diff --git a/2018/0xxx/CVE-2018-0728.json b/2018/0xxx/CVE-2018-0728.json index d66c4b17bd4..550042f98b1 100644 --- a/2018/0xxx/CVE-2018-0728.json +++ b/2018/0xxx/CVE-2018-0728.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-0728", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-0728", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices", + "version": { + "version_data": [ + { + "version_value": "All QTS versions: Helpdesk before version 3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-20", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-20" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions." } ] } diff --git a/2018/0xxx/CVE-2018-0729.json b/2018/0xxx/CVE-2018-0729.json index 661be04b495..01529802855 100644 --- a/2018/0xxx/CVE-2018-0729.json +++ b/2018/0xxx/CVE-2018-0729.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-0729", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-0729", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: Music Station before version 5.3.5, QTS 4.3.6: Music Station before version 5.2.7, QTS 4.3.4: Music Station before version 5.1.11, QTS 4.3.3: Music Station before version 5.1.11, QTS 4.2.6: Music Station before version 4.8.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Commend Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-20", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-20" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions." } ] } diff --git a/2018/0xxx/CVE-2018-0730.json b/2018/0xxx/CVE-2018-0730.json index 195359f1456..55d6148ad2b 100644 --- a/2018/0xxx/CVE-2018-0730.json +++ b/2018/0xxx/CVE-2018-0730.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-0730", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-0730", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: before build 20190918, QTS 4.3.6: before build 20190328, QTS 4.3.4: before build 20190325, QTS 4.3.3: before build 20190325, QTS 4.2.6: before build 20190325" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Commend Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-20", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-20" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions." } ] } diff --git a/2019/11xxx/CVE-2019-11935.json b/2019/11xxx/CVE-2019-11935.json index 608e4671384..38877f0676b 100644 --- a/2019/11xxx/CVE-2019-11935.json +++ b/2019/11xxx/CVE-2019-11935.json @@ -116,13 +116,13 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7", - "url": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7" + "name": "https://hhvm.com/blog/2019/10/28/security-update.html", + "url": "https://hhvm.com/blog/2019/10/28/security-update.html" }, { "refsource": "CONFIRM", - "name": "https://hhvm.com/blog/2019/10/28/security-update.html", - "url": "https://hhvm.com/blog/2019/10/28/security-update.html" + "name": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7", + "url": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7" }, { "refsource": "CONFIRM", @@ -131,4 +131,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11936.json b/2019/11xxx/CVE-2019-11936.json index eba90a5d76e..a5505c86bc3 100644 --- a/2019/11xxx/CVE-2019-11936.json +++ b/2019/11xxx/CVE-2019-11936.json @@ -116,13 +116,13 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373", - "url": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373" + "name": "https://hhvm.com/blog/2019/10/28/security-update.html", + "url": "https://hhvm.com/blog/2019/10/28/security-update.html" }, { "refsource": "CONFIRM", - "name": "https://hhvm.com/blog/2019/10/28/security-update.html", - "url": "https://hhvm.com/blog/2019/10/28/security-update.html" + "name": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373", + "url": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373" }, { "refsource": "CONFIRM", @@ -131,4 +131,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11937.json b/2019/11xxx/CVE-2019-11937.json index 080aae75823..2decf7efff8 100644 --- a/2019/11xxx/CVE-2019-11937.json +++ b/2019/11xxx/CVE-2019-11937.json @@ -58,16 +58,16 @@ }, "references": { "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://www.facebook.com/security/advisories/cve-2019-11937", - "url": "https://www.facebook.com/security/advisories/cve-2019-11937" - }, { "refsource": "MISC", "name": "https://github.com/facebook/mcrouter/releases/tag/v0.41.0-release", "url": "https://github.com/facebook/mcrouter/releases/tag/v0.41.0-release" }, + { + "refsource": "CONFIRM", + "name": "https://www.facebook.com/security/advisories/cve-2019-11937", + "url": "https://www.facebook.com/security/advisories/cve-2019-11937" + }, { "refsource": "MISC", "name": "https://github.com/facebook/mcrouter/commit/97e033b3bb0cb16b61bf49f0dc7f311a3e0edd1b", @@ -75,4 +75,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17554.json b/2019/17xxx/CVE-2019-17554.json new file mode 100644 index 00000000000..8a49c88a6e6 --- /dev/null +++ b/2019/17xxx/CVE-2019-17554.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17554", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Olingo", + "version": { + "version_data": [ + { + "version_value": "4.0.0 to 4.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity resolution attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[olingo-user] 20191204 [SECURITY] CVE-2019-17554: XML External Entity resolution attack", + "url": "https://mail-archives.apache.org/mod_mbox/olingo-user/201912.mbox/%3CCAGSZ4d7Ty%3DL-n_iAzT6vcQp65BY29XZDS5tMoM8MdDrb1moM7A%40mail.gmail.com%3E" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type \"application/xml\", which trigger the deserialization of entities, can be used to trigger XXE attacks." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17556.json b/2019/17xxx/CVE-2019-17556.json new file mode 100644 index 00000000000..6bc0c946fdb --- /dev/null +++ b/2019/17xxx/CVE-2019-17556.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17556", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Olingo", + "version": { + "version_data": [ + { + "version_value": "4.0.0 to 4.