diff --git a/2018/7xxx/CVE-2018-7073.json b/2018/7xxx/CVE-2018-7073.json index afa713c94e9..85a273d7a9e 100644 --- a/2018/7xxx/CVE-2018-7073.json +++ b/2018/7xxx/CVE-2018-7073.json @@ -61,11 +61,6 @@ "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03843en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03843en_us" - }, - { - "name": "USN-3590-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3590-1/" } ] } diff --git a/2019/11xxx/CVE-2019-11535.json b/2019/11xxx/CVE-2019-11535.json index 9efa0956baa..97ee1353fb0 100644 --- a/2019/11xxx/CVE-2019-11535.json +++ b/2019/11xxx/CVE-2019-11535.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11535", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11535", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt", + "url": "http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt" } ] } diff --git a/2019/12xxx/CVE-2019-12102.json b/2019/12xxx/CVE-2019-12102.json index 03e67666263..eb4a67e0a4e 100644 --- a/2019/12xxx/CVE-2019-12102.json +++ b/2019/12xxx/CVE-2019-12102.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI." + "value": "** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions correctly. The vendor states that by default all users can read/modify/upload files, and it\u2019s up to the administrator to decide who should have access to the media library and set the permissions accordingly. See the vendor documentation in the references for more information." } ] }, @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/Gr4y21/My-CVE-IDs/blob/master/Kentico%20CMS%20Unauthenticated%20File%20Upload%20and%20File%20Exposure", "url": "https://github.com/Gr4y21/My-CVE-IDs/blob/master/Kentico%20CMS%20Unauthenticated%20File%20Upload%20and%20File%20Exposure" + }, + { + "refsource": "MISC", + "name": "https://docs.kentico.com/k12/configuring-kentico/configuring-the-environment-for-content-editors/configuring-media-libraries/assigning-permissions-to-media-libraries", + "url": "https://docs.kentico.com/k12/configuring-kentico/configuring-the-environment-for-content-editors/configuring-media-libraries/assigning-permissions-to-media-libraries" } ] } diff --git a/2019/12xxx/CVE-2019-12876.json b/2019/12xxx/CVE-2019-12876.json index 201fd6d8a8e..6430dcb6111 100644 --- a/2019/12xxx/CVE-2019-12876.json +++ b/2019/12xxx/CVE-2019-12876.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12876", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12876", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/", + "url": "https://www.criticalstart.com/2019/07/manageengine-privilege-escalation/" } ] } diff --git a/2019/13xxx/CVE-2019-13447.json b/2019/13xxx/CVE-2019-13447.json new file mode 100644 index 00000000000..03b5b3b8776 --- /dev/null +++ b/2019/13xxx/CVE-2019-13447.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cyberoo.com/2019/07/16/cyberoo-identifica-vulnerabilita-0day/", + "url": "https://cyberoo.com/2019/07/16/cyberoo-identifica-vulnerabilita-0day/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13448.json b/2019/13xxx/CVE-2019-13448.json new file mode 100644 index 00000000000..be631be85af --- /dev/null +++ b/2019/13xxx/CVE-2019-13448.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cyberoo.com/2019/07/16/cyberoo-identifica-vulnerabilita-0day/", + "url": "https://cyberoo.com/2019/07/16/cyberoo-identifica-vulnerabilita-0day/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13493.json b/2019/13xxx/CVE-2019-13493.json new file mode 100644 index 00000000000..bd5490f5d94 --- /dev/null +++ b/2019/13xxx/CVE-2019-13493.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153613/Sitecore-9.0-Rev-171002-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/153613/Sitecore-9.0-Rev-171002-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13577.json b/2019/13xxx/CVE-2019-13577.json new file mode 100644 index 00000000000..4b8f75226f3 --- /dev/null +++ b/2019/13xxx/CVE-2019-13577.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://hyp3rlinx.altervista.org", + "refsource": "MISC", + "name": "http://hyp3rlinx.altervista.org" + }, + { + "refsource": "FULLDISC", + "name": "20190716 CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day", + "url": "http://seclists.org/fulldisclosure/2019/Jul/17" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13619.json b/2019/13xxx/CVE-2019-13619.json new file mode 100644 index 00000000000..8744845bf47 --- /dev/null +++ b/2019/13xxx/CVE-2019-13619.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870", + "refsource": "MISC", + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870" + }, + { + "url": "https://www.wireshark.org/security/wnpa-sec-2019-20.html", + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2019-20.html" + }, + { + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9", + "refsource": "MISC", + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9187.json b/2019/9xxx/CVE-2019-9187.json index 11cd87695ed..24237d2c096 100644 --- a/2019/9xxx/CVE-2019-9187.json +++ b/2019/9xxx/CVE-2019-9187.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs." + "value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs." } ] }, @@ -52,10 +52,20 @@ }, "references": { "reference_data": [ + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html" + }, { "url": "https://ikiwiki.info/news/", "refsource": "MISC", "name": "https://ikiwiki.info/news/" + }, + { + "refsource": "CONFIRM", + "name": "https://ikiwiki.info/news/version_3.20190228/", + "url": "https://ikiwiki.info/news/version_3.20190228/" } ] }