From 31eb13a6942b79ee31d20d379c08788024b4c74f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 May 2019 15:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12152.json | 18 ++++++++++ 2019/8xxx/CVE-2019-8927.json | 63 ++++++++++++++++++++++++++++++++-- 2019/8xxx/CVE-2019-8928.json | 63 ++++++++++++++++++++++++++++++++-- 2019/8xxx/CVE-2019-8929.json | 63 ++++++++++++++++++++++++++++++++-- 2019/8xxx/CVE-2019-8937.json | 58 +++++++++++++++++++++++++++++-- 5 files changed, 257 insertions(+), 8 deletions(-) create mode 100644 2019/12xxx/CVE-2019-12152.json diff --git a/2019/12xxx/CVE-2019-12152.json b/2019/12xxx/CVE-2019-12152.json new file mode 100644 index 00000000000..a79c2bc1e7a --- /dev/null +++ b/2019/12xxx/CVE-2019-12152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8927.json b/2019/8xxx/CVE-2019-8927.json index e3b0deb5816..4dccedc7a24 100644 --- a/2019/8xxx/CVE-2019-8927.json +++ b/2019/8xxx/CVE-2019-8927.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8927", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Feb/45", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Feb/45" + }, + { + "url": "https://www.exploit-db.com/exploits/46425/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46425/" } ] } diff --git a/2019/8xxx/CVE-2019-8928.json b/2019/8xxx/CVE-2019-8928.json index f394c877ebd..9e6489a7f65 100644 --- a/2019/8xxx/CVE-2019-8928.json +++ b/2019/8xxx/CVE-2019-8928.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8928", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46425", + "url": "https://www.exploit-db.com/exploits/46425/" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190119 [CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/45" } ] } diff --git a/2019/8xxx/CVE-2019-8929.json b/2019/8xxx/CVE-2019-8929.json index 64d3333edd4..b877d73d14f 100644 --- a/2019/8xxx/CVE-2019-8929.json +++ b/2019/8xxx/CVE-2019-8929.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8929", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46425", + "url": "https://www.exploit-db.com/exploits/46425/" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190219 [CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/45" } ] } diff --git a/2019/8xxx/CVE-2019-8937.json b/2019/8xxx/CVE-2019-8937.json index acc71f7d428..b9a48d96c5a 100644 --- a/2019/8xxx/CVE-2019-8937.json +++ b/2019/8xxx/CVE-2019-8937.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8937", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46429", + "url": "https://www.exploit-db.com/exploits/46429/" + }, + { + "url": "https://sourceforge.net/projects/hoteldruid/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/hoteldruid/" } ] }