From 32573ad07b977625746bafef22c881f18095b3b8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Oct 2019 19:01:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2010/4xxx/CVE-2010-4237.json | 65 +++++++++++++++++++++++++++-- 2011/0xxx/CVE-2011-0428.json | 53 ++++++++++++++++++++++- 2015/0xxx/CVE-2015-0008.json | 5 +++ 2015/0xxx/CVE-2015-0009.json | 5 +++ 2016/4xxx/CVE-2016-4289.json | 50 ++++++++++++++++++++-- 2018/0xxx/CVE-2018-0503.json | 5 +++ 2018/0xxx/CVE-2018-0504.json | 5 +++ 2018/0xxx/CVE-2018-0505.json | 5 +++ 2018/10xxx/CVE-2018-10727.json | 48 ++++++++++++++++++++- 2018/10xxx/CVE-2018-10902.json | 5 +++ 2018/11xxx/CVE-2018-11768.json | 10 +++++ 2018/15xxx/CVE-2018-15686.json | 5 +++ 2018/16xxx/CVE-2018-16866.json | 5 +++ 2018/19xxx/CVE-2018-19788.json | 5 +++ 2018/20xxx/CVE-2018-20856.json | 5 +++ 2019/1010xxx/CVE-2019-1010238.json | 5 +++ 2019/10xxx/CVE-2019-10743.json | 10 ++--- 2019/10xxx/CVE-2019-10749.json | 55 ++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11021.json | 17 +++++++- 2019/11xxx/CVE-2019-11810.json | 5 +++ 2019/12xxx/CVE-2019-12290.json | 5 +++ 2019/13xxx/CVE-2019-13066.json | 67 ++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14287.json | 5 +++ 2019/14xxx/CVE-2019-14823.json | 5 +++ 2019/15xxx/CVE-2019-15678.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15679.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15680.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15681.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15683.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15903.json | 5 +++ 2019/15xxx/CVE-2019-15929.json | 5 +++ 2019/16xxx/CVE-2019-16647.json | 67 ++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16662.json | 5 +++ 2019/18xxx/CVE-2019-18224.json | 5 +++ 2019/18xxx/CVE-2019-18608.json | 62 +++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18611.json | 67 ++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18612.json | 67 ++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18624.json | 67 ++++++++++++++++++++++++++++++ 2019/1xxx/CVE-2019-1125.json | 5 +++ 2019/3xxx/CVE-2019-3900.json | 5 +++ 2019/6xxx/CVE-2019-6841.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6842.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6843.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6844.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6845.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6846.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6847.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6848.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6849.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6850.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6851.json | 58 ++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8287.json | 58 ++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9506.json | 25 +++++++++++ 2019/9xxx/CVE-2019-9757.json | 53 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9758.json | 53 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9763.json | 12 +++++- 2019/9xxx/CVE-2019-9926.json | 61 ++++++++++++++++++++++++--- 57 files changed, 1906 insertions(+), 114 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13066.json create mode 100644 2019/15xxx/CVE-2019-15678.json create mode 100644 2019/15xxx/CVE-2019-15679.json create mode 100644 2019/15xxx/CVE-2019-15680.json create mode 100644 2019/15xxx/CVE-2019-15681.json create mode 100644 2019/15xxx/CVE-2019-15683.json create mode 100644 2019/16xxx/CVE-2019-16647.json create mode 100644 2019/18xxx/CVE-2019-18608.json create mode 100644 2019/18xxx/CVE-2019-18611.json create mode 100644 2019/18xxx/CVE-2019-18612.json create mode 100644 2019/18xxx/CVE-2019-18624.json diff --git a/2010/4xxx/CVE-2010-4237.json b/2010/4xxx/CVE-2010-4237.json index 266f0daab47..427597594db 100644 --- a/2010/4xxx/CVE-2010-4237.json +++ b/2010/4xxx/CVE-2010-4237.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@ubuntu.com", "ID": "CVE-2010-4237", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mercurial", + "product": { + "product_data": [ + { + "product_name": "mercurial", + "version": { + "version_data": [ + { + "version_value": "1.6.