diff --git a/2001/0xxx/CVE-2001-0917.json b/2001/0xxx/CVE-2001-0917.json index 638b888244e..8b6b35a4082 100644 --- a/2001/0xxx/CVE-2001-0917.json +++ b/2001/0xxx/CVE-2001-0917.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0493.json b/2002/0xxx/CVE-2002-0493.json index 61e08f4a7b2..92e7629370b 100644 --- a/2002/0xxx/CVE-2002-0493.json +++ b/2002/0xxx/CVE-2002-0493.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0682.json b/2002/0xxx/CVE-2002-0682.json index cc7807bc273..12ab4cf19f4 100644 --- a/2002/0xxx/CVE-2002-0682.json +++ b/2002/0xxx/CVE-2002-0682.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0935.json b/2002/0xxx/CVE-2002-0935.json index 1f8867cace4..57308feabea 100644 --- a/2002/0xxx/CVE-2002-0935.json +++ b/2002/0xxx/CVE-2002-0935.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0936.json b/2002/0xxx/CVE-2002-0936.json index 9ebcb5b1d5d..73582eba263 100644 --- a/2002/0xxx/CVE-2002-0936.json +++ b/2002/0xxx/CVE-2002-0936.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1148.json b/2002/1xxx/CVE-2002-1148.json index e67212f4422..a2b2f581a7e 100644 --- a/2002/1xxx/CVE-2002-1148.json +++ b/2002/1xxx/CVE-2002-1148.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1394.json b/2002/1xxx/CVE-2002-1394.json index 268e4a071b3..005da01ebcc 100644 --- a/2002/1xxx/CVE-2002-1394.json +++ b/2002/1xxx/CVE-2002-1394.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1567.json b/2002/1xxx/CVE-2002-1567.json index 1c534205cf6..3a294017263 100644 --- a/2002/1xxx/CVE-2002-1567.json +++ b/2002/1xxx/CVE-2002-1567.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1895.json b/2002/1xxx/CVE-2002-1895.json index 01e1cd32e8a..fc7e96ff15c 100644 --- a/2002/1xxx/CVE-2002-1895.json +++ b/2002/1xxx/CVE-2002-1895.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/2xxx/CVE-2002-2006.json b/2002/2xxx/CVE-2002-2006.json index 7013bd9a87a..189c4c3ad84 100644 --- a/2002/2xxx/CVE-2002-2006.json +++ b/2002/2xxx/CVE-2002-2006.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/2xxx/CVE-2002-2008.json b/2002/2xxx/CVE-2002-2008.json index 63e1feb9741..e6728159f3c 100644 --- a/2002/2xxx/CVE-2002-2008.json +++ b/2002/2xxx/CVE-2002-2008.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/2xxx/CVE-2002-2009.json b/2002/2xxx/CVE-2002-2009.json index 9c3cec80db4..50bae1af358 100644 --- a/2002/2xxx/CVE-2002-2009.json +++ b/2002/2xxx/CVE-2002-2009.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2003/0xxx/CVE-2003-0866.json b/2003/0xxx/CVE-2003-0866.json index 672fb43dc5e..108f859c54d 100644 --- a/2003/0xxx/CVE-2003-0866.json +++ b/2003/0xxx/CVE-2003-0866.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/2xxx/CVE-2005-2090.json b/2005/2xxx/CVE-2005-2090.json index df77fdf9d21..fd3f4972e00 100644 --- a/2005/2xxx/CVE-2005-2090.json +++ b/2005/2xxx/CVE-2005-2090.json @@ -266,6 +266,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/3xxx/CVE-2005-3164.json b/2005/3xxx/CVE-2005-3164.json index d07d9970c0f..aca17ee56bf 100644 --- a/2005/3xxx/CVE-2005-3164.json +++ b/2005/3xxx/CVE-2005-3164.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/3xxx/CVE-2005-3510.json b/2005/3xxx/CVE-2005-3510.json index 6bcd6b0da8f..052520b2a2a 100644 --- a/2005/3xxx/CVE-2005-3510.json +++ b/2005/3xxx/CVE-2005-3510.json @@ -151,6 +151,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/4xxx/CVE-2005-4703.json b/2005/4xxx/CVE-2005-4703.json index 808ef433be6..1a095add583 100644 --- a/2005/4xxx/CVE-2005-4703.json +++ b/2005/4xxx/CVE-2005-4703.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/4xxx/CVE-2005-4836.json b/2005/4xxx/CVE-2005-4836.json index b14aa2642fe..99c0a9d235c 100644 --- a/2005/4xxx/CVE-2005-4836.json +++ b/2005/4xxx/CVE-2005-4836.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/4xxx/CVE-2005-4838.json b/2005/4xxx/CVE-2005-4838.json index 8f11123fcef..9a356a69d27 100644 --- a/2005/4xxx/CVE-2005-4838.json +++ b/2005/4xxx/CVE-2005-4838.json @@ -131,6 +131,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2006/3xxx/CVE-2006-3835.json b/2006/3xxx/CVE-2006-3835.json index fed7dae08bb..0cfb7e146b0 100644 --- a/2006/3xxx/CVE-2006-3835.json +++ b/2006/3xxx/CVE-2006-3835.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2006/7xxx/CVE-2006-7196.json b/2006/7xxx/CVE-2006-7196.json index 62168820233..0060aa31208 100644 --- a/2006/7xxx/CVE-2006-7196.json +++ b/2006/7xxx/CVE-2006-7196.json @@ -141,6 +141,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2006/7xxx/CVE-2006-7197.json b/2006/7xxx/CVE-2006-7197.json index b82d8d1739b..901970a57ad 100644 --- a/2006/7xxx/CVE-2006-7197.json +++ b/2006/7xxx/CVE-2006-7197.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/0xxx/CVE-2007-0450.json b/2007/0xxx/CVE-2007-0450.json index 541ab09aa5d..2cbb289044e 100644 --- a/2007/0xxx/CVE-2007-0450.json +++ b/2007/0xxx/CVE-2007-0450.json @@ -296,6 +296,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", + "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/0xxx/CVE-2007-0774.json b/2007/0xxx/CVE-2007-0774.json index ab07eef1843..0fd758c153f 100644 --- a/2007/0xxx/CVE-2007-0774.json +++ b/2007/0xxx/CVE-2007-0774.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1355.json b/2007/1xxx/CVE-2007-1355.json index f59f001fe13..63d9ac92a21 100644 --- a/2007/1xxx/CVE-2007-1355.json +++ b/2007/1xxx/CVE-2007-1355.json @@ -216,6 +216,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1358.json b/2007/1xxx/CVE-2007-1358.json index 7e242d5a018..d5145328936 100644 --- a/2007/1xxx/CVE-2007-1358.json +++ b/2007/1xxx/CVE-2007-1358.json @@ -236,6 +236,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1858.json b/2007/1xxx/CVE-2007-1858.json index a085ce09e87..f9ee81459df 100644 --- a/2007/1xxx/CVE-2007-1858.json +++ b/2007/1xxx/CVE-2007-1858.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1860.json b/2007/1xxx/CVE-2007-1860.json index 28f7f36b997..75ce62d9030 100644 --- a/2007/1xxx/CVE-2007-1860.json +++ b/2007/1xxx/CVE-2007-1860.json @@ -191,6 +191,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/2xxx/CVE-2007-2449.json b/2007/2xxx/CVE-2007-2449.json index c6cbde0aa49..3f5ed681868 100644 --- a/2007/2xxx/CVE-2007-2449.json +++ b/2007/2xxx/CVE-2007-2449.json @@ -241,6 +241,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/2xxx/CVE-2007-2450.json b/2007/2xxx/CVE-2007-2450.json index d6e59b9765c..62035da8bf7 100644 --- a/2007/2xxx/CVE-2007-2450.json +++ b/2007/2xxx/CVE-2007-2450.json @@ -256,6 +256,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/3xxx/CVE-2007-3382.json b/2007/3xxx/CVE-2007-3382.json index 15297534ddf..26b6e409dda 100644 --- a/2007/3xxx/CVE-2007-3382.json +++ b/2007/3xxx/CVE-2007-3382.json @@ -281,6 +281,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/3xxx/CVE-2007-3383.json b/2007/3xxx/CVE-2007-3383.json index c8c45eca7d1..8e1d424fcd2 100644 --- a/2007/3xxx/CVE-2007-3383.json +++ b/2007/3xxx/CVE-2007-3383.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/3xxx/CVE-2007-3385.json b/2007/3xxx/CVE-2007-3385.json index 54055f207cd..fc244351037 100644 --- a/2007/3xxx/CVE-2007-3385.json +++ b/2007/3xxx/CVE-2007-3385.json @@ -291,6 +291,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/5xxx/CVE-2007-5333.json b/2007/5xxx/CVE-2007-5333.json index d003f69d01f..5af9bdaccae 100644 --- a/2007/5xxx/CVE-2007-5333.json +++ b/2007/5xxx/CVE-2007-5333.json @@ -301,6 +301,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/5xxx/CVE-2007-5342.json b/2007/5xxx/CVE-2007-5342.json index 9553033d8da..f1e2531815b 100644 --- a/2007/5xxx/CVE-2007-5342.json +++ b/2007/5xxx/CVE-2007-5342.json @@ -286,6 +286,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/5xxx/CVE-2007-5461.json b/2007/5xxx/CVE-2007-5461.json index 88e9fb9ab1b..4ae1e36a64a 100644 --- a/2007/5xxx/CVE-2007-5461.json +++ b/2007/5xxx/CVE-2007-5461.json @@ -386,6 +386,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/6xxx/CVE-2007-6286.json b/2007/6xxx/CVE-2007-6286.json index c1ebaebc47e..0eba32a2302 100644 --- a/2007/6xxx/CVE-2007-6286.json +++ b/2007/6xxx/CVE-2007-6286.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/0xxx/CVE-2008-0128.json b/2008/0xxx/CVE-2008-0128.json index 142eba6e7c0..21ab8dc9451 100644 --- a/2008/0xxx/CVE-2008-0128.json +++ b/2008/0xxx/CVE-2008-0128.json @@ -151,6 +151,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/1xxx/CVE-2008-1232.json b/2008/1xxx/CVE-2008-1232.json index ddc531c0bf0..73afbb0fd06 100644 --- a/2008/1xxx/CVE-2008-1232.json +++ b/2008/1xxx/CVE-2008-1232.json @@ -351,6 +351,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/1xxx/CVE-2008-1947.json b/2008/1xxx/CVE-2008-1947.json index c206a45eee5..f2b915f4dad 100644 --- a/2008/1xxx/CVE-2008-1947.json +++ b/2008/1xxx/CVE-2008-1947.json @@ -301,6 +301,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/2xxx/CVE-2008-2370.json b/2008/2xxx/CVE-2008-2370.json index f92e11142ef..0ab78942448 100644 --- a/2008/2xxx/CVE-2008-2370.json +++ b/2008/2xxx/CVE-2008-2370.json @@ -331,6 +331,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/2xxx/CVE-2008-2938.json b/2008/2xxx/CVE-2008-2938.json index f74a329f8ba..76623facc46 100644 --- a/2008/2xxx/CVE-2008-2938.json +++ b/2008/2xxx/CVE-2008-2938.json @@ -261,6 +261,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/3xxx/CVE-2008-3271.json b/2008/3xxx/CVE-2008-3271.json index 3d3b95f2a01..654e276090e 100644 --- a/2008/3xxx/CVE-2008-3271.json +++ b/2008/3xxx/CVE-2008-3271.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/4xxx/CVE-2008-4308.json b/2008/4xxx/CVE-2008-4308.json index a26665e6b3c..9bca6c40678 100644 --- a/2008/4xxx/CVE-2008-4308.json +++ b/2008/4xxx/CVE-2008-4308.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/5xxx/CVE-2008-5515.json b/2008/5xxx/CVE-2008-5515.json index 39288a3f108..6535bdafd63 100644 --- a/2008/5xxx/CVE-2008-5515.json +++ b/2008/5xxx/CVE-2008-5515.json @@ -276,6 +276,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/5xxx/CVE-2008-5519.json b/2008/5xxx/CVE-2008-5519.json index 40c031066f0..67b64cae865 100644 --- a/2008/5xxx/CVE-2008-5519.json +++ b/2008/5xxx/CVE-2008-5519.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0033.json b/2009/0xxx/CVE-2009-0033.json index c6be4dc6dca..0c2c863fc30 100644 --- a/2009/0xxx/CVE-2009-0033.json +++ b/2009/0xxx/CVE-2009-0033.json @@ -281,6 +281,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0580.json b/2009/0xxx/CVE-2009-0580.json index b0376265abb..0a99d67e6c3 100644 --- a/2009/0xxx/CVE-2009-0580.json +++ b/2009/0xxx/CVE-2009-0580.json @@ -291,6 +291,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0781.json b/2009/0xxx/CVE-2009-0781.json index 0b5b973c577..61fee5f32e0 100644 --- a/2009/0xxx/CVE-2009-0781.json +++ b/2009/0xxx/CVE-2009-0781.json @@ -236,6 +236,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0783.json b/2009/0xxx/CVE-2009-0783.json index 2cc3636d6e4..09a28ec9a56 100644 --- a/2009/0xxx/CVE-2009-0783.json +++ b/2009/0xxx/CVE-2009-0783.json @@ -276,6 +276,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/2xxx/CVE-2009-2693.json b/2009/2xxx/CVE-2009-2693.json index 6cbb727fa79..97e6653fce3 100644 --- a/2009/2xxx/CVE-2009-2693.json +++ b/2009/2xxx/CVE-2009-2693.json @@ -291,6 +291,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/2xxx/CVE-2009-2901.json b/2009/2xxx/CVE-2009-2901.json index b83d64fda88..c501c2e8743 100644 --- a/2009/2xxx/CVE-2009-2901.json +++ b/2009/2xxx/CVE-2009-2901.json @@ -216,6 +216,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/2xxx/CVE-2009-2902.json b/2009/2xxx/CVE-2009-2902.json index c28bc7af148..75fbd6d9b9e 100644 --- a/2009/2xxx/CVE-2009-2902.json +++ b/2009/2xxx/CVE-2009-2902.json @@ -291,6 +291,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/3xxx/CVE-2009-3548.json b/2009/3xxx/CVE-2009-3548.json index 3f5c6d9bc37..4f9ce81f696 100644 --- a/2009/3xxx/CVE-2009-3548.json +++ b/2009/3xxx/CVE-2009-3548.json @@ -181,6 +181,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/3xxx/CVE-2009-3555.json b/2009/3xxx/CVE-2009-3555.json index e600b33b030..a149279c93f 100644 --- a/2009/3xxx/CVE-2009-3555.json +++ b/2009/3xxx/CVE-2009-3555.json @@ -1586,6 +1586,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/5xxx/CVE-2009-5155.json b/2009/5xxx/CVE-2009-5155.json index c624e6bba54..7c32084c329 100644 --- a/2009/5xxx/CVE-2009-5155.json +++ b/2009/5xxx/CVE-2009-5155.json @@ -91,6 +91,11 @@ "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=11053" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K64119434", + "url": "https://support.f5.com/csp/article/K64119434" } ] } diff --git a/2010/1xxx/CVE-2010-1157.json b/2010/1xxx/CVE-2010-1157.json index 0130cd3946f..57658d25720 100644 --- a/2010/1xxx/CVE-2010-1157.json +++ b/2010/1xxx/CVE-2010-1157.json @@ -211,6 +211,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2010/2xxx/CVE-2010-2227.json b/2010/2xxx/CVE-2010-2227.json index 25ea6172161..af753ab834d 100644 --- a/2010/2xxx/CVE-2010-2227.json +++ b/2010/2xxx/CVE-2010-2227.json @@ -286,6 +286,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2010/3xxx/CVE-2010-3718.json b/2010/3xxx/CVE-2010-3718.json index d2107e738ec..a3e87a2ae6a 100644 --- a/2010/3xxx/CVE-2010-3718.json +++ b/2010/3xxx/CVE-2010-3718.json @@ -206,6 +206,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2010/5xxx/CVE-2010-5305.json b/2010/5xxx/CVE-2010-5305.json index 2795732e6c7..342ace6c706 100644 --- a/2010/5xxx/CVE-2010-5305.json +++ b/2010/5xxx/CVE-2010-5305.json @@ -1,17 +1,84 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2010-5305", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5305", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "PLC5", + "version": { + "version_data": [ + { + "version_value": "1785-Lx" + }, + { + "version_value": "1747-L5x" + } + ] + } + }, + { + "product_name": "SLC5/0x", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "RSLogix", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Credentials management CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product\u2019s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services." } ] } diff --git a/2011/0xxx/CVE-2011-0013.json b/2011/0xxx/CVE-2011-0013.json index 5f84fd4a6f5..a2eb099e78b 100644 --- a/2011/0xxx/CVE-2011-0013.json +++ b/2011/0xxx/CVE-2011-0013.json @@ -211,6 +211,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/1xxx/CVE-2011-1096.json b/2011/1xxx/CVE-2011-1096.json index 228dbf5df6e..fc4a3ca8f12 100644 --- a/2011/1xxx/CVE-2011-1096.json +++ b/2011/1xxx/CVE-2011-1096.json @@ -171,6 +171,11 @@ "name": "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts", "refsource": "MISC", "url": "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html", + "url": "https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2011/1xxx/CVE-2011-1184.json b/2011/1xxx/CVE-2011-1184.json index d96a80d561b..577be48493d 100644 --- a/2011/1xxx/CVE-2011-1184.json +++ b/2011/1xxx/CVE-2011-1184.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/2xxx/CVE-2011-2204.json b/2011/2xxx/CVE-2011-2204.json index 8093bf7ee47..3ea4ff45f23 100644 --- a/2011/2xxx/CVE-2011-2204.json +++ b/2011/2xxx/CVE-2011-2204.json @@ -181,6 +181,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/2xxx/CVE-2011-2526.json b/2011/2xxx/CVE-2011-2526.json index 5a0c718e9bb..27c178b062b 100644 --- a/2011/2xxx/CVE-2011-2526.json +++ b/2011/2xxx/CVE-2011-2526.json @@ -226,6 +226,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/2xxx/CVE-2011-2729.json b/2011/2xxx/CVE-2011-2729.json index 9e7b0713f48..d9a2f8c0d13 100644 --- a/2011/2xxx/CVE-2011-2729.json +++ b/2011/2xxx/CVE-2011-2729.json @@ -201,6 +201,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/3xxx/CVE-2011-3190.json b/2011/3xxx/CVE-2011-3190.json index 215c3957ea7..d4fe70e4ba9 100644 --- a/2011/3xxx/CVE-2011-3190.json +++ b/2011/3xxx/CVE-2011-3190.json @@ -161,6 +161,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/5xxx/CVE-2011-5062.json b/2011/5xxx/CVE-2011-5062.json index 6489f9c85c4..a312cac8478 100644 --- a/2011/5xxx/CVE-2011-5062.json +++ b/2011/5xxx/CVE-2011-5062.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/5xxx/CVE-2011-5063.json b/2011/5xxx/CVE-2011-5063.json index c88d7980258..045fa55c163 100644 --- a/2011/5xxx/CVE-2011-5063.json +++ b/2011/5xxx/CVE-2011-5063.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/5xxx/CVE-2011-5064.json b/2011/5xxx/CVE-2011-5064.json index 5b2134b0192..207646f4dde 100644 --- a/2011/5xxx/CVE-2011-5064.json +++ b/2011/5xxx/CVE-2011-5064.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2012/0xxx/CVE-2012-0022.json b/2012/0xxx/CVE-2012-0022.json index f371b554910..d73d3fcc0e4 100644 --- a/2012/0xxx/CVE-2012-0022.json +++ b/2012/0xxx/CVE-2012-0022.json @@ -211,6 +211,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2012/3xxx/CVE-2012-3544.json b/2012/3xxx/CVE-2012-3544.json index cc2822117bb..5d3b5cd6b6f 100644 --- a/2012/3xxx/CVE-2012-3544.json +++ b/2012/3xxx/CVE-2012-3544.json @@ -131,6 +131,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/1xxx/CVE-2013-1571.json b/2013/1xxx/CVE-2013-1571.json index cef0dd8dc7a..11048e6735a 100644 --- a/2013/1xxx/CVE-2013-1571.json +++ b/2013/1xxx/CVE-2013-1571.json @@ -216,6 +216,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/2xxx/CVE-2013-2067.json b/2013/2xxx/CVE-2013-2067.json index 9a61126e7b2..ce4647a5159 100644 --- a/2013/2xxx/CVE-2013-2067.json +++ b/2013/2xxx/CVE-2013-2067.json @@ -141,6 +141,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/2xxx/CVE-2013-2805.json b/2013/2xxx/CVE-2013-2805.json index 695bfe26594..7bf75c1a373 100644 --- a/2013/2xxx/CVE-2013-2805.json +++ b/2013/2xxx/CVE-2013-2805.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-2805", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2805", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "RSLinx Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "CPR9" + }, + { + "version_value": "CPR9-SR1" + }, + { + "version_value": "CPR9-SR2" + }, + { + "version_value": "CPR9-SR3" + }, + { + "version_value": "CPR9-SR4" + }, + { + "version_value": "CPR9-SR5" + }, + { + "version_value": "CPR9-SR5.1" + }, + { + "version_value": "CPR9-SR6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the \u201cRecord Data Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" } ] } diff --git a/2013/2xxx/CVE-2013-2806.json b/2013/2xxx/CVE-2013-2806.json index 6136ef9721e..57aad38229a 100644 --- a/2013/2xxx/CVE-2013-2806.json +++ b/2013/2xxx/CVE-2013-2806.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-2806", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2806", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "RSLinx Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "CPR9" + }, + { + "version_value": "CPR9-SR1" + }, + { + "version_value": "CPR9-SR2" + }, + { + "version_value": "CPR9-SR3" + }, + { + "version_value": "CPR9-SR4" + }, + { + "version_value": "CPR9-SR5" + }, + { + "version_value": "CPR9-SR5.1" + }, + { + "version_value": "CPR9-SR6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" } ] } diff --git a/2013/2xxx/CVE-2013-2807.json b/2013/2xxx/CVE-2013-2807.json index 20aa88c48ed..f687435bedc 100644 --- a/2013/2xxx/CVE-2013-2807.json +++ b/2013/2xxx/CVE-2013-2807.