", + "url": "http://ubuntu.com/usn/usn-2621-1" } ] } diff --git a/2018/0xxx/CVE-2018-0734.json b/2018/0xxx/CVE-2018-0734.json index da8b14aedd6..e3acfa04ab2 100644 --- a/2018/0xxx/CVE-2018-0734.json +++ b/2018/0xxx/CVE-2018-0734.json @@ -202,6 +202,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] } diff --git a/2018/0xxx/CVE-2018-0737.json b/2018/0xxx/CVE-2018-0737.json index c8380aa8ccb..991eb3e868a 100644 --- a/2018/0xxx/CVE-2018-0737.json +++ b/2018/0xxx/CVE-2018-0737.json @@ -224,6 +224,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] } diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index 9f16a122526..47e731befd4 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -132,6 +132,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] } diff --git a/2018/17xxx/CVE-2018-17199.json b/2018/17xxx/CVE-2018-17199.json index 908268be9da..c2ca8e0569c 100644 --- a/2018/17xxx/CVE-2018-17199.json +++ b/2018/17xxx/CVE-2018-17199.json @@ -127,6 +127,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] } diff --git a/2018/5xxx/CVE-2018-5407.json b/2018/5xxx/CVE-2018-5407.json index 0c82380213e..73825b67eb1 100644 --- a/2018/5xxx/CVE-2018-5407.json +++ b/2018/5xxx/CVE-2018-5407.json @@ -176,6 +176,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] } diff --git a/2019/0xxx/CVE-2019-0196.json b/2019/0xxx/CVE-2019-0196.json index 85bc34e8a4f..199aae3b7d1 100644 --- a/2019/0xxx/CVE-2019-0196.json +++ b/2019/0xxx/CVE-2019-0196.json @@ -163,6 +163,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] }, diff --git a/2019/0xxx/CVE-2019-0197.json b/2019/0xxx/CVE-2019-0197.json index 7abcc4349f4..da1a2933a02 100644 --- a/2019/0xxx/CVE-2019-0197.json +++ b/2019/0xxx/CVE-2019-0197.json @@ -133,6 +133,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] }, diff --git a/2019/0xxx/CVE-2019-0217.json b/2019/0xxx/CVE-2019-0217.json index 9606cb4d826..45daa1eef89 100644 --- a/2019/0xxx/CVE-2019-0217.json +++ b/2019/0xxx/CVE-2019-0217.json @@ -173,6 +173,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] }, diff --git a/2019/18xxx/CVE-2019-18858.json b/2019/18xxx/CVE-2019-18858.json index 3a7680af65f..2606628a82d 100644 --- a/2019/18xxx/CVE-2019-18858.json +++ b/2019/18xxx/CVE-2019-18858.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-48", + "url": "https://www.tenable.com/security/research/tra-2019-48" } ] } diff --git a/2019/9xxx/CVE-2019-9511.json b/2019/9xxx/CVE-2019-9511.json index 356d460c375..3670ac98a6a 100644 --- a/2019/9xxx/CVE-2019-9511.json +++ b/2019/9xxx/CVE-2019-9511.json @@ -273,6 +273,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] }, diff --git a/2019/9xxx/CVE-2019-9513.json b/2019/9xxx/CVE-2019-9513.json index bf28c5fa9a2..d8641f92e5a 100644 --- a/2019/9xxx/CVE-2019-9513.json +++ b/2019/9xxx/CVE-2019-9513.json @@ -268,6 +268,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] }, diff --git a/2019/9xxx/CVE-2019-9516.json b/2019/9xxx/CVE-2019-9516.json index 9bbadb38a3b..3f636d732cf 100644 --- a/2019/9xxx/CVE-2019-9516.json +++ b/2019/9xxx/CVE-2019-9516.json @@ -253,6 +253,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] }, diff --git a/2019/9xxx/CVE-2019-9517.json b/2019/9xxx/CVE-2019-9517.json index 2ce8792fe98..a6e24d20071 100644 --- a/2019/9xxx/CVE-2019-9517.json +++ b/2019/9xxx/CVE-2019-9517.json @@ -253,6 +253,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3932", + "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ] },