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4237", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4237" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841" + }, + { + "refsource": "CONFIRM", + "name": "https://bz.mercurial-scm.org/show_bug.cgi?id=2407", + "url": "https://bz.mercurial-scm.org/show_bug.cgi?id=2407" } ] } diff --git a/2011/0xxx/CVE-2011-0428.json b/2011/0xxx/CVE-2011-0428.json index cdaa12a5bc6..8ebc18df783 100644 --- a/2011/0xxx/CVE-2011-0428.json +++ b/2011/0xxx/CVE-2011-0428.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0428", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2011-0428", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2011-0428" + }, + { + "refsource": "CONFIRM", + "name": "https://ikiwiki.info/security/#index38h2", + "url": "https://ikiwiki.info/security/#index38h2" } ] } diff --git a/2015/0xxx/CVE-2015-0008.json b/2015/0xxx/CVE-2015-0008.json index 1217bbd31a3..1df654b3ff0 100644 --- a/2015/0xxx/CVE-2015-0008.json +++ b/2015/0xxx/CVE-2015-0008.json @@ -86,6 +86,11 @@ "name": "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/", "refsource": "MISC", "url": "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html" } ] } diff --git a/2015/0xxx/CVE-2015-0009.json b/2015/0xxx/CVE-2015-0009.json index 8d6f2e635fd..a43b66ac845 100644 --- a/2015/0xxx/CVE-2015-0009.json +++ b/2015/0xxx/CVE-2015-0009.json @@ -71,6 +71,11 @@ "name": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx", "refsource": "CONFIRM", "url": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155007/Microsoft-Windows-Server-2012-Group-Policy-Security-Feature-Bypass.html", + "url": "http://packetstormsecurity.com/files/155007/Microsoft-Windows-Server-2012-Group-Policy-Security-Feature-Bypass.html" } ] } diff --git a/2016/4xxx/CVE-2016-4289.json b/2016/4xxx/CVE-2016-4289.json index 4abc7c54b0c..a5e6684ff4f 100644 --- a/2016/4xxx/CVE-2016-4289.json +++ b/2016/4xxx/CVE-2016-4289.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-4289", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GMER", + "product": { + "product_data": [ + { + "product_name": "GMER", + "version": { + "version_data": [ + { + "version_value": "2.1.19357" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0127/", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0127/" } ] } diff --git a/2018/0xxx/CVE-2018-0503.json b/2018/0xxx/CVE-2018-0503.json index 6481e0237da..e45bf3a303f 100644 --- a/2018/0xxx/CVE-2018-0503.json +++ b/2018/0xxx/CVE-2018-0503.json @@ -78,6 +78,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3142", "url": "https://access.redhat.com/errata/RHSA-2019:3142" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3238", + "url": "https://access.redhat.com/errata/RHSA-2019:3238" } ] }, diff --git a/2018/0xxx/CVE-2018-0504.json b/2018/0xxx/CVE-2018-0504.json index 289b5e8fa39..8c58ac28614 100644 --- a/2018/0xxx/CVE-2018-0504.json +++ b/2018/0xxx/CVE-2018-0504.json @@ -73,6 +73,11 @@ "name": "DSA-4301", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4301" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3238", + "url": "https://access.redhat.com/errata/RHSA-2019:3238" } ] }, diff --git a/2018/0xxx/CVE-2018-0505.json b/2018/0xxx/CVE-2018-0505.json index 9a7febe5d51..d7746998f69 100644 --- a/2018/0xxx/CVE-2018-0505.json +++ b/2018/0xxx/CVE-2018-0505.json @@ -78,6 +78,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3142", "url": "https://access.redhat.com/errata/RHSA-2019:3142" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3238", + "url": "https://access.redhat.com/errata/RHSA-2019:3238" } ] }, diff --git a/2018/10xxx/CVE-2018-10727.json b/2018/10xxx/CVE-2018-10727.json index 5a9e9280a7d..84a42cbd3a2 100644 --- a/2018/10xxx/CVE-2018-10727.json +++ b/2018/10xxx/CVE-2018-10727.