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-2807", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2807", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "RSLinx Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "CPR9" + }, + { + "version_value": "CPR9-SR1" + }, + { + "version_value": "CPR9-SR2" + }, + { + "version_value": "CPR9-SR3" + }, + { + "version_value": "CPR9-SR4" + }, + { + "version_value": "CPR9-SR5" + }, + { + "version_value": "CPR9-SR5.1" + }, + { + "version_value": "CPR9-SR6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" } ] } diff --git a/2013/4xxx/CVE-2013-4286.json b/2013/4xxx/CVE-2013-4286.json index cd3622734bd..606fd3ef3b9 100644 --- a/2013/4xxx/CVE-2013-4286.json +++ b/2013/4xxx/CVE-2013-4286.json @@ -251,6 +251,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/4xxx/CVE-2013-4322.json b/2013/4xxx/CVE-2013-4322.json index 7bd92cc0438..c6ee681a415 100644 --- a/2013/4xxx/CVE-2013-4322.json +++ b/2013/4xxx/CVE-2013-4322.json @@ -231,6 +231,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/4xxx/CVE-2013-4590.json b/2013/4xxx/CVE-2013-4590.json index 5be66e89edb..aff9d3b4c01 100644 --- a/2013/4xxx/CVE-2013-4590.json +++ b/2013/4xxx/CVE-2013-4590.json @@ -181,6 +181,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0033.json b/2014/0xxx/CVE-2014-0033.json index 21aa8baaea6..c74a2ebab34 100644 --- a/2014/0xxx/CVE-2014-0033.json +++ b/2014/0xxx/CVE-2014-0033.json @@ -141,6 +141,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0075.json b/2014/0xxx/CVE-2014-0075.json index 23823ae3a37..fd36e3cb6a0 100644 --- a/2014/0xxx/CVE-2014-0075.json +++ b/2014/0xxx/CVE-2014-0075.json @@ -266,6 +266,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0096.json b/2014/0xxx/CVE-2014-0096.json index ff078c56107..5526fab4944 100644 --- a/2014/0xxx/CVE-2014-0096.json +++ b/2014/0xxx/CVE-2014-0096.json @@ -271,6 +271,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0099.json b/2014/0xxx/CVE-2014-0099.json index 3e52f7108e5..506881e643a 100644 --- a/2014/0xxx/CVE-2014-0099.json +++ b/2014/0xxx/CVE-2014-0099.json @@ -276,6 +276,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0119.json b/2014/0xxx/CVE-2014-0119.json index 38147216c0c..22d11f5737b 100644 --- a/2014/0xxx/CVE-2014-0119.json +++ b/2014/0xxx/CVE-2014-0119.json @@ -281,6 +281,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0160.json b/2014/0xxx/CVE-2014-0160.json index ff0dcac427c..87f3abd1438 100644 --- a/2014/0xxx/CVE-2014-0160.json +++ b/2014/0xxx/CVE-2014-0160.json @@ -666,6 +666,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0227.json b/2014/0xxx/CVE-2014-0227.json index 4e6c2725ffb..79c6194b9e7 100644 --- a/2014/0xxx/CVE-2014-0227.json +++ b/2014/0xxx/CVE-2014-0227.json @@ -206,6 +206,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0230.json b/2014/0xxx/CVE-2014-0230.json index bb349e1a6f2..0efb0f47d87 100644 --- a/2014/0xxx/CVE-2014-0230.json +++ b/2014/0xxx/CVE-2014-0230.json @@ -216,6 +216,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3576.json b/2014/3xxx/CVE-2014-3576.json index b3f447ba24c..58795b6e6f5 100644 --- a/2014/3xxx/CVE-2014-3576.json +++ b/2014/3xxx/CVE-2014-3576.json @@ -96,6 +96,11 @@ "name": "20151106 [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536862/100/0/threaded" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3579.json b/2014/3xxx/CVE-2014-3579.json index 42cc10fa4c5..2faa8ecf0e5 100644 --- a/2014/3xxx/CVE-2014-3579.json +++ b/2014/3xxx/CVE-2014-3579.json @@ -76,6 +76,11 @@ "name": "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt", "refsource": "CONFIRM", "url": "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3600.json b/2014/3xxx/CVE-2014-3600.json index b53b277ad4a..f8356098374 100644 --- a/2014/3xxx/CVE-2014-3600.json +++ b/2014/3xxx/CVE-2014-3600.json @@ -76,6 +76,11 @@ "name": "https://issues.apache.org/jira/browse/AMQ-5333", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/AMQ-5333" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3612.json b/2014/3xxx/CVE-2014-3612.json index b3fe17b39a6..9f04bd6899c 100644 --- a/2014/3xxx/CVE-2014-3612.json +++ b/2014/3xxx/CVE-2014-3612.json @@ -76,6 +76,11 @@ "name": "RHSA-2015:0138", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0138.html" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2014/5xxx/CVE-2014-5401.json b/2014/5xxx/CVE-2014-5401.json index c862d0a89d3..2c832e600b9 100644 --- a/2014/5xxx/CVE-2014-5401.json +++ b/2014/5xxx/CVE-2014-5401.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-5401", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5401", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "MedNet", + "version": { + "version_data": [ + { + "version_value": "<= 5.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code injection CWE-94" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1." } ] } diff --git a/2014/5xxx/CVE-2014-5431.json b/2014/5xxx/CVE-2014-5431.json index 1406f26e678..34c30e20e7c 100644 --- a/2014/5xxx/CVE-2014-5431.json +++ b/2014/5xxx/CVE-2014-5431.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-5431", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5431", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Baxter", + "product": { + "product_data": [ + { + "product_name": "SIGMA Spectrum Infusion System", + "version": { + "version_data": [ + { + "version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard-coded password CWE-259" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes." } ] } diff --git a/2014/5xxx/CVE-2014-5432.json b/2014/5xxx/CVE-2014-5432.json index d044798dd2c..3828992d6f0 100644 --- a/2014/5xxx/CVE-2014-5432.json +++ b/2014/5xxx/CVE-2014-5432.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-5432", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5432", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Baxter", + "product": { + "product_data": [ + { + "product_name": "SIGMA Spectrum Infusion System", + "version": { + "version_data": [ + { + "version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass issues CWE-592" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes." } ] } diff --git a/2014/5xxx/CVE-2014-5433.json b/2014/5xxx/CVE-2014-5433.json index 0ef951b6b5b..ae0b56df2e5 100644 --- a/2014/5xxx/CVE-2014-5433.json +++ b/2014/5xxx/CVE-2014-5433.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-5433", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5433", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Baxter", + "product": { + "product_data": [ + { + "product_name": "SIGMA Spectrum Infusion System", + "version": { + "version_data": [ + { + "version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext storage of sensitive information CWE-312" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes." } ] } diff --git a/2014/5xxx/CVE-2014-5434.json b/2014/5xxx/CVE-2014-5434.json index 012bb3d5a01..7685793f32c 100644 --- a/2014/5xxx/CVE-2014-5434.json +++ b/2014/5xxx/CVE-2014-5434.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-5434", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5434", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Baxter", + "product": { + "product_data": [ + { + "product_name": "SIGMA Spectrum Infusion System", + "version": { + "version_data": [ + { + "version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard-coded password CWE-259" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes." } ] } diff --git a/2014/7xxx/CVE-2014-7810.json b/2014/7xxx/CVE-2014-7810.json index 0f1441936a5..1ba94a6d704 100644 --- a/2014/7xxx/CVE-2014-7810.json +++ b/2014/7xxx/CVE-2014-7810.json @@ -166,6 +166,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/8xxx/CVE-2014-8110.json b/2014/8xxx/CVE-2014-8110.json index 55815b8b71e..69115748c31 100644 --- a/2014/8xxx/CVE-2014-8110.json +++ b/2014/8xxx/CVE-2014-8110.json @@ -76,6 +76,11 @@ "name": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt", "refsource": "CONFIRM", "url": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2014/8xxx/CVE-2014-8111.json b/2014/8xxx/CVE-2014-8111.json index 1ec6fa12cbc..e0ee9c0bab0 100644 --- a/2014/8xxx/CVE-2014-8111.json +++ b/2014/8xxx/CVE-2014-8111.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/9xxx/CVE-2014-9187.json b/2014/9xxx/CVE-2014-9187.json index 57b043a1f3d..5ef1963059c 100644 --- a/2014/9xxx/CVE-2014-9187.json +++ b/2014/9xxx/CVE-2014-9187.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-9187", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9187", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Honeywell", + "product": { + "product_data": [ + { + "product_name": "Experion PKS", + "version": { + "version_data": [ + { + "version_value": "R40x prior to R400.6" + }, + { + "version_value": "R41x prior to R410.6" + }, + { + "version_value": "R43x prior to R430.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } diff --git a/2014/9xxx/CVE-2014-9189.json b/2014/9xxx/CVE-2014-9189.json index 3c74a011c25..58676729168 100644 --- a/2014/9xxx/CVE-2014-9189.json +++ b/2014/9xxx/CVE-2014-9189.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-9189", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9189", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Honeywell", + "product": { + "product_data": [ + { + "product_name": "Experion PKS", + "version": { + "version_data": [ + { + "version_value": "R40x prior to R400.6" + }, + { + "version_value": "R41x prior to R410.6" + }, + { + "version_value": "R43x prior to R430.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } diff --git a/2015/0xxx/CVE-2015-0254.json b/2015/0xxx/CVE-2015-0254.json index 11a0d5940ac..c771db3f1e2 100644 --- a/2015/0xxx/CVE-2015-0254.json +++ b/2015/0xxx/CVE-2015-0254.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [27/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/8a20e48acb2a40be5130df91cf9d39d8ad93181989413d4abcaa4914@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/1xxx/CVE-2015-1007.json b/2015/1xxx/CVE-2015-1007.json index 05ebce46a6f..6932aac0696 100644 --- a/2015/1xxx/CVE-2015-1007.json +++ b/2015/1xxx/CVE-2015-1007.json @@ -1,17 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1007", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1007", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Opto 22", + "product": { + "product_data": [ + { + "product_name": "PAC Project Professional", + "version": { + "version_data": [ + { + "version_value": "< R9.4008" + } + ] + } + }, + { + "product_name": "PAC Project Basic", + "version": { + "version_data": [ + { + "version_value": "< R9.4008" + } + ] + } + }, + { + "product_name": "PAC Display Basic", + "version": { + "version_data": [ + { + "version_value": "< R9.4g" + } + ] + } + }, + { + "product_name": "PAC Display Professional", + "version": { + "version_data": [ + { + "version_value": "< R9.4g" + } + ] + } + }, + { + "product_name": "OptoOPCServer", + "version": { + "version_data": [ + { + "version_value": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008" + } + ] + } + }, + { + "product_name": "OptoDataLink", + "version": { + "version_data": [ + { + "version_value": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible." } ] } diff --git a/2015/1xxx/CVE-2015-1012.json b/2015/1xxx/CVE-2015-1012.json index a2b11af50b1..fd5c6cbd826 100644 --- a/2015/1xxx/CVE-2015-1012.json +++ b/2015/1xxx/CVE-2015-1012.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1012", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1012", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "LifeCare PCA Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext storage of sensitive information CWE-312" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access." } ] } diff --git a/2015/1xxx/CVE-2015-1014.json b/2015/1xxx/CVE-2015-1014.json index cc039832a4c..30d63de8f20 100644 --- a/2015/1xxx/CVE-2015-1014.json +++ b/2015/1xxx/CVE-2015-1014.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1014", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1014", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "OFS v3.5", + "version": { + "version_data": [ + { + "version_value": "< v7.40 of SCADA Expert Vijeo Citect/CitectSCADA" + }, + { + "version_value": "< v7.30 of Vijeo Citect/CitectSCADA" + }, + { + "version_value": "< v7.20 of Vijeo Citect/CitectSCADA." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL hijacking CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version." } ] } diff --git a/2015/1xxx/CVE-2015-1830.json b/2015/1xxx/CVE-2015-1830.json index 852d1d646e7..9a83912a8ec 100644 --- a/2015/1xxx/CVE-2015-1830.json +++ b/2015/1xxx/CVE-2015-1830.json @@ -76,6 +76,11 @@ "name": "1033315", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033315" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2015/3xxx/CVE-2015-3952.json b/2015/3xxx/CVE-2015-3952.json index 591d8895056..01f3805aaf2 100644 --- a/2015/3xxx/CVE-2015-3952.json +++ b/2015/3xxx/CVE-2015-3952.json @@ -1,17 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-3952", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-3952", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "Plum A+ Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.4" + } + ] + } + }, + { + "product_name": "Plum A+3 Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.6" + } + ] + } + }, + { + "product_name": "Symbiq Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext storage of sensitive information CWE-312" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } diff --git a/2015/3xxx/CVE-2015-3953.json b/2015/3xxx/CVE-2015-3953.json index 9c288de7594..5870f074eab 100644 --- a/2015/3xxx/CVE-2015-3953.json +++ b/2015/3xxx/CVE-2015-3953.json @@ -1,17 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-3953", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-3953", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "Plum A+ Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.4" + } + ] + } + }, + { + "product_name": "Plum A+3 Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.6" + } + ] + } + }, + { + "product_name": "Symbiq Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of hard-coded password CWE-259" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } diff --git a/2015/3xxx/CVE-2015-3954.json b/2015/3xxx/CVE-2015-3954.json index 33e4ecab2ff..be5feaecb6f 100644 --- a/2015/3xxx/CVE-2015-3954.json +++ b/2015/3xxx/CVE-2015-3954.json @@ -1,17 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-3954", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-3954", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "Plum A+ Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.4" + } + ] + } + }, + { + "product_name": "Plum A+3 Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.6" + } + ] + } + }, + { + "product_name": "Symbiq Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } diff --git a/2015/3xxx/CVE-2015-3956.json b/2015/3xxx/CVE-2015-3956.json index 2d9f69de48d..fbc0f7a7881 100644 --- a/2015/3xxx/CVE-2015-3956.json +++ b/2015/3xxx/CVE-2015-3956.json @@ -1,17 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-3956", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-3956", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "Plum A+ Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.4" + } + ] + } + }, + { + "product_name": "Plum A+3 Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.6" + } + ] + } + }, + { + "product_name": "Symbiq Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient verification of data authenticity CWE-345" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } diff --git a/2015/4xxx/CVE-2015-4047.json b/2015/4xxx/CVE-2015-4047.json index 1c1f1b27fc3..1ac777d8176 100644 --- a/2015/4xxx/CVE-2015-4047.json +++ b/2015/4xxx/CVE-2015-4047.json @@ -111,6 +111,11 @@ "name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/05/21/11" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K05013313", + "url": "https://support.f5.com/csp/article/K05013313" } ] } diff --git a/2015/4xxx/CVE-2015-4852.json b/2015/4xxx/CVE-2015-4852.json index 7386b52cc6b..836067eff21 100644 --- a/2015/4xxx/CVE-2015-4852.json +++ b/2015/4xxx/CVE-2015-4852.json @@ -116,6 +116,11 @@ "name": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/", "refsource": "MISC", "url": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html" } ] } diff --git a/2015/5xxx/CVE-2015-5174.json b/2015/5xxx/CVE-2015-5174.json index 40c81c0dbb8..ac88f22abc7 100644 --- a/2015/5xxx/CVE-2015-5174.json +++ b/2015/5xxx/CVE-2015-5174.json @@ -231,6 +231,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5254.json b/2015/5xxx/CVE-2015-5254.json index c70e19622a9..1816591e8f4 100644 --- a/2015/5xxx/CVE-2015-5254.json +++ b/2015/5xxx/CVE-2015-5254.json @@ -111,6 +111,11 @@ "name": "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", "refsource": "CONFIRM", "url": "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5345.json b/2015/5xxx/CVE-2015-5345.json index 5d19b88bfa8..329971902eb 100644 --- a/2015/5xxx/CVE-2015-5345.json +++ b/2015/5xxx/CVE-2015-5345.json @@ -276,6 +276,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/6xxx/CVE-2015-6563.json b/2015/6xxx/CVE-2015-6563.json index f22c3ea6020..52c560fd9c7 100644 --- a/2015/6xxx/CVE-2015-6563.json +++ b/2015/6xxx/CVE-2015-6563.json @@ -131,6 +131,11 @@ "name": "https://security.netapp.com/advisory/ntap-20180201-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180201-0002/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766" } ] } diff --git a/2015/6xxx/CVE-2015-6564.json b/2015/6xxx/CVE-2015-6564.json index c856489b2a5..f03140e09a3 100644 --- a/2015/6xxx/CVE-2015-6564.json +++ b/2015/6xxx/CVE-2015-6564.json @@ -121,6 +121,11 @@ "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764" } ] } diff --git a/2016/0xxx/CVE-2016-0706.json b/2016/0xxx/CVE-2016-0706.json index c8e953bf7df..c5951170b9e 100644 --- a/2016/0xxx/CVE-2016-0706.json +++ b/2016/0xxx/CVE-2016-0706.json @@ -246,6 +246,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0714.json b/2016/0xxx/CVE-2016-0714.json index e2b3deb9dd5..75923ecb0f9 100644 --- a/2016/0xxx/CVE-2016-0714.json +++ b/2016/0xxx/CVE-2016-0714.json @@ -271,6 +271,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0734.json b/2016/0xxx/CVE-2016-0734.json index ebf80ad7727..e142d929fc8 100644 --- a/2016/0xxx/CVE-2016-0734.json +++ b/2016/0xxx/CVE-2016-0734.json @@ -76,6 +76,11 @@ "name": "84321", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84321" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0762.json b/2016/0xxx/CVE-2016-0762.json index bdd9ee9fe21..00280c19faf 100644 --- a/2016/0xxx/CVE-2016-0762.json +++ b/2016/0xxx/CVE-2016-0762.json @@ -119,6 +119,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0782.json b/2016/0xxx/CVE-2016-0782.json index ac928254c6c..10eabfa2b83 100644 --- a/2016/0xxx/CVE-2016-0782.json +++ b/2016/0xxx/CVE-2016-0782.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317516", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317516" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2016/10xxx/CVE-2016-10741.json b/2016/10xxx/CVE-2016-10741.json index ae707261b6c..fbc995242be 100644 --- a/2016/10xxx/CVE-2016-10741.json +++ b/2016/10xxx/CVE-2016-10741.json @@ -76,6 +76,11 @@ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2016/10xxx/CVE-2016-10743.json b/2016/10xxx/CVE-2016-10743.json index e370dc95180..6b8846a8436 100644 --- a/2016/10xxx/CVE-2016-10743.json +++ b/2016/10xxx/CVE-2016-10743.json @@ -56,6 +56,11 @@ "url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389", "refsource": "MISC", "name": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190328 [SECURITY] [DLA 1733-1] wpa security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00035.html" } ] } diff --git a/2016/10xxx/CVE-2016-10744.json b/2016/10xxx/CVE-2016-10744.json new file mode 100644 index 00000000000..6e5f913b114 --- /dev/null +++ b/2016/10xxx/CVE-2016-10744.