diff --git a/2018/17xxx/CVE-2018-17790.json b/2018/17xxx/CVE-2018-17790.json index a98cba7bf7c..33213e0b8fa 100644 --- a/2018/17xxx/CVE-2018-17790.json +++ b/2018/17xxx/CVE-2018-17790.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154001/Master-Data-Online-2.0-Cross-Site-Scripting.html", "url": "http://packetstormsecurity.com/files/154001/Master-Data-Online-2.0-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2018-17790", + "url": "https://packetstormsecurity.com/files/cve/CVE-2018-17790" } ] } diff --git a/2018/17xxx/CVE-2018-17791.json b/2018/17xxx/CVE-2018-17791.json index 82d1fef671c..b318118c410 100644 --- a/2018/17xxx/CVE-2018-17791.json +++ b/2018/17xxx/CVE-2018-17791.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154061/OmniDoc-7.0-Input-Validation.html", "url": "http://packetstormsecurity.com/files/154061/OmniDoc-7.0-Input-Validation.html" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2018-17791", + "url": "https://packetstormsecurity.com/files/cve/CVE-2018-17791" } ] } diff --git a/2018/17xxx/CVE-2018-17792.json b/2018/17xxx/CVE-2018-17792.json index fc117f14809..1649d8f49d8 100644 --- a/2018/17xxx/CVE-2018-17792.json +++ b/2018/17xxx/CVE-2018-17792.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153686/WorldClient-14-Cross-Site-Request-Forgery.html", "url": "http://packetstormsecurity.com/files/153686/WorldClient-14-Cross-Site-Request-Forgery.html" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2018-17792", + "url": "https://packetstormsecurity.com/files/cve/CVE-2018-17792" } ] } diff --git a/2019/11xxx/CVE-2019-11466.json b/2019/11xxx/CVE-2019-11466.json index 08b11b8106b..af2234dd42c 100644 --- a/2019/11xxx/CVE-2019-11466.json +++ b/2019/11xxx/CVE-2019-11466.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit." + "value": "In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access." } ] }, diff --git a/2019/11xxx/CVE-2019-11495.json b/2019/11xxx/CVE-2019-11495.json index 08c0d2bdfdd..f07b148a486 100644 --- a/2019/11xxx/CVE-2019-11495.json +++ b/2019/11xxx/CVE-2019-11495.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by a single 16-character password. Unfortunately, this password is not generated securely due to an insufficient random seed, and can be reasonably brute-forced by an attacker to execute code against a remote system." + "value": "In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0." } ] }, diff --git a/2019/12xxx/CVE-2019-12562.json b/2019/12xxx/CVE-2019-12562.json index 24637cd926c..2e122fad7b0 100644 --- a/2019/12xxx/CVE-2019-12562.json +++ b/2019/12xxx/CVE-2019-12562.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12562", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12562", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) is possible in DNN (formerly DotNetNuke) before 9.4.0 by remote authenticated users via the Display Name field in the admin notification function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/", + "url": "https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/" } ] } diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index acc9c55953d..be3a9fbde23 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" } ] } diff --git a/2019/14xxx/CVE-2019-14994.json b/2019/14xxx/CVE-2019-14994.json index bd2599886b7..1ba3589e5a6 100644 --- a/2019/14xxx/CVE-2019-14994.json +++ b/2019/14xxx/CVE-2019-14994.json @@ -107,6 +107,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html", "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html" + }, + { + "refsource": "MISC", + "name": "https://samcurry.net/analysis-of-cve-2019-14994/", + "url": "https://samcurry.net/analysis-of-cve-2019-14994/" } ] } diff --git a/2019/15xxx/CVE-2019-15846.json b/2019/15xxx/CVE-2019-15846.json index 3724328c17a..830d341d9e7 100644 --- a/2019/15xxx/CVE-2019-15846.json +++ b/2019/15xxx/CVE-2019-15846.json @@ -161,6 +161,11 @@ "refsource": "UBUNTU", "name": "USN-4124-2", "url": "https://usn.ubuntu.com/4124-2/" + }, + { + "refsource": "MISC", + "name": "https://exim.org/static/doc/security/CVE-2019-15846.txt", + "url": "https://exim.org/static/doc/security/CVE-2019-15846.txt" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index 000ccf8d294..f1da70f55a3 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540", + "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" } ] } diff --git a/2019/16xxx/CVE-2019-16532.json b/2019/16xxx/CVE-2019-16532.json index 1c76721ff28..7f82a180c7d 100644 --- a/2019/16xxx/CVE-2019-16532.json +++ b/2019/16xxx/CVE-2019-16532.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://www.yzmcms.com/", - "refsource": "MISC", - "name": "http://www.yzmcms.com/" - }, { "refsource": "EXPLOIT-DB", "name": "Exploit Database", diff --git a/2019/3xxx/CVE-2019-3855.json b/2019/3xxx/CVE-2019-3855.json index cfbbffbfed9..fa6de288e20 100644 --- a/2019/3xxx/CVE-2019-3855.json +++ b/2019/3xxx/CVE-2019-3855.json @@ -166,6 +166,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2399", "url": "https://access.redhat.com/errata/RHSA-2019:2399" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210609", + "url": "https://support.apple.com/kb/HT210609" } ] }, diff --git a/2019/9xxx/CVE-2019-9512.json b/2019/9xxx/CVE-2019-9512.json index 6d3087653fb..c4d3556e5f2 100644 --- a/2019/9xxx/CVE-2019-9512.json +++ b/2019/9xxx/CVE-2019-9512.json @@ -268,6 +268,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2796", "url": "https://access.redhat.com/errata/RHSA-2019:2796" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2861", + "url": "https://access.redhat.com/errata/RHSA-2019:2861" } ] }, diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index 5463e581867..6417f0827bc 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -268,6 +268,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2796", "url": "https://access.redhat.com/errata/RHSA-2019:2796" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2861", + "url": "https://access.redhat.com/errata/RHSA-2019:2861" } ] }, diff --git a/2019/9xxx/CVE-2019-9515.json b/2019/9xxx/CVE-2019-9515.json index 9eafc45bb72..f700485fe36 100644 --- a/2019/9xxx/CVE-2019-9515.json +++ b/2019/9xxx/CVE-2019-9515.json @@ -183,6 +183,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2796", "url": "https://access.redhat.com/errata/RHSA-2019:2796" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2861", + "url": "https://access.redhat.com/errata/RHSA-2019:2861" } ] },