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10727", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Fabrik/fabrik/issues/2033", + "refsource": "MISC", + "name": "https://github.com/Fabrik/fabrik/issues/2033" } ] } diff --git a/2018/10xxx/CVE-2018-10902.json b/2018/10xxx/CVE-2018-10902.json index e01e3f042a3..e05feac26ef 100644 --- a/2018/10xxx/CVE-2018-10902.json +++ b/2018/10xxx/CVE-2018-10902.json @@ -146,6 +146,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:0641", "url": "https://access.redhat.com/errata/RHSA-2019:0641" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3217", + "url": "https://access.redhat.com/errata/RHSA-2019:3217" } ] } diff --git a/2018/11xxx/CVE-2018-11768.json b/2018/11xxx/CVE-2018-11768.json index 1e4070a8053..525792bc1b7 100644 --- a/2018/11xxx/CVE-2018-11768.json +++ b/2018/11xxx/CVE-2018-11768.json @@ -68,6 +68,16 @@ "refsource": "MLIST", "name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption", "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr", + "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr", + "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E" } ] }, diff --git a/2018/15xxx/CVE-2018-15686.json b/2018/15xxx/CVE-2018-15686.json index 309f5332d68..93deb82b887 100644 --- a/2018/15xxx/CVE-2018-15686.json +++ b/2018/15xxx/CVE-2018-15686.json @@ -111,6 +111,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2091", "url": "https://access.redhat.com/errata/RHSA-2019:2091" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3222", + "url": "https://access.redhat.com/errata/RHSA-2019:3222" } ] }, diff --git a/2018/16xxx/CVE-2018-16866.json b/2018/16xxx/CVE-2018-16866.json index 52c78b3a8ea..6c03e941927 100644 --- a/2018/16xxx/CVE-2018-16866.json +++ b/2018/16xxx/CVE-2018-16866.json @@ -129,6 +129,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2091", "url": "https://access.redhat.com/errata/RHSA-2019:2091" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3222", + "url": "https://access.redhat.com/errata/RHSA-2019:3222" } ] } diff --git a/2018/19xxx/CVE-2018-19788.json b/2018/19xxx/CVE-2018-19788.json index 14e5427ac08..8a102a6cdbd 100644 --- a/2018/19xxx/CVE-2018-19788.json +++ b/2018/19xxx/CVE-2018-19788.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201908-14", "url": "https://security.gentoo.org/glsa/201908-14" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3232", + "url": "https://access.redhat.com/errata/RHSA-2019:3232" } ] } diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json index a5fbd1cf79b..36829ac0735 100644 --- a/2018/20xxx/CVE-2018-20856.json +++ b/2018/20xxx/CVE-2018-20856.json @@ -141,6 +141,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3217", + "url": "https://access.redhat.com/errata/RHSA-2019:3217" } ] } diff --git a/2019/1010xxx/CVE-2019-1010238.json b/2019/1010xxx/CVE-2019-1010238.json index e7458996eca..575efb9998f 100644 --- a/2019/1010xxx/CVE-2019-1010238.json +++ b/2019/1010xxx/CVE-2019-1010238.json @@ -106,6 +106,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:2824", "url": "https://access.redhat.com/errata/RHBA-2019:2824" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3234", + "url": "https://access.redhat.com/errata/RHSA-2019:3234" } ] } diff --git a/2019/10xxx/CVE-2019-10743.json b/2019/10xxx/CVE-2019-10743.json index acac1a95afb..78dfc1f5c94 100644 --- a/2019/10xxx/CVE-2019-10743.json +++ b/2019/10xxx/CVE-2019-10743.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "github.com/mholt/archiver/cmd/arc", + "product_name": "archiver", "version": { "version_data": [ { - "version_value": "versions 3.0.0 and later" + "version_value": "All versions" } ] } @@ -56,8 +56,8 @@ }, { "refsource": "MISC", - "name": "https://github.com/mholt/archiver/pull/169,", - "url": "https://github.com/mholt/archiver/pull/169," + "name": "https://github.com/mholt/archiver/pull/169", + "url": "https://github.com/mholt/archiver/pull/169" } ] }, @@ -65,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip). The package is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder." + "value": "All versions of archiver allow attacker to perform a Zip Slip attack via the \"unarchive\" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a \"../../file.exe\" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily." } ] } diff --git a/2019/10xxx/CVE-2019-10749.json b/2019/10xxx/CVE-2019-10749.json index 0abb44c8173..c9e03a14b02 100644 --- a/2019/10xxx/CVE-2019-10749.json +++ b/2019/10xxx/CVE-2019-10749.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "sequelize", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version\u00a03.35.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222", + "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222" + }, + { + "refsource": "MISC", + "name": "https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68", + "url": "https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect." } ] } diff --git a/2019/11xxx/CVE-2019-11021.json b/2019/11xxx/CVE-2019-11021.json index bd48d15953c..c28a100be5f 100644 --- a/2019/11xxx/CVE-2019-11021.json +++ b/2019/11xxx/CVE-2019-11021.