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/snipe/snipe-it/pull/6831", + "refsource": "MISC", + "name": "https://github.com/snipe/snipe-it/pull/6831" + }, + { + "url": "https://github.com/select2/select2/issues/4587", + "refsource": "MISC", + "name": "https://github.com/select2/select2/issues/4587" + }, + { + "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a", + "refsource": "MISC", + "name": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3088.json b/2016/3xxx/CVE-2016-3088.json index 3a7d5a11782..47eb2e8687d 100644 --- a/2016/3xxx/CVE-2016-3088.json +++ b/2016/3xxx/CVE-2016-3088.json @@ -81,6 +81,11 @@ "name": "1035951", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035951" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2016/3xxx/CVE-2016-3092.json b/2016/3xxx/CVE-2016-3092.json index 953dffeac15..f660cf251c1 100644 --- a/2016/3xxx/CVE-2016-3092.json +++ b/2016/3xxx/CVE-2016-3092.json @@ -271,6 +271,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/3xxx/CVE-2016-3427.json b/2016/3xxx/CVE-2016-3427.json index f4b9a4894f5..5b99490b6a7 100644 --- a/2016/3xxx/CVE-2016-3427.json +++ b/2016/3xxx/CVE-2016-3427.json @@ -271,6 +271,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/4xxx/CVE-2016-4055.json b/2016/4xxx/CVE-2016-4055.json index e013c7f7fe0..0a7603f6ef2 100644 --- a/2016/4xxx/CVE-2016-4055.json +++ b/2016/4xxx/CVE-2016-4055.json @@ -71,6 +71,11 @@ "name": "95849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95849" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-02", + "url": "https://www.tenable.com/security/tns-2019-02" } ] } diff --git a/2016/5xxx/CVE-2016-5018.json b/2016/5xxx/CVE-2016-5018.json index cf4ad9e63b8..e798078571d 100644 --- a/2016/5xxx/CVE-2016-5018.json +++ b/2016/5xxx/CVE-2016-5018.json @@ -149,6 +149,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6794.json b/2016/6xxx/CVE-2016-6794.json index 225fd6441a5..091cc9897b4 100644 --- a/2016/6xxx/CVE-2016-6794.json +++ b/2016/6xxx/CVE-2016-6794.json @@ -119,6 +119,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6796.json b/2016/6xxx/CVE-2016-6796.json index 5e57e8d7c70..29a8fbb70f1 100644 --- a/2016/6xxx/CVE-2016-6796.json +++ b/2016/6xxx/CVE-2016-6796.json @@ -149,6 +149,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6797.json b/2016/6xxx/CVE-2016-6797.json index 41cf074b93b..aea28588d92 100644 --- a/2016/6xxx/CVE-2016-6797.json +++ b/2016/6xxx/CVE-2016-6797.json @@ -119,6 +119,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6808.json b/2016/6xxx/CVE-2016-6808.json index ef1072adb78..78c8d0a530f 100644 --- a/2016/6xxx/CVE-2016-6808.json +++ b/2016/6xxx/CVE-2016-6808.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6809.json b/2016/6xxx/CVE-2016-6809.json index b04a012184e..9534a930377 100644 --- a/2016/6xxx/CVE-2016-6809.json +++ b/2016/6xxx/CVE-2016-6809.json @@ -66,6 +66,11 @@ "name": "http://seclists.org/bugtraq/2016/Nov/40", "refsource": "CONFIRM", "url": "http://seclists.org/bugtraq/2016/Nov/40" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 Re: 6.6.6 Release", + "url": "https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6810.json b/2016/6xxx/CVE-2016-6810.json index de31afd15e6..296bcad8dec 100644 --- a/2016/6xxx/CVE-2016-6810.json +++ b/2016/6xxx/CVE-2016-6810.json @@ -72,6 +72,11 @@ "name": "[users] 20161209 [ANNOUNCE] CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6816.json b/2016/6xxx/CVE-2016-6816.json index 353f313cd0e..f4832194a3f 100644 --- a/2016/6xxx/CVE-2016-6816.json +++ b/2016/6xxx/CVE-2016-6816.json @@ -181,6 +181,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6817.json b/2016/6xxx/CVE-2016-6817.json index 500b67b660c..22abf728cf8 100644 --- a/2016/6xxx/CVE-2016-6817.json +++ b/2016/6xxx/CVE-2016-6817.json @@ -80,6 +80,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/8xxx/CVE-2016-8735.json b/2016/8xxx/CVE-2016-8735.json index 672ccb3e6f3..4419aed0819 100644 --- a/2016/8xxx/CVE-2016-8735.json +++ b/2016/8xxx/CVE-2016-8735.json @@ -168,6 +168,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/8xxx/CVE-2016-8745.json b/2016/8xxx/CVE-2016-8745.json index d091945fe9d..88cfc64c65d 100644 --- a/2016/8xxx/CVE-2016-8745.json +++ b/2016/8xxx/CVE-2016-8745.json @@ -144,6 +144,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/8xxx/CVE-2016-8747.json b/2016/8xxx/CVE-2016-8747.json index 16afdb1d91e..512e561deb7 100644 --- a/2016/8xxx/CVE-2016-8747.json +++ b/2016/8xxx/CVE-2016-8747.json @@ -89,6 +89,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/9xxx/CVE-2016-9401.json b/2016/9xxx/CVE-2016-9401.json index 1fe1cca72c7..744b7be7249 100644 --- a/2016/9xxx/CVE-2016-9401.json +++ b/2016/9xxx/CVE-2016-9401.json @@ -81,6 +81,11 @@ "name": "GLSA-201701-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-02" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html" } ] } diff --git a/2016/9xxx/CVE-2016-9840.json b/2016/9xxx/CVE-2016-9840.json index 691ad10d9d5..cc0105bdb13 100644 --- a/2016/9xxx/CVE-2016-9840.json +++ b/2016/9xxx/CVE-2016-9840.json @@ -171,6 +171,11 @@ "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" } ] } diff --git a/2016/9xxx/CVE-2016-9841.json b/2016/9xxx/CVE-2016-9841.json index 78fd225ac6b..85ee749ebaf 100644 --- a/2016/9xxx/CVE-2016-9841.json +++ b/2016/9xxx/CVE-2016-9841.json @@ -186,6 +186,11 @@ "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" } ] } diff --git a/2016/9xxx/CVE-2016-9842.json b/2016/9xxx/CVE-2016-9842.json index 966fb242dc9..573120fe1ac 100644 --- a/2016/9xxx/CVE-2016-9842.json +++ b/2016/9xxx/CVE-2016-9842.json @@ -171,6 +171,11 @@ "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" } ] } diff --git a/2016/9xxx/CVE-2016-9843.json b/2016/9xxx/CVE-2016-9843.json index 88b018e8e24..6be4b1fa319 100644 --- a/2016/9xxx/CVE-2016-9843.json +++ b/2016/9xxx/CVE-2016-9843.json @@ -186,6 +186,11 @@ "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" } ] } diff --git a/2017/10xxx/CVE-2017-10686.json b/2017/10xxx/CVE-2017-10686.json index ac259e25b60..f0c0a3962e0 100644 --- a/2017/10xxx/CVE-2017-10686.json +++ b/2017/10xxx/CVE-2017-10686.json @@ -61,6 +61,11 @@ "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", "refsource": "MISC", "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392414" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-19", + "url": "https://security.gentoo.org/glsa/201903-19" } ] } diff --git a/2017/11xxx/CVE-2017-11111.json b/2017/11xxx/CVE-2017-11111.json index b2b83e695d2..afc70bc0095 100644 --- a/2017/11xxx/CVE-2017-11111.json +++ b/2017/11xxx/CVE-2017-11111.json @@ -61,6 +61,11 @@ "name": "USN-3694-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3694-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-19", + "url": "https://security.gentoo.org/glsa/201903-19" } ] } diff --git a/2017/12xxx/CVE-2017-12122.json b/2017/12xxx/CVE-2017-12122.json index d42bf77b98f..4cfec3e3ba8 100644 --- a/2017/12xxx/CVE-2017-12122.json +++ b/2017/12xxx/CVE-2017-12122.json @@ -72,6 +72,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2017/12xxx/CVE-2017-12615.json b/2017/12xxx/CVE-2017-12615.json index 04efc70bc2d..70002a3bb5d 100644 --- a/2017/12xxx/CVE-2017-12615.json +++ b/2017/12xxx/CVE-2017-12615.json @@ -122,6 +122,11 @@ "name": "RHSA-2017:3081", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3081" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12616.json b/2017/12xxx/CVE-2017-12616.json index 742856295c2..41622eab4c8 100644 --- a/2017/12xxx/CVE-2017-12616.json +++ b/2017/12xxx/CVE-2017-12616.json @@ -102,6 +102,11 @@ "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12617.json b/2017/12xxx/CVE-2017-12617.json index f3ffb354398..84728798667 100644 --- a/2017/12xxx/CVE-2017-12617.json +++ b/2017/12xxx/CVE-2017-12617.json @@ -201,6 +201,26 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K53173544", + "url": "https://support.f5.com/csp/article/K53173544" } ] } diff --git a/2017/13xxx/CVE-2017-13305.json b/2017/13xxx/CVE-2017-13305.json index 2ef2c985138..0a266c16f83 100644 --- a/2017/13xxx/CVE-2017-13305.json +++ b/2017/13xxx/CVE-2017-13305.json @@ -82,6 +82,11 @@ "name": "USN-3655-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2017/14xxx/CVE-2017-14228.json b/2017/14xxx/CVE-2017-14228.json index 9332370ab70..f4b222d4c49 100644 --- a/2017/14xxx/CVE-2017-14228.json +++ b/2017/14xxx/CVE-2017-14228.json @@ -61,6 +61,11 @@ "name": "USN-3694-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3694-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-19", + "url": "https://security.gentoo.org/glsa/201903-19" } ] } diff --git a/2017/14xxx/CVE-2017-14440.json b/2017/14xxx/CVE-2017-14440.json index 0357559e969..6a76e16275f 100644 --- a/2017/14xxx/CVE-2017-14440.json +++ b/2017/14xxx/CVE-2017-14440.json @@ -72,6 +72,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2017/14xxx/CVE-2017-14441.json b/2017/14xxx/CVE-2017-14441.json index b7a17c6e4bb..222619a45d5 100644 --- a/2017/14xxx/CVE-2017-14441.json +++ b/2017/14xxx/CVE-2017-14441.json @@ -72,6 +72,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2017/14xxx/CVE-2017-14442.json b/2017/14xxx/CVE-2017-14442.json index 3ea13e7db55..0ec5674073c 100644 --- a/2017/14xxx/CVE-2017-14442.json +++ b/2017/14xxx/CVE-2017-14442.json @@ -72,6 +72,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2017/14xxx/CVE-2017-14448.json b/2017/14xxx/CVE-2017-14448.json index 944277c7585..b75e3306458 100644 --- a/2017/14xxx/CVE-2017-14448.json +++ b/2017/14xxx/CVE-2017-14448.json @@ -72,6 +72,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2017/14xxx/CVE-2017-14449.json b/2017/14xxx/CVE-2017-14449.json index 585dd78dce9..2a08e6baae3 100644 --- a/2017/14xxx/CVE-2017-14449.json +++ b/2017/14xxx/CVE-2017-14449.json @@ -62,6 +62,11 @@ "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2017/14xxx/CVE-2017-14450.json b/2017/14xxx/CVE-2017-14450.json index 4429341f333..e3741b7e904 100644 --- a/2017/14xxx/CVE-2017-14450.json +++ b/2017/14xxx/CVE-2017-14450.json @@ -72,6 +72,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2017/15xxx/CVE-2017-15698.json b/2017/15xxx/CVE-2017-15698.json index ccfffc26476..5f26f7f83fa 100644 --- a/2017/15xxx/CVE-2017-15698.json +++ b/2017/15xxx/CVE-2017-15698.json @@ -90,6 +90,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/15xxx/CVE-2017-15706.json b/2017/15xxx/CVE-2017-15706.json index 407fdb2a681..56daf065994 100644 --- a/2017/15xxx/CVE-2017-15706.json +++ b/2017/15xxx/CVE-2017-15706.json @@ -86,6 +86,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/15xxx/CVE-2017-15709.json b/2017/15xxx/CVE-2017-15709.json index 08a4dc2c418..5727d3a3f19 100644 --- a/2017/15xxx/CVE-2017-15709.json +++ b/2017/15xxx/CVE-2017-15709.json @@ -57,6 +57,21 @@ "name": "https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories", + "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-dev] 20190327 Re: Website", + "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2017/16xxx/CVE-2017-16355.json b/2017/16xxx/CVE-2017-16355.json index 33b4437a268..821f00fbded 100644 --- a/2017/16xxx/CVE-2017-16355.json +++ b/2017/16xxx/CVE-2017-16355.json @@ -66,6 +66,11 @@ "refsource": "DEBIAN", "name": "DSA-4415", "url": "https://www.debian.org/security/2019/dsa-4415" + }, + { + "refsource": "BUGTRAQ", + "name": "20190324 [SECURITY] [DSA 4415-1] passenger security update", + "url": "https://seclists.org/bugtraq/2019/Mar/34" } ] } diff --git a/2017/18xxx/CVE-2017-18214.json b/2017/18xxx/CVE-2017-18214.json index 05e6fa2e629..e30120ce365 100644 --- a/2017/18xxx/CVE-2017-18214.json +++ b/2017/18xxx/CVE-2017-18214.json @@ -61,6 +61,11 @@ "name": "https://nodesecurity.io/advisories/532", "refsource": "CONFIRM", "url": "https://nodesecurity.io/advisories/532" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-02", + "url": "https://www.tenable.com/security/tns-2019-02" } ] } diff --git a/2017/18xxx/CVE-2017-18364.json b/2017/18xxx/CVE-2017-18364.json new file mode 100644 index 00000000000..c9d36249a82 --- /dev/null +++ b/2017/18xxx/CVE-2017-18364.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.netsparker.com/web-applications-advisories/ns-17-030-multiple-reflected-xss-vulnerabilities-in-phpfkl-lite/", + "refsource": "MISC", + "name": "https://www.netsparker.com/web-applications-advisories/ns-17-030-multiple-reflected-xss-vulnerabilities-in-phpfkl-lite/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18365.json b/2017/18xxx/CVE-2017-18365.json new file mode 100644 index 00000000000..06ec36eb831 --- /dev/null +++ b/2017/18xxx/CVE-2017-18365.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html", + "refsource": "MISC", + "name": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html" + }, + { + "url": "https://enterprise.github.com/releases/2.8.7/notes", + "refsource": "MISC", + "name": "https://enterprise.github.com/releases/2.8.7/notes" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2660.json b/2017/2xxx/CVE-2017-2660.json index 8458be1d939..cfed51a101e 100644 --- a/2017/2xxx/CVE-2017-2660.json +++ b/2017/2xxx/CVE-2017-2660.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2660", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2660", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None." } ] } diff --git a/2017/2xxx/CVE-2017-2748.json b/2017/2xxx/CVE-2017-2748.json index bdc1f41c050..ed2a9b7abca 100644 --- a/2017/2xxx/CVE-2017-2748.json +++ b/2017/2xxx/CVE-2017-2748.json @@ -1,17 +1,79 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2748", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2748", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Isaac Mizrahi", + "product": { + "product_data": [ + { + "product_name": "Isaac Mizrahi Smartwatch Mobile App", + "version": { + "version_data": [ + { + "version_value": "Isaac Mizrahi iOS app versions 1.0.2.10" + }, + { + "version_value": "1.2.2.12" + }, + { + "version_value": "1.3.7" + }, + { + "version_value": "and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214" + }, + { + "version_value": "1.2.2016040820" + }, + { + "version_value": "1.3.2016052319" + }, + { + "version_value": "1.4.2016072601" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure HTTP during login." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hp.com/us-en/document/c05976868", + "url": "https://support.hp.com/us-en/document/c05976868" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue." } ] } diff --git a/2017/2xxx/CVE-2017-2752.json b/2017/2xxx/CVE-2017-2752.json index 99be302edc3..154740068a3 100644 --- a/2017/2xxx/CVE-2017-2752.json +++ b/2017/2xxx/CVE-2017-2752.json @@ -1,17 +1,70 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2752", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2752", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tommy Hilfiger", + "product": { + "product_data": [ + { + "product_name": "Tommy Hilfiger TH24/7 Android app", + "version": { + "version_data": [ + { + "version_value": "Tommy Hilfiger TH24/7 Android app versions 2.0.0.11" + }, + { + "version_value": "2.0.1.14" + }, + { + "version_value": "2.1.0.16" + }, + { + "version_value": "and 2.2.0.19." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure of application configuration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hp.com/us-en/document/c05904705", + "url": "https://support.hp.com/us-en/document/c05904705" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue." } ] } diff --git a/2017/3xxx/CVE-2017-3164.json b/2017/3xxx/CVE-2017-3164.json index f89a47d373f..b434005c248 100644 --- a/2017/3xxx/CVE-2017-3164.json +++ b/2017/3xxx/CVE-2017-3164.json @@ -62,6 +62,21 @@ "name": "[www-announce] 20190212 [SECURITY] CVE-2017-3164 SSRF issue in Apache Solr", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Commented] (SOLR-12770) [CVE-2017-3164] Make it possible to configure a shards whitelist for master/slave", + "url": "https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190327 [jira] [Commented] (SOLR-12770) [CVE-2017-3164] Make it possible to configure a shards whitelist for master/slave", + "url": "https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0003/" } ] } diff --git a/2017/5xxx/CVE-2017-5647.json b/2017/5xxx/CVE-2017-5647.json index 493148a6f04..acb47a19088 100644 --- a/2017/5xxx/CVE-2017-5647.json +++ b/2017/5xxx/CVE-2017-5647.json @@ -153,6 +153,26 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5648.json b/2017/5xxx/CVE-2017-5648.json index aaadb8a2ffd..b34f17e7e87 100644 --- a/2017/5xxx/CVE-2017-5648.json +++ b/2017/5xxx/CVE-2017-5648.json @@ -115,6 +115,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5650.json b/2017/5xxx/CVE-2017-5650.json index 53fe9dca8de..a95412e65dc 100644 --- a/2017/5xxx/CVE-2017-5650.json +++ b/2017/5xxx/CVE-2017-5650.json @@ -94,6 +94,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5651.json b/2017/5xxx/CVE-2017-5651.json index 239c79df3af..fb3e605d846 100644 --- a/2017/5xxx/CVE-2017-5651.json +++ b/2017/5xxx/CVE-2017-5651.json @@ -99,6 +99,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5664.json b/2017/5xxx/CVE-2017-5664.json index 5e6f982c1c8..b772402c3a8 100644 --- a/2017/5xxx/CVE-2017-5664.json +++ b/2017/5xxx/CVE-2017-5664.json @@ -180,6 +180,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5753.json b/2017/5xxx/CVE-2017-5753.json index bc596d179d7..2f352de5746 100644 --- a/2017/5xxx/CVE-2017-5753.json +++ b/2017/5xxx/CVE-2017-5753.json @@ -352,6 +352,11 @@ "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2017/7xxx/CVE-2017-7340.json b/2017/7xxx/CVE-2017-7340.json index 81e25fd3e1a..ae28429412d 100644 --- a/2017/7xxx/CVE-2017-7340.json +++ b/2017/7xxx/CVE-2017-7340.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-7340", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7340", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "4.0.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-17-114", + "url": "https://fortiguard.com/psirt/FG-IR-17-114" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality." } ] } diff --git a/2017/7xxx/CVE-2017-7342.json b/2017/7xxx/CVE-2017-7342.json index c957304f796..c718ce3f279 100644 --- a/2017/7xxx/CVE-2017-7342.json +++ b/2017/7xxx/CVE-2017-7342.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-7342", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7342", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet, Inc.", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal versions 4.0.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-17-114", + "url": "https://fortiguard.com/psirt/FG-IR-17-114" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button" } ] } diff --git a/2017/7xxx/CVE-2017-7482.json b/2017/7xxx/CVE-2017-7482.json index 94151ae1bde..af083d6957e 100644 --- a/2017/7xxx/CVE-2017-7482.json +++ b/2017/7xxx/CVE-2017-7482.json @@ -96,6 +96,11 @@ "name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2017/q2/602" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0641", + "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ] } diff --git a/2017/7xxx/CVE-2017-7510.json b/2017/7xxx/CVE-2017-7510.json index eebd7e1edef..a1ccb640ad9 100644 --- a/2017/7xxx/CVE-2017-7510.json +++ b/2017/7xxx/CVE-2017-7510.