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[olingo-user] 20191204 [SECURITY] CVE-2019-17556: Deserialization vulnerability", + "url": "https://mail-archives.apache.org/mod_mbox/olingo-user/201912.mbox/%3CCAGSZ4d4vbSYaVh3aUWAvcVHK2qcFxxCZd3WAx3xbwZXskPX8nw%40mail.gmail.com%3E" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19554.json b/2019/19xxx/CVE-2019-19554.json new file mode 100644 index 00000000000..600e5f8e46c --- /dev/null +++ b/2019/19xxx/CVE-2019-19554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19555.json b/2019/19xxx/CVE-2019-19555.json new file mode 100644 index 00000000000..7909160dabf --- /dev/null +++ b/2019/19xxx/CVE-2019-19555.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/mcj/tickets/55/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/mcj/tickets/55/" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19556.json b/2019/19xxx/CVE-2019-19556.json new file mode 100644 index 00000000000..faab3ed9264 --- /dev/null +++ b/2019/19xxx/CVE-2019-19556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19557.json b/2019/19xxx/CVE-2019-19557.json new file mode 100644 index 00000000000..5feaca25abb --- /dev/null +++ b/2019/19xxx/CVE-2019-19557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19558.json b/2019/19xxx/CVE-2019-19558.json new file mode 100644 index 00000000000..b55727c1c01 --- /dev/null +++ b/2019/19xxx/CVE-2019-19558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19559.json b/2019/19xxx/CVE-2019-19559.json new file mode 100644 index 00000000000..6a7e6fac490 --- /dev/null +++ b/2019/19xxx/CVE-2019-19559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19560.json b/2019/19xxx/CVE-2019-19560.json new file mode 100644 index 00000000000..075822c0cf2 --- /dev/null +++ b/2019/19xxx/CVE-2019-19560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19561.json b/2019/19xxx/CVE-2019-19561.json new file mode 100644 index 00000000000..0f69801f8c3 --- /dev/null +++ b/2019/19xxx/CVE-2019-19561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19562.json b/2019/19xxx/CVE-2019-19562.json new file mode 100644 index 00000000000..a695095d006 --- /dev/null +++ b/2019/19xxx/CVE-2019-19562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19563.json b/2019/19xxx/CVE-2019-19563.json new file mode 100644 index 00000000000..00b360dd2a7 --- /dev/null +++ b/2019/19xxx/CVE-2019-19563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19564.json b/2019/19xxx/CVE-2019-19564.json new file mode 100644 index 00000000000..67b70c456fe --- /dev/null +++ b/2019/19xxx/CVE-2019-19564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19565.json b/2019/19xxx/CVE-2019-19565.json new file mode 100644 index 00000000000..eb810fb602d --- /dev/null +++ b/2019/19xxx/CVE-2019-19565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19566.json b/2019/19xxx/CVE-2019-19566.json new file mode 100644 index 00000000000..3827a892581 --- /dev/null +++ b/2019/19xxx/CVE-2019-19566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19567.json b/2019/19xxx/CVE-2019-19567.json new file mode 100644 index 00000000000..0af3f6d8536 --- /dev/null +++ b/2019/19xxx/CVE-2019-19567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19568.json b/2019/19xxx/CVE-2019-19568.json new file mode 100644 index 00000000000..10cd6d69d84 --- /dev/null +++ b/2019/19xxx/CVE-2019-19568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19569.json b/2019/19xxx/CVE-2019-19569.json new file mode 100644 index 00000000000..64ccd52e718 --- /dev/null +++ b/2019/19xxx/CVE-2019-19569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19570.json b/2019/19xxx/CVE-2019-19570.json new file mode 100644 index 00000000000..89f6df2d321 --- /dev/null +++ b/2019/19xxx/CVE-2019-19570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19571.json b/2019/19xxx/CVE-2019-19571.json new file mode 100644 index 00000000000..ad3a0c17b1f --- /dev/null +++ b/2019/19xxx/CVE-2019-19571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19572.json b/2019/19xxx/CVE-2019-19572.json new file mode 100644 index 00000000000..b3586ee2008 --- /dev/null +++ b/2019/19xxx/CVE-2019-19572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19573.json b/2019/19xxx/CVE-2019-19573.json new file mode 100644 index 00000000000..a23b988ba68 --- /dev/null +++ b/2019/19xxx/CVE-2019-19573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19574.json b/2019/19xxx/CVE-2019-19574.json new file mode 100644 index 00000000000..aa34b182a44 --- /dev/null +++ b/2019/19xxx/CVE-2019-19574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19575.json b/2019/19xxx/CVE-2019-19575.json new file mode 100644 index 00000000000..c34a47255d7 --- /dev/null +++ b/2019/19xxx/CVE-2019-19575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7197.json b/2019/7xxx/CVE-2019-7197.json index 7155cc6c2c3..ac0ad32b132 100644 --- a/2019/7xxx/CVE-2019-7197.json +++ b/2019/7xxx/CVE-2019-7197.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7197", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7197", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NAS devices", + "version": { + "version_data": [ + { + "version_value": "QTS 4.4.1: before build 20190918, QTS 4.3.6: before build 20190919, QTS 4.3.4: before build 20190921, QTS 4.3.3: before build 20190921, QTS 4.2.6: before build 20190921" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-26", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-26" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version." } ] } diff --git a/2019/7xxx/CVE-2019-7201.json b/2019/7xxx/CVE-2019-7201.json index 78b652a8e5d..5647fff7d58 100644 --- a/2019/7xxx/CVE-2019-7201.json +++ b/2019/7xxx/CVE-2019-7201.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7201", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7201", + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNAP NetBak Replicator", + "version": { + "version_data": [ + { + "version_value": "Version 4.5.11.816 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unquoted Service Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201912-02", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201912-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unquoted service path vulnerability is reported to affect the service \u201cQVssService\u201d in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108." } ] }