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution." + "value": "** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: \"While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.\"" } ] }, @@ -61,6 +61,21 @@ "refsource": "MISC", "name": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/", "url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/" + }, + { + "refsource": "MISC", + "name": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021", + "url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.144129", + "url": "https://vuldb.com/?id.144129" + }, + { + "refsource": "MISC", + "name": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html", + "url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html" } ] } diff --git a/2019/11xxx/CVE-2019-11810.json b/2019/11xxx/CVE-2019-11810.json index 599d10c70db..3f62feae9f9 100644 --- a/2019/11xxx/CVE-2019-11810.json +++ b/2019/11xxx/CVE-2019-11810.json @@ -151,6 +151,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2837", "url": "https://access.redhat.com/errata/RHSA-2019:2837" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3217", + "url": "https://access.redhat.com/errata/RHSA-2019:3217" } ] } diff --git a/2019/12xxx/CVE-2019-12290.json b/2019/12xxx/CVE-2019-12290.json index 97c10d886ee..4cf0ee2798d 100644 --- a/2019/12xxx/CVE-2019-12290.json +++ b/2019/12xxx/CVE-2019-12290.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de", "url": "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de" + }, + { + "refsource": "UBUNTU", + "name": "USN-4168-1", + "url": "https://usn.ubuntu.com/4168-1/" } ] } diff --git a/2019/13xxx/CVE-2019-13066.json b/2019/13xxx/CVE-2019-13066.json new file mode 100644 index 00000000000..18d1a4d54ad --- /dev/null +++ b/2019/13xxx/CVE-2019-13066.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sahipro.com/downloads-archive/", + "refsource": "MISC", + "name": "https://sahipro.com/downloads-archive/" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/154985/Sahi-Pro-8.x-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/154985/Sahi-Pro-8.x-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14287.json b/2019/14xxx/CVE-2019-14287.json index 8bd50d9845f..fe3535c6695 100644 --- a/2019/14xxx/CVE-2019-14287.json +++ b/2019/14xxx/CVE-2019-14287.json @@ -151,6 +151,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3209", "url": "https://access.redhat.com/errata/RHSA-2019:3209" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3219", + "url": "https://access.redhat.com/errata/RHSA-2019:3219" } ] } diff --git a/2019/14xxx/CVE-2019-14823.json b/2019/14xxx/CVE-2019-14823.json index 512b79f620d..5193ddb4f33 100644 --- a/2019/14xxx/CVE-2019-14823.json +++ b/2019/14xxx/CVE-2019-14823.json @@ -74,6 +74,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-24a0a2f24e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3225", + "url": "https://access.redhat.com/errata/RHSA-2019:3225" } ] }, diff --git a/2019/15xxx/CVE-2019-15678.json b/2019/15xxx/CVE-2019-15678.json new file mode 100644 index 00000000000..fefc2a53be7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15678.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15678", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TightVNC", + "version": { + "version_data": [ + { + "version_value": "1.3.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", + "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15679.json b/2019/15xxx/CVE-2019-15679.json new file mode 100644 index 00000000000..033e5c7a419 --- /dev/null +++ b/2019/15xxx/CVE-2019-15679.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15679", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TightVNC", + "version": { + "version_data": [ + { + "version_value": "1.3.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", + "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15680.json b/2019/15xxx/CVE-2019-15680.json new file mode 100644 index 00000000000..c400ccf6d54 --- /dev/null +++ b/2019/15xxx/CVE-2019-15680.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15680", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TightVNC", + "version": { + "version_data": [ + { + "version_value": "1.3.