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-7510", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7510", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "RHV", + "version": { + "version_data": [ + { + "version_value": "4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface." } ] } diff --git a/2017/7xxx/CVE-2017-7525.json b/2017/7xxx/CVE-2017-7525.json index 121ea3cd11b..0643cc7c0ea 100644 --- a/2017/7xxx/CVE-2017-7525.json +++ b/2017/7xxx/CVE-2017-7525.json @@ -248,6 +248,26 @@ "name": "RHSA-2017:2633", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2633" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", + "url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", + "url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", + "url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", + "url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7655.json b/2017/7xxx/CVE-2017-7655.json index 2435cc6b135..787ba9ed611 100644 --- a/2017/7xxx/CVE-2017-7655.json +++ b/2017/7xxx/CVE-2017-7655.json @@ -1,8 +1,36 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@eclipse.org", "ID": "CVE-2017-7655", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse Mosquitto", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.0" + }, + { + "version_affected": "<=", + "version_value": "1.4.15" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +39,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775" } ] } diff --git a/2017/7xxx/CVE-2017-7674.json b/2017/7xxx/CVE-2017-7674.json index 2c269e512ef..753ba97be36 100644 --- a/2017/7xxx/CVE-2017-7674.json +++ b/2017/7xxx/CVE-2017-7674.json @@ -121,6 +121,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7675.json b/2017/7xxx/CVE-2017-7675.json index 38ae65eb0f3..d9df5a4560d 100644 --- a/2017/7xxx/CVE-2017-7675.json +++ b/2017/7xxx/CVE-2017-7675.json @@ -85,6 +85,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/9xxx/CVE-2017-9233.json b/2017/9xxx/CVE-2017-9233.json index a48cbac6516..536338f4225 100644 --- a/2017/9xxx/CVE-2017-9233.json +++ b/2017/9xxx/CVE-2017-9233.json @@ -101,6 +101,11 @@ "name": "[oss-security] 20170618 Expat 2.2.1 security fixes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K03244804", + "url": "https://support.f5.com/csp/article/K03244804" } ] } diff --git a/2017/9xxx/CVE-2017-9344.json b/2017/9xxx/CVE-2017-9344.json index bdfc41156f0..664661b5f26 100644 --- a/2017/9xxx/CVE-2017-9344.json +++ b/2017/9xxx/CVE-2017-9344.json @@ -81,6 +81,11 @@ "name": "98796", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98796" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1729-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html" } ] } diff --git a/2017/9xxx/CVE-2017-9349.json b/2017/9xxx/CVE-2017-9349.json index 802470a24d5..e12abff62f3 100644 --- a/2017/9xxx/CVE-2017-9349.json +++ b/2017/9xxx/CVE-2017-9349.json @@ -81,6 +81,11 @@ "name": "1038612", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038612" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1729-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html" } ] } diff --git a/2017/9xxx/CVE-2017-9362.json b/2017/9xxx/CVE-2017-9362.json index ce3e0c5b5bb..d2231a36ed3 100644 --- a/2017/9xxx/CVE-2017-9362.json +++ b/2017/9xxx/CVE-2017-9362.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9362", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.integrity.pt/advisories/cve-2017-9362", + "url": "https://labs.integrity.pt/advisories/cve-2017-9362" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9376.json b/2017/9xxx/CVE-2017-9376.json index 6447d8497eb..d71928b944a 100644 --- a/2017/9xxx/CVE-2017-9376.json +++ b/2017/9xxx/CVE-2017-9376.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9376", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.integrity.pt/advisories/cve-2017-9376/", + "url": "https://labs.integrity.pt/advisories/cve-2017-9376/" + }, + { + "refsource": "BID", + "name": "107558", + "url": "http://www.securityfocus.com/bid/107558" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9626.json b/2017/9xxx/CVE-2017-9626.json index 6d2711ce0a2..7289578801c 100644 --- a/2017/9xxx/CVE-2017-9626.json +++ b/2017/9xxx/CVE-2017-9626.json @@ -1,17 +1,79 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-9626", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-9626", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Marel", + "product": { + "product_data": [ + { + "product_name": "Marel Food Processing Systems Pluto platform", + "version": { + "version_data": [ + { + "version_value": "Graders using Pluto platform" + }, + { + "version_value": "Portioning Machines using Pluto platform" + }, + { + "version_value": "Flowline systems using Pluto platform" + }, + { + "version_value": "Packing systems using Pluto platform" + }, + { + "version_value": "SensorX machines using Pluto platform" + }, + { + "version_value": "Target Batchers using Pluto platform" + }, + { + "version_value": "and SpeedBatchers using Pluto platform" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication." } ] } diff --git a/2018/1000xxx/CVE-2018-1000061.json b/2018/1000xxx/CVE-2018-1000061.json index 4c363c9fe80..372796bdca8 100644 --- a/2018/1000xxx/CVE-2018-1000061.json +++ b/2018/1000xxx/CVE-2018-1000061.json @@ -1,63 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_ASSIGNED": "2/7/2018 9:24:38", - "ID": "CVE-2018-1000061", - "REQUESTER": "paul.sokolovsky+cve@linaro.org", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000061", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/ARMmbed/mbedtls/issues/1356", - "refsource": "CONFIRM", - "url": "https://github.com/ARMmbed/mbedtls/issues/1356" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2018/1000xxx/CVE-2018-1000222.json b/2018/1000xxx/CVE-2018-1000222.json index 66eaa137edc..de0c487097a 100644 --- a/2018/1000xxx/CVE-2018-1000222.json +++ b/2018/1000xxx/CVE-2018-1000222.json @@ -69,6 +69,11 @@ "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-18", + "url": "https://security.gentoo.org/glsa/201903-18" } ] } diff --git a/2018/1000xxx/CVE-2018-1000877.json b/2018/1000xxx/CVE-2018-1000877.json index ef1e1b893aa..4505eb01cf9 100644 --- a/2018/1000xxx/CVE-2018-1000877.json +++ b/2018/1000xxx/CVE-2018-1000877.json @@ -89,6 +89,11 @@ "name": "106324", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106324" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-0233ec0ff3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/" } ] } diff --git a/2018/1000xxx/CVE-2018-1000878.json b/2018/1000xxx/CVE-2018-1000878.json index 1c5175c956b..03e321aae2e 100644 --- a/2018/1000xxx/CVE-2018-1000878.json +++ b/2018/1000xxx/CVE-2018-1000878.json @@ -89,6 +89,11 @@ "name": "https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28", "refsource": "MISC", "url": "https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-0233ec0ff3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/" } ] } diff --git a/2018/1000xxx/CVE-2018-1000879.json b/2018/1000xxx/CVE-2018-1000879.json index 65ece8ce6c5..988f7a1447c 100644 --- a/2018/1000xxx/CVE-2018-1000879.json +++ b/2018/1000xxx/CVE-2018-1000879.json @@ -74,6 +74,11 @@ "name": "106324", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106324" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-0233ec0ff3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/" } ] } diff --git a/2018/1000xxx/CVE-2018-1000880.json b/2018/1000xxx/CVE-2018-1000880.json index b9cbba9515e..c309c485afa 100644 --- a/2018/1000xxx/CVE-2018-1000880.json +++ b/2018/1000xxx/CVE-2018-1000880.json @@ -84,6 +84,11 @@ "name": "106324", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106324" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-0233ec0ff3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/" } ] } diff --git a/2018/10xxx/CVE-2018-10902.json b/2018/10xxx/CVE-2018-10902.json index 644ac9391b9..e01e3f042a3 100644 --- a/2018/10xxx/CVE-2018-10902.json +++ b/2018/10xxx/CVE-2018-10902.json @@ -141,6 +141,11 @@ "name": "105119", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105119" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0641", + "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ] } diff --git a/2018/10xxx/CVE-2018-10916.json b/2018/10xxx/CVE-2018-10916.json index 2eb54222567..1f0a39eca1d 100644 --- a/2018/10xxx/CVE-2018-10916.json +++ b/2018/10xxx/CVE-2018-10916.json @@ -81,6 +81,11 @@ "name": "https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992", "refsource": "CONFIRM", "url": "https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00036.html" } ] } diff --git a/2018/10xxx/CVE-2018-10929.json b/2018/10xxx/CVE-2018-10929.json index bf7655fd7a3..40bf13c6cea 100644 --- a/2018/10xxx/CVE-2018-10929.json +++ b/2018/10xxx/CVE-2018-10929.json @@ -86,6 +86,11 @@ "name": "RHSA-2018:3470", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3470" + }, + { + "refsource": "BID", + "name": "107577", + "url": "http://www.securityfocus.com/bid/107577" } ] } diff --git a/2018/10xxx/CVE-2018-10934.json b/2018/10xxx/CVE-2018-10934.json index ee7fe1a5100..3dfa8786169 100644 --- a/2018/10xxx/CVE-2018-10934.json +++ b/2018/10xxx/CVE-2018-10934.json @@ -1,18 +1,75 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-10934", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-10934", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "wildfly-core", + "version": { + "version_data": [ + { + "version_value": "7.1.6.CR1" + }, + { + "version_value": "7.1.6.GA" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11212.json b/2018/11xxx/CVE-2018-11212.json index 63f8f1bf1a0..966688bdd56 100644 --- a/2018/11xxx/CVE-2018-11212.json +++ b/2018/11xxx/CVE-2018-11212.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:0346", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0640", + "url": "https://access.redhat.com/errata/RHSA-2019:0640" } ] } diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index aab14367605..12bc7c0e32a 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/11xxx/CVE-2018-11775.json b/2018/11xxx/CVE-2018-11775.json index e6f09d39b25..658b743299e 100644 --- a/2018/11xxx/CVE-2018-11775.json +++ b/2018/11xxx/CVE-2018-11775.json @@ -72,6 +72,21 @@ "name": "http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt", "refsource": "CONFIRM", "url": "http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories", + "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-dev] 20190327 Re: Website", + "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2018/11xxx/CVE-2018-11784.json b/2018/11xxx/CVE-2018-11784.json index 3c57a46aa03..3f0f360e35d 100644 --- a/2018/11xxx/CVE-2018-11784.json +++ b/2018/11xxx/CVE-2018-11784.json @@ -118,6 +118,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/12xxx/CVE-2018-12015.json b/2018/12xxx/CVE-2018-12015.json index b58d5f52fa2..365b9d21778 100644 --- a/2018/12xxx/CVE-2018-12015.json +++ b/2018/12xxx/CVE-2018-12015.json @@ -86,6 +86,21 @@ "name": "USN-3684-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3684-2/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT209600", + "url": "https://support.apple.com/kb/HT209600" + }, + { + "refsource": "BUGTRAQ", + "name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", + "url": "https://seclists.org/bugtraq/2019/Mar/42" + }, + { + "refsource": "FULLDISC", + "name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", + "url": "http://seclists.org/fulldisclosure/2019/Mar/49" } ] } diff --git a/2018/12xxx/CVE-2018-12178.json b/2018/12xxx/CVE-2018-12178.json index 97b83456cfb..31c05a718ea 100644 --- a/2018/12xxx/CVE-2018-12178.json +++ b/2018/12xxx/CVE-2018-12178.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12178", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12178", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network." } ] } diff --git a/2018/12xxx/CVE-2018-12179.json b/2018/12xxx/CVE-2018-12179.json index 72c1118eced..ce75c35f75e 100644 --- a/2018/12xxx/CVE-2018-12179.json +++ b/2018/12xxx/CVE-2018-12179.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12179", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12179", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Information Disclosure and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access." } ] } diff --git a/2018/12xxx/CVE-2018-12180.json b/2018/12xxx/CVE-2018-12180.json index 4c64666238a..6d5adcfc173 100644 --- a/2018/12xxx/CVE-2018-12180.json +++ b/2018/12xxx/CVE-2018-12180.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12180", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12180", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Information Disclosure and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access." } ] } diff --git a/2018/12xxx/CVE-2018-12181.json b/2018/12xxx/CVE-2018-12181.json index 90f3ca18a38..b67fa56dcc3 100644 --- a/2018/12xxx/CVE-2018-12181.json +++ b/2018/12xxx/CVE-2018-12181.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12181", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12181", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access." } ] } diff --git a/2018/12xxx/CVE-2018-12182.json b/2018/12xxx/CVE-2018-12182.json index 3eee6694b39..1b5a946ccdd 100644 --- a/2018/12xxx/CVE-2018-12182.json +++ b/2018/12xxx/CVE-2018-12182.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12182", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12182", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Information Disclosure and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access." } ] } diff --git a/2018/12xxx/CVE-2018-12183.json b/2018/12xxx/CVE-2018-12183.json index 743d09e374c..27ddf1739e0 100644 --- a/2018/12xxx/CVE-2018-12183.json +++ b/2018/12xxx/CVE-2018-12183.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12183", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12183", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Information Disclosure and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access." } ] } diff --git a/2018/12xxx/CVE-2018-12545.json b/2018/12xxx/CVE-2018-12545.json index bf78aefac56..b03c753aa99 100644 --- a/2018/12xxx/CVE-2018-12545.json +++ b/2018/12xxx/CVE-2018-12545.json @@ -1,8 +1,36 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12545", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse Jetty", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "9.3.0" + }, + { + "version_affected": "<", + "version_value": "9.4.12" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +39,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096" } ] } diff --git a/2018/12xxx/CVE-2018-12546.json b/2018/12xxx/CVE-2018-12546.json index e4f307cc250..438b70164c5 100644 --- a/2018/12xxx/CVE-2018-12546.json +++ b/2018/12xxx/CVE-2018-12546.json @@ -1,8 +1,36 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12546", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse Mosquitto", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.0" + }, + { + "version_affected": "<=", + "version_value": "1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +39,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543127", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543127" } ] } diff --git a/2018/12xxx/CVE-2018-12547.json b/2018/12xxx/CVE-2018-12547.json index 0c5004dd79a..430265f6173 100644 --- a/2018/12xxx/CVE-2018-12547.json +++ b/2018/12xxx/CVE-2018-12547.json @@ -77,6 +77,11 @@ "name": "RHSA-2019:0472", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0472" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0640", + "url": "https://access.redhat.com/errata/RHSA-2019:0640" } ] } diff --git a/2018/12xxx/CVE-2018-12549.json b/2018/12xxx/CVE-2018-12549.json index 58a9c654bbc..8df8e0ca682 100644 --- a/2018/12xxx/CVE-2018-12549.json +++ b/2018/12xxx/CVE-2018-12549.json @@ -67,6 +67,11 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0640", + "url": "https://access.redhat.com/errata/RHSA-2019:0640" } ] } diff --git a/2018/12xxx/CVE-2018-12550.json b/2018/12xxx/CVE-2018-12550.json index 6b1c6f639db..2afb695d86c 100644 --- a/2018/12xxx/CVE-2018-12550.json +++ b/2018/12xxx/CVE-2018-12550.json @@ -1,8 +1,36 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12550", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse Mosquitto", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.0" + }, + { + "version_affected": "<=", + "version_value": "1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +39,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-440: Expected Behavior Violation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=541870", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=541870" } ] } diff --git a/2018/12xxx/CVE-2018-12551.json b/2018/12xxx/CVE-2018-12551.json index cb32a314ce5..58fccb2a5c1 100644 --- a/2018/12xxx/CVE-2018-12551.json +++ b/2018/12xxx/CVE-2018-12551.json @@ -1,8 +1,36 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12551", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse Mosquitto", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.0" + }, + { + "version_affected": "<=", + "version_value": "1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +39,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703: Improper Check or Handling of Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401" } ] } diff --git a/2018/12xxx/CVE-2018-12652.json b/2018/12xxx/CVE-2018-12652.json index 53401cdc5db..dc4a84531e4 100644 --- a/2018/12xxx/CVE-2018-12652.json +++ b/2018/12xxx/CVE-2018-12652.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12652", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.knowcybersec.com/2019/02/CVE-2018-12652-reflected-XSS.html", + "url": "https://www.knowcybersec.com/2019/02/CVE-2018-12652-reflected-XSS.html" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12653.json b/2018/12xxx/CVE-2018-12653.json index ee4ad9f91de..f203d91ec14 100644 --- a/2018/12xxx/CVE-2018-12653.json +++ b/2018/12xxx/CVE-2018-12653.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12653", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the RPT/SSRSDynamicEditReports.aspx ReportId parameter." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.knowcybersec.com/2019/02/CVE-2018-12653-reflected-XSS.html", + "url": "https://www.knowcybersec.com/2019/02/CVE-2018-12653-reflected-XSS.html" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12896.json b/2018/12xxx/CVE-2018-12896.json index 35e7e603575..419d1e8f59b 100644 --- a/2018/12xxx/CVE-2018-12896.json +++ b/2018/12xxx/CVE-2018-12896.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/12xxx/CVE-2018-12929.json b/2018/12xxx/CVE-2018-12929.json index a355cce6223..38e96cb8d51 100644 --- a/2018/12xxx/CVE-2018-12929.json +++ b/2018/12xxx/CVE-2018-12929.json @@ -66,6 +66,11 @@ "name": "104588", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104588" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0641", + "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ] } diff --git a/2018/12xxx/CVE-2018-12930.json b/2018/12xxx/CVE-2018-12930.json index 96b43805708..ad4144548a9 100644 --- a/2018/12xxx/CVE-2018-12930.json +++ b/2018/12xxx/CVE-2018-12930.json @@ -66,6 +66,11 @@ "name": "104588", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104588" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0641", + "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ] } diff --git a/2018/12xxx/CVE-2018-12931.json b/2018/12xxx/CVE-2018-12931.json index 3bb7ebde6e1..32a5bc818d4 100644 --- a/2018/12xxx/CVE-2018-12931.json +++ b/2018/12xxx/CVE-2018-12931.json @@ -66,6 +66,11 @@ "name": "104588", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104588" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0641", + "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ] } diff --git a/2018/13xxx/CVE-2018-13053.json b/2018/13xxx/CVE-2018-13053.json index 2b068d6534c..7a375646611 100644 --- a/2018/13xxx/CVE-2018-13053.json +++ b/2018/13xxx/CVE-2018-13053.json @@ -81,6 +81,11 @@ "name": "104671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104671" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/14xxx/CVE-2018-14038.json b/2018/14xxx/CVE-2018-14038.json index 181208c4c26..60bc04c2e4d 100644 --- a/2018/14xxx/CVE-2018-14038.json +++ b/2018/14xxx/CVE-2018-14038.