"-Synchronized-Data."

2025-05-06 02:32:02 +00:00 · 2019-09-26 20:00:57 +00:00 · 2019-09-26 20:00:57 +00:00 · 3418353b32
commit 3418353b32
parent b0cc52081e
15 changed files with 107 additions and 13 deletions
--- a/2018/17xxx/CVE-2018-17790.json
+++ b/2018/17xxx/CVE-2018-17790.json
@ -56,6 +56,11 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/154001/Master-Data-Online-2.0-Cross-Site-Scripting.html",
                "url": "http://packetstormsecurity.com/files/154001/Master-Data-Online-2.0-Cross-Site-Scripting.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://packetstormsecurity.com/files/cve/CVE-2018-17790",
+                "url": "https://packetstormsecurity.com/files/cve/CVE-2018-17790"
            }
        ]
    }
--- a/2018/17xxx/CVE-2018-17791.json
+++ b/2018/17xxx/CVE-2018-17791.json
@ -56,6 +56,11 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/154061/OmniDoc-7.0-Input-Validation.html",
                "url": "http://packetstormsecurity.com/files/154061/OmniDoc-7.0-Input-Validation.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://packetstormsecurity.com/files/cve/CVE-2018-17791",
+                "url": "https://packetstormsecurity.com/files/cve/CVE-2018-17791"
            }
        ]
    }
--- a/2018/17xxx/CVE-2018-17792.json
+++ b/2018/17xxx/CVE-2018-17792.json
@ -61,6 +61,11 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/153686/WorldClient-14-Cross-Site-Request-Forgery.html",
                "url": "http://packetstormsecurity.com/files/153686/WorldClient-14-Cross-Site-Request-Forgery.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://packetstormsecurity.com/files/cve/CVE-2018-17792",
+                "url": "https://packetstormsecurity.com/files/cve/CVE-2018-17792"
            }
        ]
    }
--- a/2019/11xxx/CVE-2019-11466.json
+++ b/2019/11xxx/CVE-2019-11466.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit."
+                "value": "In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access."
            }
        ]
    },
--- a/2019/11xxx/CVE-2019-11495.json
+++ b/2019/11xxx/CVE-2019-11495.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by a single 16-character password. Unfortunately, this password is not generated securely due to an insufficient random seed, and can be reasonably brute-forced by an attacker to execute code against a remote system."
+                "value": "In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0."
            }
        ]
    },
--- a/2019/12xxx/CVE-2019-12562.json
+++ b/2019/12xxx/CVE-2019-12562.json
@ -1,17 +1,61 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2019-12562",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2019-12562",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Cross-site scripting (XSS) is possible in DNN (formerly DotNetNuke) before 9.4.0 by remote authenticated users via the Display Name field in the admin notification function."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/",
+                "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/"
            }
        ]
    }
--- a/2019/14xxx/CVE-2019-14540.json
+++ b/2019/14xxx/CVE-2019-14540.json
@ -91,6 +91,11 @@
                "refsource": "MLIST",
                "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
                "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
+                "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E"
            }
        ]
    }
--- a/2019/14xxx/CVE-2019-14994.json
+++ b/2019/14xxx/CVE-2019-14994.json
@ -107,6 +107,11 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html",
                "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://samcurry.net/analysis-of-cve-2019-14994/",
+                "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
            }
        ]
    }
--- a/2019/15xxx/CVE-2019-15846.json
+++ b/2019/15xxx/CVE-2019-15846.json
@ -161,6 +161,11 @@
                "refsource": "UBUNTU",
                "name": "USN-4124-2",
                "url": "https://usn.ubuntu.com/4124-2/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://exim.org/static/doc/security/CVE-2019-15846.txt",
+                "url": "https://exim.org/static/doc/security/CVE-2019-15846.txt"
            }
        ]
    }
--- a/2019/16xxx/CVE-2019-16335.json
+++ b/2019/16xxx/CVE-2019-16335.json
@ -76,6 +76,11 @@
                "refsource": "MLIST",
                "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
                "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
+                "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E"
            }
        ]
    }
--- a/2019/16xxx/CVE-2019-16532.json
+++ b/2019/16xxx/CVE-2019-16532.json
@ -52,11 +52,6 @@
    },
    "references": {
        "reference_data": [
-            {
-                "url": "http://www.yzmcms.com/",
-                "refsource": "MISC",
-                "name": "http://www.yzmcms.com/"
-            },
            {
                "refsource": "EXPLOIT-DB",
                "name": "Exploit Database",
--- a/2019/3xxx/CVE-2019-3855.json
+++ b/2019/3xxx/CVE-2019-3855.json
@ -166,6 +166,11 @@
                "refsource": "REDHAT",
                "name": "RHSA-2019:2399",
                "url": "https://access.redhat.com/errata/RHSA-2019:2399"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://support.apple.com/kb/HT210609",
+                "url": "https://support.apple.com/kb/HT210609"
            }
        ]
    },
--- a/2019/9xxx/CVE-2019-9512.json
+++ b/2019/9xxx/CVE-2019-9512.json
@ -268,6 +268,11 @@
                "refsource": "REDHAT",
                "name": "RHSA-2019:2796",
                "url": "https://access.redhat.com/errata/RHSA-2019:2796"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:2861",
+                "url": "https://access.redhat.com/errata/RHSA-2019:2861"
            }
        ]
    },
--- a/2019/9xxx/CVE-2019-9514.json
+++ b/2019/9xxx/CVE-2019-9514.json
@ -268,6 +268,11 @@
                "refsource": "REDHAT",
                "name": "RHSA-2019:2796",
                "url": "https://access.redhat.com/errata/RHSA-2019:2796"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:2861",
+                "url": "https://access.redhat.com/errata/RHSA-2019:2861"
            }
        ]
    },
--- a/2019/9xxx/CVE-2019-9515.json
+++ b/2019/9xxx/CVE-2019-9515.json
@ -183,6 +183,11 @@
                "refsource": "REDHAT",
                "name": "RHSA-2019:2796",
                "url": "https://access.redhat.com/errata/RHSA-2019:2796"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:2861",
+                "url": "https://access.redhat.com/errata/RHSA-2019:2861"
            }
        ]
    },