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", + "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15681.json b/2019/15xxx/CVE-2019-15681.json new file mode 100644 index 00000000000..b0383a2872e --- /dev/null +++ b/2019/15xxx/CVE-2019-15681.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15681", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "LibVNC", + "version": { + "version_data": [ + { + "version_value": "0.9.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-665: Improper Initialization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a", + "url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15683.json b/2019/15xxx/CVE-2019-15683.json new file mode 100644 index 00000000000..26431245912 --- /dev/null +++ b/2019/15xxx/CVE-2019-15683.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15683", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TurboVNC", + "version": { + "version_data": [ + { + "version_value": "commit prior to cea98166008301e614e0d36776bf9435a536136e" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e", + "url": "https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index 0013383aaff..93c17828d5f 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -161,6 +161,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3210", "url": "https://access.redhat.com/errata/RHSA-2019:3210" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3237", + "url": "https://access.redhat.com/errata/RHSA-2019:3237" } ] } diff --git a/2019/15xxx/CVE-2019-15929.json b/2019/15xxx/CVE-2019-15929.json index d8a7c18fc4f..9c9f6eaf82d 100644 --- a/2019/15xxx/CVE-2019-15929.json +++ b/2019/15xxx/CVE-2019-15929.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31", "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html", + "url": "http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html" } ] } diff --git a/2019/16xxx/CVE-2019-16647.json b/2019/16xxx/CVE-2019-16647.json new file mode 100644 index 00000000000..f05c958d009 --- /dev/null +++ b/2019/16xxx/CVE-2019-16647.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://forum.maxthon.com/index.php?/topic/24472-unquoted-search-path-and-potential-abuses/", + "url": "http://forum.maxthon.com/index.php?/topic/24472-unquoted-search-path-and-potential-abuses/" + }, + { + "refsource": "MISC", + "name": "https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647", + "url": "https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16662.json b/2019/16xxx/CVE-2019-16662.json index a64a2b1e23e..6fd57306477 100644 --- a/2019/16xxx/CVE-2019-16662.json +++ b/2019/16xxx/CVE-2019-16662.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/", "url": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html" } ] } diff --git a/2019/18xxx/CVE-2019-18224.json b/2019/18xxx/CVE-2019-18224.json index f9deb6781f3..63de51da10e 100644 --- a/2019/18xxx/CVE-2019-18224.json +++ b/2019/18xxx/CVE-2019-18224.json @@ -66,6 +66,11 @@ "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420", "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420" + }, + { + "refsource": "UBUNTU", + "name": "USN-4168-1", + "url": "https://usn.ubuntu.com/4168-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18608.json b/2019/18xxx/CVE-2019-18608.json new file mode 100644 index 00000000000..52457e7a7cf --- /dev/null +++ b/2019/18xxx/CVE-2019-18608.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cl0udz/vulnerabilities/blob/master/cezerin-manipulate_order_information/README.md", + "refsource": "MISC", + "name": "https://github.com/cl0udz/vulnerabilities/blob/master/cezerin-manipulate_order_information/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18611.json b/2019/18xxx/CVE-2019-18611.json new file mode 100644 index 00000000000..220c12e0ef6 --- /dev/null +++ b/2019/18xxx/CVE-2019-18611.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T234862", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T234862" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18612.json b/2019/18xxx/CVE-2019-18612.json new file mode 100644 index 00000000000..2f28be330c2 --- /dev/null +++ b/2019/18xxx/CVE-2019-18612.