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-14038", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-14038", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23405", - "refsource": "MISC", - "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23405" - }, - { - "name": "http://git.hunter-ht.cn/zhanggen/objcopy_crash_input_1", - "refsource": "MISC", - "url": "http://git.hunter-ht.cn/zhanggen/objcopy_crash_input_1" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7642. Reason: This candidate is a reservation duplicate of CVE-2018-7642. Notes: All CVE users should reference CVE-2018-7642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2018/14xxx/CVE-2018-14522.json b/2018/14xxx/CVE-2018-14522.json index 905dd60fb77..e610d335663 100644 --- a/2018/14xxx/CVE-2018-14522.json +++ b/2018/14xxx/CVE-2018-14522.json @@ -56,6 +56,11 @@ "name": "https://github.com/aubio/aubio/issues/188", "refsource": "MISC", "url": "https://github.com/aubio/aubio/issues/188" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1049", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html" } ] } diff --git a/2018/14xxx/CVE-2018-14523.json b/2018/14xxx/CVE-2018-14523.json index 7d6b06abb03..f58ac3dd5a7 100644 --- a/2018/14xxx/CVE-2018-14523.json +++ b/2018/14xxx/CVE-2018-14523.json @@ -56,6 +56,11 @@ "name": "https://github.com/aubio/aubio/issues/189", "refsource": "MISC", "url": "https://github.com/aubio/aubio/issues/189" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1049", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html" } ] } diff --git a/2018/14xxx/CVE-2018-14679.json b/2018/14xxx/CVE-2018-14679.json index 9654b77551a..d2268beb560 100644 --- a/2018/14xxx/CVE-2018-14679.json +++ b/2018/14xxx/CVE-2018-14679.json @@ -111,6 +111,11 @@ "name": "RHSA-2018:3327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3327" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-20", + "url": "https://security.gentoo.org/glsa/201903-20" } ] } diff --git a/2018/14xxx/CVE-2018-14680.json b/2018/14xxx/CVE-2018-14680.json index 6df4057a267..047cf8adce1 100644 --- a/2018/14xxx/CVE-2018-14680.json +++ b/2018/14xxx/CVE-2018-14680.json @@ -111,6 +111,11 @@ "name": "RHSA-2018:3327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3327" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-20", + "url": "https://security.gentoo.org/glsa/201903-20" } ] } diff --git a/2018/14xxx/CVE-2018-14681.json b/2018/14xxx/CVE-2018-14681.json index 9358b3809d7..7a95d9c766f 100644 --- a/2018/14xxx/CVE-2018-14681.json +++ b/2018/14xxx/CVE-2018-14681.json @@ -111,6 +111,11 @@ "name": "RHSA-2018:3327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3327" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-20", + "url": "https://security.gentoo.org/glsa/201903-20" } ] } diff --git a/2018/14xxx/CVE-2018-14682.json b/2018/14xxx/CVE-2018-14682.json index bd3f7abd1bd..4aec569fb64 100644 --- a/2018/14xxx/CVE-2018-14682.json +++ b/2018/14xxx/CVE-2018-14682.json @@ -111,6 +111,11 @@ "name": "RHSA-2018:3327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3327" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-20", + "url": "https://security.gentoo.org/glsa/201903-20" } ] } diff --git a/2018/14xxx/CVE-2018-14718.json b/2018/14xxx/CVE-2018-14718.json index 495ca2bb0b1..62ce0c343d7 100644 --- a/2018/14xxx/CVE-2018-14718.json +++ b/2018/14xxx/CVE-2018-14718.json @@ -76,6 +76,16 @@ "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" } ] } diff --git a/2018/14xxx/CVE-2018-14720.json b/2018/14xxx/CVE-2018-14720.json index 008a6851c80..8ebb3e3121c 100644 --- a/2018/14xxx/CVE-2018-14720.json +++ b/2018/14xxx/CVE-2018-14720.json @@ -76,6 +76,16 @@ "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", + "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E" } ] } diff --git a/2018/14xxx/CVE-2018-14814.json b/2018/14xxx/CVE-2018-14814.json index da4234a3a20..d4539e591b6 100644 --- a/2018/14xxx/CVE-2018-14814.json +++ b/2018/14xxx/CVE-2018-14814.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-14814", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-14814", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WECON", + "product": { + "product_data": [ + { + "product_name": "WECON Technology PI Studio HMI", + "version": { + "version_data": [ + { + "version_value": "PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object." } ] } diff --git a/2018/15xxx/CVE-2018-15583.json b/2018/15xxx/CVE-2018-15583.json index 2668a90fc45..20b13ad8af2 100644 --- a/2018/15xxx/CVE-2018-15583.json +++ b/2018/15xxx/CVE-2018-15583.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15583", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69", + "url": "https://github.com/gnuboard/gnuboard5/commits/master?after=831219e2c233b2d721a049b7aeb054936d000dc2+69" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc", + "url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-6e31fc60ba119c0f830f8a22fe1925dc" } ] } diff --git a/2018/15xxx/CVE-2018-15585.json b/2018/15xxx/CVE-2018-15585.json index fb7bc95cc67..11f375bb68d 100644 --- a/2018/15xxx/CVE-2018-15585.json +++ b/2018/15xxx/CVE-2018-15585.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15585", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php", + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinform.php" + }, + { + "url": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php", + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/blob/b1fc952c7600b825c4b02e2789ddafdea18c8d13/adm/newwinformupdate.php" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13", + "url": "https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13" } ] } diff --git a/2018/15xxx/CVE-2018-15813.json b/2018/15xxx/CVE-2018-15813.json index 64f69ab0b9a..840d4515f76 100644 --- a/2018/15xxx/CVE-2018-15813.json +++ b/2018/15xxx/CVE-2018-15813.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15813", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html", + "refsource": "MISC", + "name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html" } ] } diff --git a/2018/15xxx/CVE-2018-15814.json b/2018/15xxx/CVE-2018-15814.json index 7371303a775..b5353deae55 100644 --- a/2018/15xxx/CVE-2018-15814.json +++ b/2018/15xxx/CVE-2018-15814.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15814", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html", + "refsource": "MISC", + "name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html" } ] } diff --git a/2018/15xxx/CVE-2018-15815.json b/2018/15xxx/CVE-2018-15815.json index a95b7678f01..7777ade862d 100644 --- a/2018/15xxx/CVE-2018-15815.json +++ b/2018/15xxx/CVE-2018-15815.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15815", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html", + "refsource": "MISC", + "name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html" } ] } diff --git a/2018/15xxx/CVE-2018-15816.json b/2018/15xxx/CVE-2018-15816.json index 019b986ce04..d7718859fd0 100644 --- a/2018/15xxx/CVE-2018-15816.json +++ b/2018/15xxx/CVE-2018-15816.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15816", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html", + "refsource": "MISC", + "name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html" } ] } diff --git a/2018/15xxx/CVE-2018-15817.json b/2018/15xxx/CVE-2018-15817.json index 184a442ea74..75394295b12 100644 --- a/2018/15xxx/CVE-2018-15817.json +++ b/2018/15xxx/CVE-2018-15817.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15817", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html", + "refsource": "MISC", + "name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html" } ] } diff --git a/2018/16xxx/CVE-2018-16207.json b/2018/16xxx/CVE-2018-16207.json index a506326d068..323a3929919 100644 --- a/2018/16xxx/CVE-2018-16207.json +++ b/2018/16xxx/CVE-2018-16207.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16207", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.oss.omron.co.jp/ups/info/topics/190326.html", + "refsource": "MISC", + "name": "https://www.oss.omron.co.jp/ups/info/topics/190326.html" + }, + { + "url": "https://www.oss.omron.co.jp/ups/support/download/soft/poweractpro/master/poweractpro_master_windows.html", + "refsource": "MISC", + "name": "https://www.oss.omron.co.jp/ups/support/download/soft/poweractpro/master/poweractpro_master_windows.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN63981842/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN63981842/index.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "Version 5.13 and earlier" + } + ] + }, + "product_name": "PowerAct Pro Master Agent for Windows" + } + ] + }, + "vendor_name": "OMRON SOCIAL SOLUTIONS Co.,Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2018-16207", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] } ] } diff --git a/2018/16xxx/CVE-2018-16529.json b/2018/16xxx/CVE-2018-16529.json index a99a08a85bb..3026ebe2e4c 100644 --- a/2018/16xxx/CVE-2018-16529.json +++ b/2018/16xxx/CVE-2018-16529.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16529", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16529", + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Forcepoint", + "product": { + "product_data": [ + { + "product_name": "Forcepoint Email Security", + "version": { + "version_data": [ + { + "version_value": "8.5.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.forcepoint.com/KBArticle?id=000016655", + "url": "https://support.forcepoint.com/KBArticle?id=000016655" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2018/Nov/23", + "url": "https://seclists.org/fulldisclosure/2018/Nov/23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password." } ] } diff --git a/2018/16xxx/CVE-2018-16597.json b/2018/16xxx/CVE-2018-16597.json index e5f0a46641a..a4677147289 100644 --- a/2018/16xxx/CVE-2018-16597.json +++ b/2018/16xxx/CVE-2018-16597.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." + "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." } ] }, @@ -71,6 +71,16 @@ "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K22691834", + "url": "https://support.f5.com/csp/article/K22691834" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:3202", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html" } ] } diff --git a/2018/16xxx/CVE-2018-16838.json b/2018/16xxx/CVE-2018-16838.json index dc055280cce..ed38819992e 100644 --- a/2018/16xxx/CVE-2018-16838.json +++ b/2018/16xxx/CVE-2018-16838.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16838", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16838", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "sssd", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16856.json b/2018/16xxx/CVE-2018-16856.json index f0972bf8aa7..f4ce7959a17 100644 --- a/2018/16xxx/CVE-2018-16856.json +++ b/2018/16xxx/CVE-2018-16856.json @@ -1,18 +1,75 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16856", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16856", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "openstack-octavia", + "version": { + "version_data": [ + { + "version_value": "2.0.2-5" + }, + { + "version_value": "openstack-octavia-3.0.1-0.20181009115732" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16858.json b/2018/16xxx/CVE-2018-16858.json index b8728f80512..a10dba6a3b5 100644 --- a/2018/16xxx/CVE-2018-16858.json +++ b/2018/16xxx/CVE-2018-16858.json @@ -1,18 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16858", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16858", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "libreoffice", + "version": { + "version_data": [ + { + "version_value": "6.0.7" + }, + { + "version_value": "6.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-356" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/", + "refsource": "MISC", + "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16862.json b/2018/16xxx/CVE-2018-16862.json index 30275ba9ce7..b0c70bb4348 100644 --- a/2018/16xxx/CVE-2018-16862.json +++ b/2018/16xxx/CVE-2018-16862.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/16xxx/CVE-2018-16867.json b/2018/16xxx/CVE-2018-16867.json index 5138ada40ab..d3b3db8f32e 100644 --- a/2018/16xxx/CVE-2018-16867.json +++ b/2018/16xxx/CVE-2018-16867.json @@ -76,6 +76,16 @@ "name": "[oss-security] 20181206 CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)", "refsource": "MLIST", "url": "https://www.openwall.com/lists/oss-security/2018/12/06/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-88a98ce795", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16872.json b/2018/16xxx/CVE-2018-16872.json index 119463a417c..2846d22f335 100644 --- a/2018/16xxx/CVE-2018-16872.json +++ b/2018/16xxx/CVE-2018-16872.json @@ -76,6 +76,16 @@ "name": "106212", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106212" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-88a98ce795", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16884.json b/2018/16xxx/CVE-2018-16884.json index 98425a45fc9..bdc31ab5321 100644 --- a/2018/16xxx/CVE-2018-16884.json +++ b/2018/16xxx/CVE-2018-16884.json @@ -81,6 +81,11 @@ "name": "https://patchwork.kernel.org/cover/10733767/", "refsource": "CONFIRM", "url": "https://patchwork.kernel.org/cover/10733767/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/17xxx/CVE-2018-17057.json b/2018/17xxx/CVE-2018-17057.json index 5d27f9746ad..6b18969c89a 100644 --- a/2018/17xxx/CVE-2018-17057.json +++ b/2018/17xxx/CVE-2018-17057.json @@ -61,6 +61,11 @@ "refsource": "FULLDISC", "name": "20190322 CVE-2018-17057: phar deserialization in TCPDF might lead to RCE", "url": "http://seclists.org/fulldisclosure/2019/Mar/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html" } ] } diff --git a/2018/17xxx/CVE-2018-17075.json b/2018/17xxx/CVE-2018-17075.json index a67a8272b39..76185240261 100644 --- a/2018/17xxx/CVE-2018-17075.json +++ b/2018/17xxx/CVE-2018-17075.json @@ -66,6 +66,16 @@ "name": "https://github.com/golang/go/issues/27016", "refsource": "MISC", "url": "https://github.com/golang/go/issues/27016" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07d447a1d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07e8e806e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/" } ] } diff --git a/2018/17xxx/CVE-2018-17142.json b/2018/17xxx/CVE-2018-17142.json index ef52c15b804..33409ae4754 100644 --- a/2018/17xxx/CVE-2018-17142.json +++ b/2018/17xxx/CVE-2018-17142.json @@ -56,6 +56,16 @@ "name": "https://github.com/golang/go/issues/27702", "refsource": "MISC", "url": "https://github.com/golang/go/issues/27702" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07d447a1d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07e8e806e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/" } ] } diff --git a/2018/17xxx/CVE-2018-17143.json b/2018/17xxx/CVE-2018-17143.json index 37b25d7298a..c8dca2d5c70 100644 --- a/2018/17xxx/CVE-2018-17143.json +++ b/2018/17xxx/CVE-2018-17143.json @@ -61,6 +61,16 @@ "name": "https://github.com/golang/go/issues/27704", "refsource": "MISC", "url": "https://github.com/golang/go/issues/27704" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07d447a1d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07e8e806e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/" } ] } diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index 447c9d63c1a..f421317a02c 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -77,6 +77,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-133a8a7cb5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-21", + "url": "https://security.gentoo.org/glsa/201903-21" } ] } diff --git a/2018/17xxx/CVE-2018-17190.json b/2018/17xxx/CVE-2018-17190.json index 2b1b0d0697d..5aaed3dc766 100644 --- a/2018/17xxx/CVE-2018-17190.json +++ b/2018/17xxx/CVE-2018-17190.json @@ -61,6 +61,11 @@ "name": "https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-21", + "url": "https://security.gentoo.org/glsa/201903-21" } ] } diff --git a/2018/17xxx/CVE-2018-17199.json b/2018/17xxx/CVE-2018-17199.json index 99faa040f49..a9eb4bf8e38 100644 --- a/2018/17xxx/CVE-2018-17199.json +++ b/2018/17xxx/CVE-2018-17199.json @@ -72,6 +72,11 @@ "name": "https://security.netapp.com/advisory/ntap-20190125-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-21", + "url": "https://security.gentoo.org/glsa/201903-21" } ] } diff --git a/2018/17xxx/CVE-2018-17846.json b/2018/17xxx/CVE-2018-17846.json index 31d13ddddc1..ae5ab06d2ed 100644 --- a/2018/17xxx/CVE-2018-17846.json +++ b/2018/17xxx/CVE-2018-17846.json @@ -56,6 +56,16 @@ "name": "https://github.com/golang/go/issues/27842", "refsource": "MISC", "url": "https://github.com/golang/go/issues/27842" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07d447a1d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07e8e806e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/" } ] } diff --git a/2018/17xxx/CVE-2018-17847.json b/2018/17xxx/CVE-2018-17847.json index cca7970a48f..26846182713 100644 --- a/2018/17xxx/CVE-2018-17847.json +++ b/2018/17xxx/CVE-2018-17847.json @@ -56,6 +56,16 @@ "name": "https://github.com/golang/go/issues/27846", "refsource": "MISC", "url": "https://github.com/golang/go/issues/27846" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07d447a1d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07e8e806e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/" } ] } diff --git a/2018/17xxx/CVE-2018-17848.json b/2018/17xxx/CVE-2018-17848.json index e4183362fc2..aec2a771977 100644 --- a/2018/17xxx/CVE-2018-17848.json +++ b/2018/17xxx/CVE-2018-17848.json @@ -56,6 +56,16 @@ "name": "https://github.com/golang/go/issues/27846", "refsource": "MISC", "url": "https://github.com/golang/go/issues/27846" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07d447a1d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-07e8e806e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/" } ] } diff --git a/2018/17xxx/CVE-2018-17972.json b/2018/17xxx/CVE-2018-17972.json index f6863936e80..251db48d583 100644 --- a/2018/17xxx/CVE-2018-17972.json +++ b/2018/17xxx/CVE-2018-17972.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/18xxx/CVE-2018-18065.json b/2018/18xxx/CVE-2018-18065.json index 18d8bcc99e9..d5b00e4a08b 100644 --- a/2018/18xxx/CVE-2018-18065.json +++ b/2018/18xxx/CVE-2018-18065.