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T104807", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T104807" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18624.json b/2019/18xxx/CVE-2019-18624.json new file mode 100644 index 00000000000..8b451524e29 --- /dev/null +++ b/2019/18xxx/CVE-2019-18624.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@YoKoKho/illegal-rendered-at-download-feature-in-opera-mini-that-lead-to-extension-manipulation-with-rtlo-685bf2d77d51", + "refsource": "MISC", + "name": "https://medium.com/@YoKoKho/illegal-rendered-at-download-feature-in-opera-mini-that-lead-to-extension-manipulation-with-rtlo-685bf2d77d51" + }, + { + "url": "http://firstsight.me/2019/10/illegal-rendered-at-download-feature-in-several-apps-including-opera-mini-that-lead-to-extension-manipulation-with-rtlo/", + "refsource": "MISC", + "name": "http://firstsight.me/2019/10/illegal-rendered-at-download-feature-in-several-apps-including-opera-mini-that-lead-to-extension-manipulation-with-rtlo/" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1125.json b/2019/1xxx/CVE-2019-1125.json index 119c5ae631e..c774d4b8bca 100644 --- a/2019/1xxx/CVE-2019-1125.json +++ b/2019/1xxx/CVE-2019-1125.json @@ -266,6 +266,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:2824", "url": "https://access.redhat.com/errata/RHBA-2019:2824" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3220", + "url": "https://access.redhat.com/errata/RHSA-2019:3220" } ] } diff --git a/2019/3xxx/CVE-2019-3900.json b/2019/3xxx/CVE-2019-3900.json index de0cff8d0d7..cdef2ac77f5 100644 --- a/2019/3xxx/CVE-2019-3900.json +++ b/2019/3xxx/CVE-2019-3900.json @@ -138,6 +138,11 @@ "refsource": "UBUNTU", "name": "USN-4118-1", "url": "https://usn.ubuntu.com/4118-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3220", + "url": "https://access.redhat.com/errata/RHSA-2019:3220" } ] }, diff --git a/2019/6xxx/CVE-2019-6841.json b/2019/6xxx/CVE-2019-6841.json index 872ceaad721..5fbf7f9f357 100644 --- a/2019/6xxx/CVE-2019-6841.json +++ b/2019/6xxx/CVE-2019-6841.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6841", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6841", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol." } ] } diff --git a/2019/6xxx/CVE-2019-6842.json b/2019/6xxx/CVE-2019-6842.json index 3db05dcfe52..95e76a5e8de 100644 --- a/2019/6xxx/CVE-2019-6842.json +++ b/2019/6xxx/CVE-2019-6842.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6842", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6842", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol." } ] } diff --git a/2019/6xxx/CVE-2019-6843.json b/2019/6xxx/CVE-2019-6843.json index 1d74b77b2fc..50c3166ab22 100644 --- a/2019/6xxx/CVE-2019-6843.json +++ b/2019/6xxx/CVE-2019-6843.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6843", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6843", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol." } ] } diff --git a/2019/6xxx/CVE-2019-6844.json b/2019/6xxx/CVE-2019-6844.json index b609118e403..974291de1bd 100644 --- a/2019/6xxx/CVE-2019-6844.json +++ b/2019/6xxx/CVE-2019-6844.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6844", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6844", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol." } ] } diff --git a/2019/6xxx/CVE-2019-6845.json b/2019/6xxx/CVE-2019-6845.json index cc5efac2233..0adda7e6bee 100644 --- a/2019/6xxx/CVE-2019-6845.json +++ b/2019/6xxx/CVE-2019-6845.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6845", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6845", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol." } ] } diff --git a/2019/6xxx/CVE-2019-6846.json b/2019/6xxx/CVE-2019-6846.json index b3f25c0da2b..c2b3364d0d4 100644 --- a/2019/6xxx/CVE-2019-6846.json +++ b/2019/6xxx/CVE-2019-6846.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6846", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6846", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol." } ] } diff --git a/2019/6xxx/CVE-2019-6847.json b/2019/6xxx/CVE-2019-6847.json index 7f123547230..9c7696955d4 100644 --- a/2019/6xxx/CVE-2019-6847.json +++ b/2019/6xxx/CVE-2019-6847.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6847", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6847", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol." } ] } diff --git a/2019/6xxx/CVE-2019-6848.json b/2019/6xxx/CVE-2019-6848.json index 2f420826095..653418dde8a 100644 --- a/2019/6xxx/CVE-2019-6848.json +++ b/2019/6xxx/CVE-2019-6848.