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/144", "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/144" + }, + { + "refsource": "BID", + "name": "106265", + "url": "http://www.securityfocus.com/bid/106265" } ] } diff --git a/2018/18xxx/CVE-2018-18281.json b/2018/18xxx/CVE-2018-18281.json index 56c459fda30..00852ec2c22 100644 --- a/2018/18xxx/CVE-2018-18281.json +++ b/2018/18xxx/CVE-2018-18281.json @@ -141,6 +141,11 @@ "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/18xxx/CVE-2018-18311.json b/2018/18xxx/CVE-2018-18311.json index d82a58f1aaa..e993d901f82 100644 --- a/2018/18xxx/CVE-2018-18311.json +++ b/2018/18xxx/CVE-2018-18311.json @@ -131,6 +131,21 @@ "name": "USN-3834-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3834-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT209600", + "url": "https://support.apple.com/kb/HT209600" + }, + { + "refsource": "BUGTRAQ", + "name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", + "url": "https://seclists.org/bugtraq/2019/Mar/42" + }, + { + "refsource": "FULLDISC", + "name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", + "url": "http://seclists.org/fulldisclosure/2019/Mar/49" } ] } diff --git a/2018/18xxx/CVE-2018-18313.json b/2018/18xxx/CVE-2018-18313.json index 5b8533f5f28..68aaa9d070a 100644 --- a/2018/18xxx/CVE-2018-18313.json +++ b/2018/18xxx/CVE-2018-18313.json @@ -111,6 +111,21 @@ "name": "USN-3834-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3834-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT209600", + "url": "https://support.apple.com/kb/HT209600" + }, + { + "refsource": "BUGTRAQ", + "name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", + "url": "https://seclists.org/bugtraq/2019/Mar/42" + }, + { + "refsource": "FULLDISC", + "name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", + "url": "http://seclists.org/fulldisclosure/2019/Mar/49" } ] } diff --git a/2018/18xxx/CVE-2018-18506.json b/2018/18xxx/CVE-2018-18506.json index 5c7b8c14a45..c7d9c09edda 100644 --- a/2018/18xxx/CVE-2018-18506.json +++ b/2018/18xxx/CVE-2018-18506.json @@ -92,6 +92,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1722-1] firefox-esr security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html" } ] } diff --git a/2018/18xxx/CVE-2018-18584.json b/2018/18xxx/CVE-2018-18584.json index 1b8a8703bb9..77a0e78782c 100644 --- a/2018/18xxx/CVE-2018-18584.json +++ b/2018/18xxx/CVE-2018-18584.json @@ -91,6 +91,11 @@ "name": "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2", "refsource": "MISC", "url": "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-20", + "url": "https://security.gentoo.org/glsa/201903-20" } ] } diff --git a/2018/18xxx/CVE-2018-18585.json b/2018/18xxx/CVE-2018-18585.json index 475d7fe58a1..29d9d1c276c 100644 --- a/2018/18xxx/CVE-2018-18585.json +++ b/2018/18xxx/CVE-2018-18585.json @@ -86,6 +86,11 @@ "name": "https://bugs.debian.org/911637", "refsource": "MISC", "url": "https://bugs.debian.org/911637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-20", + "url": "https://security.gentoo.org/glsa/201903-20" } ] } diff --git a/2018/18xxx/CVE-2018-18586.json b/2018/18xxx/CVE-2018-18586.json index 5134f1f80af..aa2af672ee1 100644 --- a/2018/18xxx/CVE-2018-18586.json +++ b/2018/18xxx/CVE-2018-18586.json @@ -66,6 +66,11 @@ "name": "https://bugs.debian.org/911639", "refsource": "MISC", "url": "https://bugs.debian.org/911639" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-20", + "url": "https://security.gentoo.org/glsa/201903-20" } ] } diff --git a/2018/18xxx/CVE-2018-18690.json b/2018/18xxx/CVE-2018-18690.json index 1ada5bac626..0041f64cf51 100644 --- a/2018/18xxx/CVE-2018-18690.json +++ b/2018/18xxx/CVE-2018-18690.json @@ -116,6 +116,11 @@ "name": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/18xxx/CVE-2018-18710.json b/2018/18xxx/CVE-2018-18710.json index bc2612ff6d3..9ba6f1ec6ac 100644 --- a/2018/18xxx/CVE-2018-18710.json +++ b/2018/18xxx/CVE-2018-18710.json @@ -111,6 +111,11 @@ "name": "https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/18xxx/CVE-2018-18798.json b/2018/18xxx/CVE-2018-18798.json index 2ce8df83092..24b030eaa92 100644 --- a/2018/18xxx/CVE-2018-18798.json +++ b/2018/18xxx/CVE-2018-18798.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "School Attendance Monitoring System 1.0 has SQL Injection via user/controller.php?action=edit." + "value": "Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view." } ] }, diff --git a/2018/18xxx/CVE-2018-18994.json b/2018/18xxx/CVE-2018-18994.json index 25382b6fe3f..18c6ad57f9b 100644 --- a/2018/18xxx/CVE-2018-18994.json +++ b/2018/18xxx/CVE-2018-18994.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18994", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18994", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LCDS Laquis", + "product": { + "product_data": [ + { + "product_name": "LCDS Laquis SCADA", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.1.0.4150" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration." } ] } diff --git a/2018/19xxx/CVE-2018-19016.json b/2018/19xxx/CVE-2018-19016.json index 35c8e34eb8e..c166aa643e0 100644 --- a/2018/19xxx/CVE-2018-19016.json +++ b/2018/19xxx/CVE-2018-19016.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-19016", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19016", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell", + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier" + }, + { + "version_value": "and CompactLogix 1768-EWEB Version 2.005 and earlier." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted." } ] } diff --git a/2018/19xxx/CVE-2018-19364.json b/2018/19xxx/CVE-2018-19364.json index 1408b97e916..d318f276e73 100644 --- a/2018/19xxx/CVE-2018-19364.json +++ b/2018/19xxx/CVE-2018-19364.json @@ -76,6 +76,11 @@ "name": "[qemu-devel] 20181115 [PATCH] 9p: take write lock on fid path updates", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-88a98ce795", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" } ] } diff --git a/2018/19xxx/CVE-2018-19466.json b/2018/19xxx/CVE-2018-19466.json index 8fb97fb2146..06c52909067 100644 --- a/2018/19xxx/CVE-2018-19466.json +++ b/2018/19xxx/CVE-2018-19466.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19466", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/portainer/portainer/pull/2488", + "refsource": "MISC", + "name": "https://github.com/portainer/portainer/pull/2488" + }, + { + "refsource": "MISC", + "name": "https://github.com/portainer/portainer/releases", + "url": "https://github.com/portainer/portainer/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/MauroEldritch/lempo", + "url": "https://github.com/MauroEldritch/lempo" } ] } diff --git a/2018/19xxx/CVE-2018-19489.json b/2018/19xxx/CVE-2018-19489.json index 95b20220230..69202947bc6 100644 --- a/2018/19xxx/CVE-2018-19489.json +++ b/2018/19xxx/CVE-2018-19489.json @@ -86,6 +86,16 @@ "name": "106007", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106007" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-88a98ce795", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/19xxx/CVE-2018-19641.json b/2018/19xxx/CVE-2018-19641.json index 76bdf09dc13..0ff4170bb6c 100644 --- a/2018/19xxx/CVE-2018-19641.json +++ b/2018/19xxx/CVE-2018-19641.json @@ -1,18 +1,104 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-19641", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "CVE_data_meta": { + "ID": "CVE-2018-19641", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-01-23T01:00:00.000Z", + "TITLE": "Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [], + "advisory": "", + "discovery": "EXTERNAL" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus", + "product": { + "product_data": [ + { + "product_name": "Solutions Business Manager (SBM)", + "version": { + "version_data": [ + { + "version_value": "< 11.5" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm", + "name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.0", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } + }, + "exploit": [], + "work_around": [], + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n" + } + ] } \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19642.json b/2018/19xxx/CVE-2018-19642.json index 38ebaedcf3f..ab7bc3665a0 100644 --- a/2018/19xxx/CVE-2018-19642.json +++ b/2018/19xxx/CVE-2018-19642.json @@ -1,9 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-01-23T01:00:00.000Z", "ID": "CVE-2018-19642", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus", + "product": { + "product_data": [ + { + "product_name": "Solutions Business Manager (SBM)", + "version": { + "version_data": [ + { + "version_value": "< 11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +42,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm", + "refsource": "CONFIRM", + "url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19643.json b/2018/19xxx/CVE-2018-19643.json index 41b329cf814..fd20ce3ec21 100644 --- a/2018/19xxx/CVE-2018-19643.json +++ b/2018/19xxx/CVE-2018-19643.json @@ -1,9 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-01-23T01:00:00.000Z", "ID": "CVE-2018-19643", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus", + "product": { + "product_data": [ + { + "product_name": "Solutions Business Manager (SBM)", + "version": { + "version_data": [ + { + "version_value": "< 11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +42,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm", + "refsource": "CONFIRM", + "url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19644.json b/2018/19xxx/CVE-2018-19644.json index 5089abe9e9d..67a16a15e68 100644 --- a/2018/19xxx/CVE-2018-19644.json +++ b/2018/19xxx/CVE-2018-19644.json @@ -1,9 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-01-23T01:00:00.000Z", "ID": "CVE-2018-19644", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus", + "product": { + "product_data": [ + { + "product_name": "Solutions Business Manager (SBM)", + "version": { + "version_data": [ + { + "version_value": "< 11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +42,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reflected cross site script" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm", + "refsource": "CONFIRM", + "url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19648.json b/2018/19xxx/CVE-2018-19648.json index a108d2e399a..b8ec6c0570b 100644 --- a/2018/19xxx/CVE-2018-19648.json +++ b/2018/19xxx/CVE-2018-19648.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19648", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://supportforums.adtran.com/docs/DOC-9344", + "url": "https://supportforums.adtran.com/docs/DOC-9344" } ] } diff --git a/2018/19xxx/CVE-2018-19824.json b/2018/19xxx/CVE-2018-19824.json index d0c8b71c7b1..f719b1a7a70 100644 --- a/2018/19xxx/CVE-2018-19824.json +++ b/2018/19xxx/CVE-2018-19824.json @@ -81,6 +81,11 @@ "name": "106109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106109" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/19xxx/CVE-2018-19856.json b/2018/19xxx/CVE-2018-19856.json index e8b5fc5ea80..1db12ddf46a 100644 --- a/2018/19xxx/CVE-2018-19856.json +++ b/2018/19xxx/CVE-2018-19856.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19856", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54857", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54857" } ] } diff --git a/2018/19xxx/CVE-2018-19859.json b/2018/19xxx/CVE-2018-19859.json index a0a756147fd..9820f13587f 100644 --- a/2018/19xxx/CVE-2018-19859.json +++ b/2018/19xxx/CVE-2018-19859.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "OpenRefine before 3.5 allows directory traversal via a relative pathname in a ZIP archive." + "value": "OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive." } ] }, @@ -56,6 +56,11 @@ "name": "https://github.com/OpenRefine/OpenRefine/issues/1840", "refsource": "MISC", "url": "https://github.com/OpenRefine/OpenRefine/issues/1840" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/OpenRefine/OpenRefine/pull/1901", + "url": "https://github.com/OpenRefine/OpenRefine/pull/1901" } ] } diff --git a/2018/19xxx/CVE-2018-19872.json b/2018/19xxx/CVE-2018-19872.json index 56d6d623971..e8e56b78ad3 100644 --- a/2018/19xxx/CVE-2018-19872.json +++ b/2018/19xxx/CVE-2018-19872.json @@ -36,8 +36,8 @@ }, { "refsource": "CONFIRM", - "name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important- security-updates/", - "url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important- security-updates/" + "name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", + "url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" } ] }, diff --git a/2018/19xxx/CVE-2018-19879.json b/2018/19xxx/CVE-2018-19879.json index afb96c3b28f..5237d3b0527 100644 --- a/2018/19xxx/CVE-2018-19879.json +++ b/2018/19xxx/CVE-2018-19879.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19879", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware", + "refsource": "MISC", + "name": "https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware" + }, + { + "url": "https://www.triadsec.com/CVE-2018-19878.pdf", + "refsource": "MISC", + "name": "https://www.triadsec.com/CVE-2018-19878.pdf" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:L/I:L/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19985.json b/2018/19xxx/CVE-2018-19985.json index c8c6be4af5d..f7a4845c8a7 100644 --- a/2018/19xxx/CVE-2018-19985.json +++ b/2018/19xxx/CVE-2018-19985.json @@ -76,6 +76,11 @@ "url": "https://hexhive.epfl.ch/projects/perifuzz/", "refsource": "MISC", "name": "https://hexhive.epfl.ch/projects/perifuzz/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/1xxx/CVE-2018-1060.json b/2018/1xxx/CVE-2018-1060.json index 1426a4ee40c..d116a5838aa 100644 --- a/2018/1xxx/CVE-2018-1060.json +++ b/2018/1xxx/CVE-2018-1060.json @@ -135,6 +135,11 @@ "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-6e1938a3c5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" } ] } diff --git a/2018/1xxx/CVE-2018-1061.json b/2018/1xxx/CVE-2018-1061.json index 0581ec744e2..0cd006ad27e 100644 --- a/2018/1xxx/CVE-2018-1061.json +++ b/2018/1xxx/CVE-2018-1061.json @@ -135,6 +135,11 @@ "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-6e1938a3c5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" } ] } diff --git a/2018/1xxx/CVE-2018-1304.json b/2018/1xxx/CVE-2018-1304.json index cd6a3d3de3b..3d2cc01b614 100644 --- a/2018/1xxx/CVE-2018-1304.json +++ b/2018/1xxx/CVE-2018-1304.json @@ -162,6 +162,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1305.json b/2018/1xxx/CVE-2018-1305.json index b0df3263d00..324f1938d46 100644 --- a/2018/1xxx/CVE-2018-1305.json +++ b/2018/1xxx/CVE-2018-1305.json @@ -137,6 +137,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1320.json b/2018/1xxx/CVE-2018-1320.json index 5ea9ab7e856..38fe67fcae7 100644 --- a/2018/1xxx/CVE-2018-1320.json +++ b/2018/1xxx/CVE-2018-1320.json @@ -66,6 +66,11 @@ "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1662-1] libthrift-java security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html" + }, + { + "refsource": "MLIST", + "name": "[infra-devnull] 20190324 [GitHub] [thrift] luciferous opened pull request #1771: THRIFT-4506: fix use of assert for correctness in Java SASL negotiation", + "url": "https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9@%3Cdevnull.infra.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1323.json b/2018/1xxx/CVE-2018-1323.json index 5f2b866db6f..b3c2f81e612 100644 --- a/2018/1xxx/CVE-2018-1323.json +++ b/2018/1xxx/CVE-2018-1323.json @@ -72,6 +72,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1336.json b/2018/1xxx/CVE-2018-1336.json index dacbdb70631..6c916493b2d 100644 --- a/2018/1xxx/CVE-2018-1336.json +++ b/2018/1xxx/CVE-2018-1336.json @@ -171,6 +171,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/20xxx/CVE-2018-20002.json b/2018/20xxx/CVE-2018-20002.json index fca62177cc8..6c07520831f 100644 --- a/2018/20xxx/CVE-2018-20002.json +++ b/2018/20xxx/CVE-2018-20002.json @@ -71,6 +71,11 @@ "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", "refsource": "MISC", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K62602089", + "url": "https://support.f5.com/csp/article/K62602089" } ] } diff --git a/2018/20xxx/CVE-2018-20004.json b/2018/20xxx/CVE-2018-20004.json index 5fd2efb24a7..7fc0466882e 100644 --- a/2018/20xxx/CVE-2018-20004.json +++ b/2018/20xxx/CVE-2018-20004.json @@ -66,6 +66,11 @@ "name": "https://github.com/fouzhe/security/tree/master/mxml#stack-buffer-overflow-in-function-mxml_write_node", "refsource": "MISC", "url": "https://github.com/fouzhe/security/tree/master/mxml#stack-buffer-overflow-in-function-mxml_write_node" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d333d01e08", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/" } ] } diff --git a/2018/20xxx/CVE-2018-20005.json b/2018/20xxx/CVE-2018-20005.json index 44965659902..94e020fe0a9 100644 --- a/2018/20xxx/CVE-2018-20005.json +++ b/2018/20xxx/CVE-2018-20005.json @@ -61,6 +61,11 @@ "name": "https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext", "refsource": "MISC", "url": "https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d333d01e08", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/" } ] } diff --git a/2018/20xxx/CVE-2018-20123.json b/2018/20xxx/CVE-2018-20123.json index d1494068214..959f820848e 100644 --- a/2018/20xxx/CVE-2018-20123.json +++ b/2018/20xxx/CVE-2018-20123.json @@ -66,6 +66,11 @@ "name": "[qemu-devel] 20181212 Re: [PATCH] pvrdma: release device resources in case of an error", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20124.json b/2018/20xxx/CVE-2018-20124.json index 4a265635eab..046eb6731e9 100644 --- a/2018/20xxx/CVE-2018-20124.json +++ b/2018/20xxx/CVE-2018-20124.json @@ -66,6 +66,11 @@ "name": "106290", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106290" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20125.json b/2018/20xxx/CVE-2018-20125.json index 98c24127c01..7d81472e8fe 100644 --- a/2018/20xxx/CVE-2018-20125.json +++ b/2018/20xxx/CVE-2018-20125.json @@ -66,6 +66,11 @@ "name": "[qemu-devel] 20181213 [PATCH v2 3/6] pvrdma: check number of pages when creating rings", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20126.json b/2018/20xxx/CVE-2018-20126.json index ac12b90f6b5..8e7943e2415 100644 --- a/2018/20xxx/CVE-2018-20126.json +++ b/2018/20xxx/CVE-2018-20126.json @@ -66,6 +66,11 @@ "name": "106298", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106298" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20144.json b/2018/20xxx/CVE-2018-20144.json index edea7f27be9..ba30bf002c6 100644 --- a/2018/20xxx/CVE-2018-20144.json +++ b/2018/20xxx/CVE-2018-20144.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20144", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/55200", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/55200" } ] } diff --git a/2018/20xxx/CVE-2018-20169.json b/2018/20xxx/CVE-2018-20169.json index 339139bfe76..f0cae6ce8e0 100644 --- a/2018/20xxx/CVE-2018-20169.json +++ b/2018/20xxx/CVE-2018-20169.json @@ -76,6 +76,11 @@ "name": "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/20xxx/CVE-2018-20191.json b/2018/20xxx/CVE-2018-20191.json index be2bbc3d572..67e4c9ead61 100644 --- a/2018/20xxx/CVE-2018-20191.json +++ b/2018/20xxx/CVE-2018-20191.json @@ -66,6 +66,16 @@ "name": "[qemu-devel] 20181213 Re: [PATCH v2 2/6] pvrdma: add uar_read routine", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-88a98ce795", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20216.json b/2018/20xxx/CVE-2018-20216.json index 07562d152af..5ea7c6d9eb9 100644 --- a/2018/20xxx/CVE-2018-20216.json +++ b/2018/20xxx/CVE-2018-20216.json @@ -66,6 +66,11 @@ "name": "106291", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106291" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20406.json b/2018/20xxx/CVE-2018-20406.json index faa36eb3cf3..5f159a3e8ea 100644 --- a/2018/20xxx/CVE-2018-20406.json +++ b/2018/20xxx/CVE-2018-20406.json @@ -66,6 +66,11 @@ "name": "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd", "refsource": "MISC", "url": "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-6e1938a3c5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/" } ] } diff --git a/2018/20xxx/CVE-2018-20511.json b/2018/20xxx/CVE-2018-20511.json index d7dc487cf70..f1d759d275b 100644 --- a/2018/20xxx/CVE-2018-20511.json +++ b/2018/20xxx/CVE-2018-20511.json @@ -76,6 +76,11 @@ "name": "106347", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106347" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/20xxx/CVE-2018-20592.json b/2018/20xxx/CVE-2018-20592.json index 843b12c8395..f567676174d 100644 --- a/2018/20xxx/CVE-2018-20592.json +++ b/2018/20xxx/CVE-2018-20592.json @@ -66,6 +66,11 @@ "name": "https://github.com/michaelrsweet/mxml/issues/237", "refsource": "MISC", "url": "https://github.com/michaelrsweet/mxml/issues/237" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d333d01e08", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/" } ] } diff --git a/2018/20xxx/CVE-2018-20593.json b/2018/20xxx/CVE-2018-20593.json index 0159a2fc5d4..397c6c2ff68 100644 --- a/2018/20xxx/CVE-2018-20593.json +++ b/2018/20xxx/CVE-2018-20593.json @@ -66,6 +66,11 @@ "name": "https://github.com/michaelrsweet/mxml/issues/237", "refsource": "MISC", "url": "https://github.com/michaelrsweet/mxml/issues/237" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d333d01e08", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/" } ] } diff --git a/2018/20xxx/CVE-2018-20623.json b/2018/20xxx/CVE-2018-20623.json index 34ae4c7630c..e004bccb27e 100644 --- a/2018/20xxx/CVE-2018-20623.json +++ b/2018/20xxx/CVE-2018-20623.json @@ -61,6 +61,11 @@ "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24049", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24049" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K38336243", + "url": "https://support.f5.com/csp/article/K38336243" } ] } diff --git a/2018/20xxx/CVE-2018-20651.json b/2018/20xxx/CVE-2018-20651.json index 1a7462d0204..662001064df 100644 --- a/2018/20xxx/CVE-2018-20651.json +++ b/2018/20xxx/CVE-2018-20651.json @@ -66,6 +66,11 @@ "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f", "refsource": "MISC", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K38336243", + "url": "https://support.f5.com/csp/article/K38336243" } ] } diff --git a/2018/20xxx/CVE-2018-20657.json b/2018/20xxx/CVE-2018-20657.json index 9acfbf0800c..c45e8a0e7b4 100644 --- a/2018/20xxx/CVE-2018-20657.json +++ b/2018/20xxx/CVE-2018-20657.json @@ -61,6 +61,11 @@ "name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", "refsource": "MISC", "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K62602089", + "url": "https://support.f5.com/csp/article/K62602089" } ] } diff --git a/2018/20xxx/CVE-2018-20678.json b/2018/20xxx/CVE-2018-20678.json index 287f329175e..7ffc2945840 100644 --- a/2018/20xxx/CVE-2018-20678.json +++ b/2018/20xxx/CVE-2018-20678.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20678", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cert.enea.pl/advisories/cert-190101.html", + "refsource": "MISC", + "name": "https://cert.enea.pl/advisories/cert-190101.html" + }, + { + "url": "https://github.com/librenms/librenms/commits/master/html/ajax_table.php", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/commits/master/html/ajax_table.php" } ] } diff --git a/2018/20xxx/CVE-2018-20685.json b/2018/20xxx/CVE-2018-20685.json index 56f6a743a6d..9bba153b62f 100644 --- a/2018/20xxx/CVE-2018-20685.json +++ b/2018/20xxx/CVE-2018-20685.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201903-16", "url": "https://security.gentoo.org/glsa/201903-16" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" } ] } diff --git a/2018/20xxx/CVE-2018-20712.json b/2018/20xxx/CVE-2018-20712.json index 3fe58d745e8..e1a7285a2cf 100644 --- a/2018/20xxx/CVE-2018-20712.json +++ b/2018/20xxx/CVE-2018-20712.json @@ -66,6 +66,11 @@ "name": "106563", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106563" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K38336243", + "url": "https://support.f5.com/csp/article/K38336243" } ] } diff --git a/2018/20xxx/CVE-2018-20815.json b/2018/20xxx/CVE-2018-20815.json new file mode 100644 index 00000000000..096deae38d0 --- /dev/null +++ b/2018/20xxx/CVE-2018-20815.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-20815", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3613.json b/2018/3xxx/CVE-2018-3613.json index dceb5615b3e..5dd2d18a385 100644 --- a/2018/3xxx/CVE-2018-3613.json +++ b/2018/3xxx/CVE-2018-3613.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3613", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3613", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Information Disclosure and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access." } ] } diff --git a/2018/3xxx/CVE-2018-3627.json b/2018/3xxx/CVE-2018-3627.json index b27ecf60326..81b69b3329f 100644 --- a/2018/3xxx/CVE-2018-3627.json +++ b/2018/3xxx/CVE-2018-3627.json @@ -56,6 +56,11 @@ "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0006/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0006/" } ] } diff --git a/2018/3xxx/CVE-2018-3628.json b/2018/3xxx/CVE-2018-3628.json index 44cb8ab32a1..267b619ccde 100644 --- a/2018/3xxx/CVE-2018-3628.json +++ b/2018/3xxx/CVE-2018-3628.json @@ -66,6 +66,11 @@ "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0001/" } ] } diff --git a/2018/3xxx/CVE-2018-3629.json b/2018/3xxx/CVE-2018-3629.json index 09c1ed0fe42..e135b386ff6 100644 --- a/2018/3xxx/CVE-2018-3629.json +++ b/2018/3xxx/CVE-2018-3629.json @@ -66,6 +66,11 @@ "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0001/" } ] } diff --git a/2018/3xxx/CVE-2018-3632.json b/2018/3xxx/CVE-2018-3632.json index 12a2b89a752..5ba69c37b95 100644 --- a/2018/3xxx/CVE-2018-3632.json +++ b/2018/3xxx/CVE-2018-3632.json @@ -66,6 +66,11 @@ "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0001/" } ] } diff --git a/2018/3xxx/CVE-2018-3639.json b/2018/3xxx/CVE-2018-3639.json index f774b9a0a3e..43085900906 100644 --- a/2018/3xxx/CVE-2018-3639.json +++ b/2018/3xxx/CVE-2018-3639.json @@ -717,6 +717,11 @@ "name": "RHSA-2018:2228", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2228" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/3xxx/CVE-2018-3837.json b/2018/3xxx/CVE-2018-3837.json index 541dbc19421..fea5be7056d 100644 --- a/2018/3xxx/CVE-2018-3837.json +++ b/2018/3xxx/CVE-2018-3837.json @@ -67,6 +67,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2018/3xxx/CVE-2018-3838.json b/2018/3xxx/CVE-2018-3838.json index bd32a3e0113..c655705e6d3 100644 --- a/2018/3xxx/CVE-2018-3838.json +++ b/2018/3xxx/CVE-2018-3838.json @@ -67,6 +67,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2018/3xxx/CVE-2018-3839.json b/2018/3xxx/CVE-2018-3839.json index 7b85bae0917..55f73eb23f8 100644 --- a/2018/3xxx/CVE-2018-3839.json +++ b/2018/3xxx/CVE-2018-3839.json @@ -67,6 +67,11 @@ "name": "DSA-4184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4184" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2018/3xxx/CVE-2018-3846.json b/2018/3xxx/CVE-2018-3846.json index cf7fc1ebb70..f01b1522801 100644 --- a/2018/3xxx/CVE-2018-3846.json +++ b/2018/3xxx/CVE-2018-3846.json @@ -57,6 +57,11 @@ "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-3c1aed2aa9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/" } ] } diff --git a/2018/3xxx/CVE-2018-3848.json b/2018/3xxx/CVE-2018-3848.json index 8d6eb940921..efd325fb13b 100644 --- a/2018/3xxx/CVE-2018-3848.json +++ b/2018/3xxx/CVE-2018-3848.json @@ -57,6 +57,11 @@ "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-3c1aed2aa9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/" } ] } diff --git a/2018/3xxx/CVE-2018-3849.json b/2018/3xxx/CVE-2018-3849.json index a51f33e6ce8..21ee1af9d0f 100644 --- a/2018/3xxx/CVE-2018-3849.json +++ b/2018/3xxx/CVE-2018-3849.json @@ -57,6 +57,11 @@ "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-3c1aed2aa9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/" } ] } diff --git a/2018/3xxx/CVE-2018-3977.json b/2018/3xxx/CVE-2018-3977.json index 642d7b722f9..b5efad23cd8 100644 --- a/2018/3xxx/CVE-2018-3977.json +++ b/2018/3xxx/CVE-2018-3977.json @@ -57,6 +57,11 @@ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-17", + "url": "https://security.gentoo.org/glsa/201903-17" } ] } diff --git a/2018/4xxx/CVE-2018-4251.json b/2018/4xxx/CVE-2018-4251.json index 33f092bf65c..82d1af90089 100644 --- a/2018/4xxx/CVE-2018-4251.json +++ b/2018/4xxx/CVE-2018-4251.json @@ -61,6 +61,11 @@ "name": "https://support.apple.com/HT208849", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208849" + }, + { + "refsource": "FULLDISC", + "name": "20190326 Repeat of CVE-2018-4251 in Razer Laptops", + "url": "http://seclists.org/fulldisclosure/2019/Mar/45" } ] } diff --git a/2018/4xxx/CVE-2018-4834.json b/2018/4xxx/CVE-2018-4834.json index b13b932eeca..1fd6fa886e7 100644 --- a/2018/4xxx/CVE-2018-4834.json +++ b/2018/4xxx/CVE-2018-4834.json @@ -47,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication." + "value": "A vulnerability has been identified in Desigo Automation Controllers Products and Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication." } ] }, diff --git a/2018/5xxx/CVE-2018-5407.json b/2018/5xxx/CVE-2018-5407.json index 74ef6153b24..2eebfb6fd79 100644 --- a/2018/5xxx/CVE-2018-5407.json +++ b/2018/5xxx/CVE-2018-5407.json @@ -126,6 +126,16 @@ "name": "https://eprint.iacr.org/2018/1060.pdf", "refsource": "MISC", "url": "https://eprint.iacr.org/2018/1060.pdf" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0651", + "url": "https://access.redhat.com/errata/RHSA-2019:0651" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0652", + "url": "https://access.redhat.com/errata/RHSA-2019:0652" } ] } diff --git a/2018/5xxx/CVE-2018-5511.json b/2018/5xxx/CVE-2018-5511.json index 113f9cd3eca..1913f42a25c 100644 --- a/2018/5xxx/CVE-2018-5511.json +++ b/2018/5xxx/CVE-2018-5511.json @@ -60,6 +60,16 @@ "name": "https://support.f5.com/csp/article/K30500703", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K30500703" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46600", + "url": "https://www.exploit-db.com/exploits/46600/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html" } ] } diff --git a/2018/5xxx/CVE-2018-5711.json b/2018/5xxx/CVE-2018-5711.json index 1429c4efa7f..2f64a05b20c 100644 --- a/2018/5xxx/CVE-2018-5711.json +++ b/2018/5xxx/CVE-2018-5711.json @@ -86,6 +86,11 @@ "name": "[debian-lts-announce] 20180119 [SECURITY] [DLA 1248-1] libgd2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-18", + "url": "https://security.gentoo.org/glsa/201903-18" } ] } diff --git a/2018/5xxx/CVE-2018-5764.json b/2018/5xxx/CVE-2018-5764.json index 27aff55a4a0..484da1aca1e 100644 --- a/2018/5xxx/CVE-2018-5764.json +++ b/2018/5xxx/CVE-2018-5764.json @@ -86,6 +86,11 @@ "name": "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS", "refsource": "CONFIRM", "url": "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" } ] } diff --git a/2018/5xxx/CVE-2018-5803.json b/2018/5xxx/CVE-2018-5803.json index e98388934e3..743bef22849 100644 --- a/2018/5xxx/CVE-2018-5803.json +++ b/2018/5xxx/CVE-2018-5803.json @@ -176,6 +176,11 @@ "name": "USN-3698-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-2/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0641", + "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ] } diff --git a/2018/5xxx/CVE-2018-5848.json b/2018/5xxx/CVE-2018-5848.json index 1d747423b68..e6c207bede8 100644 --- a/2018/5xxx/CVE-2018-5848.json +++ b/2018/5xxx/CVE-2018-5848.json @@ -77,6 +77,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/5xxx/CVE-2018-5923.json b/2018/5xxx/CVE-2018-5923.json index 73bc6476ef0..2d427a0aaff 100644 --- a/2018/5xxx/CVE-2018-5923.json +++ b/2018/5xxx/CVE-2018-5923.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-5923", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5923", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP", + "product": { + "product_data": [ + { + "product_name": "HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers", + "version": { + "version_data": [ + { + "version_value": "Various" + }, + { + "version_value": "see Security Bulletin" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of arbitrary code." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hp.com/us-en/document/c06169434", + "url": "https://support.hp.com/us-en/document/c06169434" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code." } ] } diff --git a/2018/5xxx/CVE-2018-5926.json b/2018/5xxx/CVE-2018-5926.json index 40c86e8f92a..f0000b0c0ce 100644 --- a/2018/5xxx/CVE-2018-5926.json +++ b/2018/5xxx/CVE-2018-5926.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-5926", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5926", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP", + "product": { + "product_data": [ + { + "product_name": "HP Remote Graphics Software", + "version": { + "version_data": [ + { + "version_value": "Version 7.5.0 and lower." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hp.com/us-en/document/c06201418", + "url": "https://support.hp.com/us-en/document/c06201418" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential vulnerability has been identified in HP Remote Graphics Software\u2019s certificate authentication process version 7.5.0 and earlier." } ] } diff --git a/2018/5xxx/CVE-2018-5927.json b/2018/5xxx/CVE-2018-5927.json index 9542e5a1f8a..8a1e26aa375 100644 --- a/2018/5xxx/CVE-2018-5927.json +++ b/2018/5xxx/CVE-2018-5927.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-5927", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5927", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP", + "product": { + "product_data": [ + { + "product_name": "HP Support Assistant", + "version": { + "version_data": [ + { + "version_value": "Before 8.7.50.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local code execution." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hp.com/us-en/document/c06242762", + "url": "https://support.hp.com/us-en/document/c06242762" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code." } ] } diff --git a/2018/5xxx/CVE-2018-5953.json b/2018/5xxx/CVE-2018-5953.json index d6f95e10770..050742de634 100644 --- a/2018/5xxx/CVE-2018-5953.json +++ b/2018/5xxx/CVE-2018-5953.json @@ -61,6 +61,11 @@ "name": "105045", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105045" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2018/6xxx/CVE-2018-6330.json b/2018/6xxx/CVE-2018-6330.json index b5dea07be8d..d2113750c93 100644 --- a/2018/6xxx/CVE-2018-6330.json +++ b/2018/6xxx/CVE-2018-6330.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6330", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/", + "url": "http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection/" + }, + { + "refsource": "MISC", + "name": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md", + "url": "https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md" } ] } diff --git a/2018/6xxx/CVE-2018-6703.json b/2018/6xxx/CVE-2018-6703.json index 77190f45590..bb143959f66 100644 --- a/2018/6xxx/CVE-2018-6703.json +++ b/2018/6xxx/CVE-2018-6703.json @@ -3,7 +3,7 @@ "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2018-6703", "STATE": "PUBLIC", - "TITLE": "McAfee Agent Incorrect memory and handle management vulnerability" + "TITLE": "Remote Logging functionality had a use after free vulnerability in McAfee Agent" }, "affects": { "vendor": { @@ -12,45 +12,24 @@ "product": { "product_data": [ { - "product_name": "McAfee Agent (MA)", + "product_name": "McAfee Agent", "version": { "version_data": [ { - "affected": ">=", - "platform": "x86", - "version_name": "5.0.0", - "version_value": "5.0.0" - }, - { - "affected": "<=", - "platform": "x86", - "version_name": "5.0.6", - "version_value": "5.0.6" - }, - { - "version_name": "5.5.0", - "version_value": "5.5.0" - }, - { - "version_name": "5.5.1", - "version_value": "5.5.1" + "version_affected": "<", + "version_name": "5.x", + "version_value": "5.6.0" } ] } } ] }, - "vendor_name": "McAfee" + "vendor_name": "McAfee, LLC" } ] } }, - "credit": [ - { - "lang": "eng", - "value": "McAfee credits Frank Cozijnsen of the KPN RED-team for reporting this flaw." - } - ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -58,23 +37,26 @@ "description_data": [ { "lang": "eng", - "value": "Use After Free in McAfee Common service in McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted TCP packet." + "value": "Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service." } ] }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, "impact": { "cvss": { "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, @@ -84,7 +66,7 @@ "description": [ { "lang": "eng", - "value": "Use After Free (CWE-416)" + "value": "Use After Free" } ] } @@ -100,13 +82,12 @@ ] }, "source": { - "advisory": "SB10258", - "discovery": "EXTERNAL" + "discovery": "UNKNOWN" }, "work_around": [ { "lang": "eng", - "value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0.\n\nIf you cannot upgrade, consider the below configuration change as a temporary workaround.\nDisable the remote logging feature via policy:\nGo to the assigned policy type General for the product McAfee Agent.\nGo to Logging tab.\nDisable Enable remote access to log." + "value": "Remote logging is disabled by default. Turning off remote logging protects against this issue." } ] } \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8006.json b/2018/8xxx/CVE-2018-8006.json index 227fa1ee54d..99e99176de2 100644 --- a/2018/8xxx/CVE-2018-8006.json +++ b/2018/8xxx/CVE-2018-8006.json @@ -62,6 +62,21 @@ "name": "105156", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105156" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories", + "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-dev] 20190327 Re: Website", + "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", + "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8014.json b/2018/8xxx/CVE-2018-8014.json index d94d693a16c..0da33fea8fb 100644 --- a/2018/8xxx/CVE-2018-8014.json +++ b/2018/8xxx/CVE-2018-8014.json @@ -150,6 +150,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8019.json b/2018/8xxx/CVE-2018-8019.json index f63c7a0fcf2..f4d1f103f0b 100644 --- a/2018/8xxx/CVE-2018-8019.json +++ b/2018/8xxx/CVE-2018-8019.json @@ -90,6 +90,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8020.json b/2018/8xxx/CVE-2018-8020.json index acad5a4cbbe..ca18fac6b67 100644 --- a/2018/8xxx/CVE-2018-8020.json +++ b/2018/8xxx/CVE-2018-8020.json @@ -90,6 +90,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8034.json b/2018/8xxx/CVE-2018-8034.json index 9ecdefdc49b..5f14719792e 100644 --- a/2018/8xxx/CVE-2018-8034.json +++ b/2018/8xxx/CVE-2018-8034.json @@ -136,6 +136,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8037.json b/2018/8xxx/CVE-2018-8037.json index bcc2cf44890..b52cde5b1bf 100644 --- a/2018/8xxx/CVE-2018-8037.json +++ b/2018/8xxx/CVE-2018-8037.json @@ -110,6 +110,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", + "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2019/0xxx/CVE-2019-0160.json b/2019/0xxx/CVE-2019-0160.json index 727a12a91cb..d026d212c00 100644 --- a/2019/0xxx/CVE-2019-0160.json +++ b/2019/0xxx/CVE-2019-0160.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0160", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0160", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege and/or Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/partitiondxe-and-udf-buffer-overflow.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/partitiondxe-and-udf-buffer-overflow.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access." } ] } diff --git a/2019/0xxx/CVE-2019-0161.json b/2019/0xxx/CVE-2019-0161.json index ced1f69ec7a..0cd43c86ed0 100644 --- a/2019/0xxx/CVE-2019-0161.json +++ b/2019/0xxx/CVE-2019-0161.