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6848", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6848", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module." } ] } diff --git a/2019/6xxx/CVE-2019-6849.json b/2019/6xxx/CVE-2019-6849.json index 058f6fc0afb..3765af764bc 100644 --- a/2019/6xxx/CVE-2019-6849.json +++ b/2019/6xxx/CVE-2019-6849.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6849", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6849", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module." } ] } diff --git a/2019/6xxx/CVE-2019-6850.json b/2019/6xxx/CVE-2019-6850.json index 8c7806237ab..ff2b31d2891 100644 --- a/2019/6xxx/CVE-2019-6850.json +++ b/2019/6xxx/CVE-2019-6850.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6850", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module." } ] } diff --git a/2019/6xxx/CVE-2019-6851.json b/2019/6xxx/CVE-2019-6851.json index 144c71da7aa..1f8149897ad 100644 --- a/2019/6xxx/CVE-2019-6851.json +++ b/2019/6xxx/CVE-2019-6851.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6851", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6851", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-538: File and Directory Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01", + "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol." } ] } diff --git a/2019/8xxx/CVE-2019-8287.json b/2019/8xxx/CVE-2019-8287.json index 46d303c298e..06c66d3b4fc 100644 --- a/2019/8xxx/CVE-2019-8287.json +++ b/2019/8xxx/CVE-2019-8287.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8287", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8287", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kaspersky", + "product": { + "product_data": [ + { + "product_name": "TightVNC", + "version": { + "version_data": [ + { + "version_value": "1.3.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20181210 libvnc and tightvnc vulnerabilities", + "url": "https://www.openwall.com/lists/oss-security/2018/12/10/5" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity." } ] } diff --git a/2019/9xxx/CVE-2019-9506.json b/2019/9xxx/CVE-2019-9506.json index 1b39b4fe7e9..768512cbf92 100644 --- a/2019/9xxx/CVE-2019-9506.json +++ b/2019/9xxx/CVE-2019-9506.json @@ -192,6 +192,31 @@ "refsource": "REDHAT", "name": "RHSA-2019:3187", "url": "https://access.redhat.com/errata/RHSA-2019:3187" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3165", + "url": "https://access.redhat.com/errata/RHSA-2019:3165" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3217", + "url": "https://access.redhat.com/errata/RHSA-2019:3217" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3220", + "url": "https://access.redhat.com/errata/RHSA-2019:3220" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3231", + "url": "https://access.redhat.com/errata/RHSA-2019:3231" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3218", + "url": "https://access.redhat.com/errata/RHSA-2019:3218" } ] }, diff --git a/2019/9xxx/CVE-2019-9757.json b/2019/9xxx/CVE-2019-9757.json index 108f9b743cc..4d0ab4dbb5d 100644 --- a/2019/9xxx/CVE-2019-9757.json +++ b/2019/9xxx/CVE-2019-9757.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9757", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9757", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9757" + }, + { + "refsource": "MISC", + "name": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce", + "url": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce" } ] } diff --git a/2019/9xxx/CVE-2019-9758.json b/2019/9xxx/CVE-2019-9758.json index 742667fb696..e370c6c6c22 100644 --- a/2019/9xxx/CVE-2019-9758.json +++ b/2019/9xxx/CVE-2019-9758.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9758", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce", + "url": "https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9758", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9758" } ] } diff --git a/2019/9xxx/CVE-2019-9763.json b/2019/9xxx/CVE-2019-9763.json index 119153a182e..8410c721e28 100644 --- a/2019/9xxx/CVE-2019-9763.json +++ b/2019/9xxx/CVE-2019-9763.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Openfind Mail2000 v6 Webmail. XSS can occur via an '