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0161", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0161", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Extensible Firmware Interface Development Kit (EDK II)", + "product": { + "product_data": [ + { + "product_name": "Extensible Firmware Interface Development Kit (EDK II)", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html", + "url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0190.json b/2019/0xxx/CVE-2019-0190.json index c332178ea97..c3252e16017 100644 --- a/2019/0xxx/CVE-2019-0190.json +++ b/2019/0xxx/CVE-2019-0190.json @@ -67,6 +67,11 @@ "name": "https://security.netapp.com/advisory/ntap-20190125-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-21", + "url": "https://security.gentoo.org/glsa/201903-21" } ] } diff --git a/2019/0xxx/CVE-2019-0192.json b/2019/0xxx/CVE-2019-0192.json index 264580e24f5..cb819cd5c42 100644 --- a/2019/0xxx/CVE-2019-0192.json +++ b/2019/0xxx/CVE-2019-0192.json @@ -72,6 +72,26 @@ "refsource": "MLIST", "name": "[lucene-dev] 20190320 [jira] [Issue Comment Deleted] (SOLR-13301) [CVE-2019-0192] Deserialization of untrusted data via jmx.serviceUrl", "url": "https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190326 [jira] [Updated] (SOLR-13301) [CVE-2019-0192] Deserialization of untrusted data via jmx.serviceUrl", + "url": "https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190326 [jira] [Commented] (SOLR-13301) [CVE-2019-0192] Deserialization of untrusted data via jmx.serviceUrl", + "url": "https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190327 [jira] [Commented] (SOLR-13301) [CVE-2019-0192] Deserialization of untrusted data via jmx.serviceUrl", + "url": "https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0003/" } ] } diff --git a/2019/0xxx/CVE-2019-0204.json b/2019/0xxx/CVE-2019-0204.json index 2cded00720f..891501aa242 100644 --- a/2019/0xxx/CVE-2019-0204.json +++ b/2019/0xxx/CVE-2019-0204.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@apache.org", "ID": "CVE-2019-0204", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,68 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Mesos", + "version": { + "version_data": [ + { + "version_value": "pre-1.4.x" + }, + { + "version_value": "1.4.0 to 1.4.2" + }, + { + "version_value": "1.5.0 to 1.5.2" + }, + { + "version_value": "1.6.0 to 1.6.1" + }, + { + "version_value": "1.7.0 to 1.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", + "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E" + }, + { + "refsource": "BID", + "name": "107605", + "url": "http://www.securityfocus.com/bid/107605" } ] } diff --git a/2019/1000xxx/CVE-2019-1000019.json b/2019/1000xxx/CVE-2019-1000019.json index 0a1f3ad71c3..241969dd39a 100644 --- a/2019/1000xxx/CVE-2019-1000019.json +++ b/2019/1000xxx/CVE-2019-1000019.json @@ -74,6 +74,11 @@ "name": "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1", "refsource": "MISC", "url": "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-0233ec0ff3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/" } ] } diff --git a/2019/1000xxx/CVE-2019-1000020.json b/2019/1000xxx/CVE-2019-1000020.json index c2b754e7fea..6f1eed8f66e 100644 --- a/2019/1000xxx/CVE-2019-1000020.json +++ b/2019/1000xxx/CVE-2019-1000020.json @@ -74,6 +74,11 @@ "name": "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423", "refsource": "MISC", "url": "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-0233ec0ff3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/" } ] } diff --git a/2019/1000xxx/CVE-2019-1000031.json b/2019/1000xxx/CVE-2019-1000031.json new file mode 100644 index 00000000000..9538cc8b1f1 --- /dev/null +++ b/2019/1000xxx/CVE-2019-1000031.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "ID": "CVE-2019-1000031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "article2pdf", + "product": { + "product_data": [ + { + "product_name": "article2pdf Wordpress plug-in", + "version": { + "version_data": [ + { + "version_value": "0.24" + }, + { + "version_value": "0.25" + }, + { + "version_value": "0.26" + }, + { + "version_value": "0.27" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "disk consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190326 [article2pdf (Wordpress plug-in)] Multiple vulnerabilities (CVE-2019-1000031, CVE-2019-1010257)", + "url": "https://seclists.org/bugtraq/2019/Mar/49" + }, + { + "url": "http://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/1010xxx/CVE-2019-1010257.json b/2019/1010xxx/CVE-2019-1010257.json index 01f0a4e1a61..fe80d908944 100644 --- a/2019/1010xxx/CVE-2019-1010257.json +++ b/2019/1010xxx/CVE-2019-1010257.json @@ -1,17 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "article2pdf", + "product": { + "product_data": [ + { + "product_name": "article2pdf Wordpress plug-in", + "version": { + "version_data": [ + { + "version_value": "0.24" + }, + { + "version_value": "0.25" + }, + { + "version_value": "0.26" + }, + { + "version_value": "0.27" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure / Data Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wordpress.org/support/topic/pdf-download-path-improperly-sanitised/", + "url": "https://wordpress.org/support/topic/pdf-download-path-improperly-sanitised/" + }, + { + "refsource": "BUGTRAQ", + "name": "20190326 [article2pdf (Wordpress plug-in)] Multiple vulnerabilities (CVE-2019-1000031, CVE-2019-1010257)", + "url": "https://seclists.org/bugtraq/2019/Mar/49" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html", + "url": "https://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html" } ] } diff --git a/2019/10xxx/CVE-2019-10011.json b/2019/10xxx/CVE-2019-10011.json index 225f3928481..a76a9f9bf4c 100644 --- a/2019/10xxx/CVE-2019-10011.json +++ b/2019/10xxx/CVE-2019-10011.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10011", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10011", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@mdavis332/higher-ed-erp-portal-vulnerability-create-your-own-accounts-d865bd22cdd8", + "refsource": "MISC", + "name": "https://medium.com/@mdavis332/higher-ed-erp-portal-vulnerability-create-your-own-accounts-d865bd22cdd8" } ] } diff --git a/2019/10xxx/CVE-2019-10012.json b/2019/10xxx/CVE-2019-10012.json index a6f706a905b..1f22d61f1a0 100644 --- a/2019/10xxx/CVE-2019-10012.json +++ b/2019/10xxx/CVE-2019-10012.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10012", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10012", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the Moxie Manager plugin before 2.1.4 in the ICS\\ICS.NET\\ICSFileServer/moxiemanager directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@mdavis332/critical-vulnerability-in-higher-ed-erp-55580f8880c", + "refsource": "MISC", + "name": "https://medium.com/@mdavis332/critical-vulnerability-in-higher-ed-erp-55580f8880c" + }, + { + "url": "https://www.sjoerdlangkemper.nl/2016/09/15/uploading-webshells-with-moxiemanager/", + "refsource": "MISC", + "name": "https://www.sjoerdlangkemper.nl/2016/09/15/uploading-webshells-with-moxiemanager/" } ] } diff --git a/2019/10xxx/CVE-2019-10014.json b/2019/10xxx/CVE-2019-10014.json index 5e0f90e9e64..e710c88a8ca 100644 --- a/2019/10xxx/CVE-2019-10014.json +++ b/2019/10xxx/CVE-2019-10014.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10014", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10014", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.csdn.net/yalecaltech/article/details/88594388", + "refsource": "MISC", + "name": "https://blog.csdn.net/yalecaltech/article/details/88594388" } ] } diff --git a/2019/10xxx/CVE-2019-10015.json b/2019/10xxx/CVE-2019-10015.json index f8d79d998c1..554822ddd48 100644 --- a/2019/10xxx/CVE-2019-10015.json +++ b/2019/10xxx/CVE-2019-10015.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10015", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10015", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/baigoStudio/baigoSSO/issues/12", + "refsource": "MISC", + "name": "https://github.com/baigoStudio/baigoSSO/issues/12" } ] } diff --git a/2019/10xxx/CVE-2019-10016.json b/2019/10xxx/CVE-2019-10016.json new file mode 100644 index 00000000000..5efe81dd149 --- /dev/null +++ b/2019/10xxx/CVE-2019-10016.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ctrsec.io/index.php/2019/03/24/gforge-advanced-server-xss-commonsearch-php/", + "url": "https://ctrsec.io/index.php/2019/03/24/gforge-advanced-server-xss-commonsearch-php/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10017.json b/2019/10xxx/CVE-2019-10017.json new file mode 100644 index 00000000000..6625ed8ffbd --- /dev/null +++ b/2019/10xxx/CVE-2019-10017.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an \"Add a new Profile\" action to the File Picker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12001", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12001" + }, + { + "refsource": "MISC", + "name": "https://ctrsec.io/index.php/2019/03/24/cmsmadesimple-xss-filepicker/", + "url": "https://ctrsec.io/index.php/2019/03/24/cmsmadesimple-xss-filepicker/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10018.json b/2019/10xxx/CVE-2019-10018.json new file mode 100644 index 00000000000..97bf78df999 --- /dev/null +++ b/2019/10xxx/CVE-2019-10018.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10019.json b/2019/10xxx/CVE-2019-10019.json new file mode 100644 index 00000000000..fc9c208843b --- /dev/null +++ b/2019/10xxx/CVE-2019-10019.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10020.json b/2019/10xxx/CVE-2019-10020.json new file mode 100644 index 00000000000..c785f37481b --- /dev/null +++ b/2019/10xxx/CVE-2019-10020.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10021.json b/2019/10xxx/CVE-2019-10021.json new file mode 100644 index 00000000000..9d2a5b8298f --- /dev/null +++ b/2019/10xxx/CVE-2019-10021.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10022.json b/2019/10xxx/CVE-2019-10022.json new file mode 100644 index 00000000000..4872075daeb --- /dev/null +++ b/2019/10xxx/CVE-2019-10022.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10023.json b/2019/10xxx/CVE-2019-10023.json new file mode 100644 index 00000000000..1d7acb55118 --- /dev/null +++ b/2019/10xxx/CVE-2019-10023.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10024.json b/2019/10xxx/CVE-2019-10024.json new file mode 100644 index 00000000000..76512b5dbe1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10024.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10025.json b/2019/10xxx/CVE-2019-10025.json new file mode 100644 index 00000000000..033e5f25426 --- /dev/null +++ b/2019/10xxx/CVE-2019-10025.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10026.json b/2019/10xxx/CVE-2019-10026.json new file mode 100644 index 00000000000..e0c8548d79e --- /dev/null +++ b/2019/10xxx/CVE-2019-10026.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10027.json b/2019/10xxx/CVE-2019-10027.json new file mode 100644 index 00000000000..4e173939033 --- /dev/null +++ b/2019/10xxx/CVE-2019-10027.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sharemice.github.io/phpcms_xss/", + "refsource": "MISC", + "name": "https://sharemice.github.io/phpcms_xss/" + }, + { + "url": "https://github.com/sharemice/phpcms_xss/blob/master/index.html", + "refsource": "MISC", + "name": "https://github.com/sharemice/phpcms_xss/blob/master/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10028.json b/2019/10xxx/CVE-2019-10028.json new file mode 100644 index 00000000000..f29fda2564a --- /dev/null +++ b/2019/10xxx/CVE-2019-10028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10029.json b/2019/10xxx/CVE-2019-10029.json new file mode 100644 index 00000000000..6a8212c2f76 --- /dev/null +++ b/2019/10xxx/CVE-2019-10029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10030.json b/2019/10xxx/CVE-2019-10030.json new file mode 100644 index 00000000000..ad88b6d6d12 --- /dev/null +++ b/2019/10xxx/CVE-2019-10030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10031.json b/2019/10xxx/CVE-2019-10031.json new file mode 100644 index 00000000000..9bc47a68673 --- /dev/null +++ b/2019/10xxx/CVE-2019-10031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10032.json b/2019/10xxx/CVE-2019-10032.json new file mode 100644 index 00000000000..e362c9b1976 --- /dev/null +++ b/2019/10xxx/CVE-2019-10032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10033.json b/2019/10xxx/CVE-2019-10033.json new file mode 100644 index 00000000000..d2d91dc7911 --- /dev/null +++ b/2019/10xxx/CVE-2019-10033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10034.json b/2019/10xxx/CVE-2019-10034.json new file mode 100644 index 00000000000..f0f27f86d76 --- /dev/null +++ b/2019/10xxx/CVE-2019-10034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10035.json b/2019/10xxx/CVE-2019-10035.json new file mode 100644 index 00000000000..e65d95c291f --- /dev/null +++ b/2019/10xxx/CVE-2019-10035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10036.json b/2019/10xxx/CVE-2019-10036.json new file mode 100644 index 00000000000..f9308acf068 --- /dev/null +++ b/2019/10xxx/CVE-2019-10036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10037.json b/2019/10xxx/CVE-2019-10037.json new file mode 100644 index 00000000000..f8d899245a8 --- /dev/null +++ b/2019/10xxx/CVE-2019-10037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10038.json b/2019/10xxx/CVE-2019-10038.json new file mode 100644 index 00000000000..042701d2668 --- /dev/null +++ b/2019/10xxx/CVE-2019-10038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10039.json b/2019/10xxx/CVE-2019-10039.json new file mode 100644 index 00000000000..db0dbd70fc4 --- /dev/null +++ b/2019/10xxx/CVE-2019-10039.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_web_and_sys_account/README.md", + "refsource": "MISC", + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_web_and_sys_account/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10040.json b/2019/10xxx/CVE-2019-10040.json new file mode 100644 index 00000000000..ce526e1c805 --- /dev/null +++ b/2019/10xxx/CVE-2019-10040.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/remote_cmd_exec_0/README.md", + "refsource": "MISC", + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/remote_cmd_exec_0/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10041.json b/2019/10xxx/CVE-2019-10041.json new file mode 100644 index 00000000000..bf630417240 --- /dev/null +++ b/2019/10xxx/CVE-2019-10041.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_sys_account/README.md", + "refsource": "MISC", + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_sys_account/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10042.json b/2019/10xxx/CVE-2019-10042.json new file mode 100644 index 00000000000..79d7c2f051e --- /dev/null +++ b/2019/10xxx/CVE-2019-10042.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/reset_router/README.md", + "refsource": "MISC", + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/reset_router/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10043.json b/2019/10xxx/CVE-2019-10043.json new file mode 100644 index 00000000000..44be9a74c20 --- /dev/null +++ b/2019/10xxx/CVE-2019-10043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10044.json b/2019/10xxx/CVE-2019-10044.json new file mode 100644 index 00000000000..70fa76408e1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10044.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt", + "refsource": "MISC", + "name": "https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10045.json b/2019/10xxx/CVE-2019-10045.json new file mode 100644 index 00000000000..f9afdb7d74b --- /dev/null +++ b/2019/10xxx/CVE-2019-10045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10046.json b/2019/10xxx/CVE-2019-10046.json new file mode 100644 index 00000000000..eb7ccf91dad --- /dev/null +++ b/2019/10xxx/CVE-2019-10046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10047.json b/2019/10xxx/CVE-2019-10047.json new file mode 100644 index 00000000000..dd7cf27a2ad --- /dev/null +++ b/2019/10xxx/CVE-2019-10047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10048.json b/2019/10xxx/CVE-2019-10048.json new file mode 100644 index 00000000000..95c2a556e9e --- /dev/null +++ b/2019/10xxx/CVE-2019-10048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10049.json b/2019/10xxx/CVE-2019-10049.json new file mode 100644 index 00000000000..2a2fe8f3c47 --- /dev/null +++ b/2019/10xxx/CVE-2019-10049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10050.json b/2019/10xxx/CVE-2019-10050.json new file mode 100644 index 00000000000..1e9ed7dc3c3 --- /dev/null +++ b/2019/10xxx/CVE-2019-10050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10051.json b/2019/10xxx/CVE-2019-10051.json new file mode 100644 index 00000000000..90d9b926247 --- /dev/null +++ b/2019/10xxx/CVE-2019-10051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10052.json b/2019/10xxx/CVE-2019-10052.json new file mode 100644 index 00000000000..fed5f4e0878 --- /dev/null +++ b/2019/10xxx/CVE-2019-10052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10053.json b/2019/10xxx/CVE-2019-10053.json new file mode 100644 index 00000000000..29eee67f09b --- /dev/null +++ b/2019/10xxx/CVE-2019-10053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10054.json b/2019/10xxx/CVE-2019-10054.json new file mode 100644 index 00000000000..18d97f2aaa7 --- /dev/null +++ b/2019/10xxx/CVE-2019-10054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10055.json b/2019/10xxx/CVE-2019-10055.json new file mode 100644 index 00000000000..6890e707acd --- /dev/null +++ b/2019/10xxx/CVE-2019-10055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10056.json b/2019/10xxx/CVE-2019-10056.json new file mode 100644 index 00000000000..bff81243c6b --- /dev/null +++ b/2019/10xxx/CVE-2019-10056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10057.json b/2019/10xxx/CVE-2019-10057.json new file mode 100644 index 00000000000..6e6f9aafd6e --- /dev/null +++ b/2019/10xxx/CVE-2019-10057.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10057", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10058.json b/2019/10xxx/CVE-2019-10058.json new file mode 100644 index 00000000000..3690082e755 --- /dev/null +++ b/2019/10xxx/CVE-2019-10058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10059.json b/2019/10xxx/CVE-2019-10059.json new file mode 100644 index 00000000000..34f5b8401ba --- /dev/null +++ b/2019/10xxx/CVE-2019-10059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10060.json b/2019/10xxx/CVE-2019-10060.json new file mode 100644 index 00000000000..cd8a610b66a --- /dev/null +++ b/2019/10xxx/CVE-2019-10060.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2019-002.md", + "refsource": "MISC", + "name": "https://github.com/VerSprite/research/blob/master/advisories/VS-2019-002.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10061.json b/2019/10xxx/CVE-2019-10061.json new file mode 100644 index 00000000000..10743805829 --- /dev/null +++ b/2019/10xxx/CVE-2019-10061.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/advisories/789", + "refsource": "MISC", + "name": "https://www.npmjs.com/advisories/789" + }, + { + "refsource": "MISC", + "name": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b", + "url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b" + }, + { + "refsource": "MISC", + "name": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563", + "url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10062.json b/2019/10xxx/CVE-2019-10062.json new file mode 100644 index 00000000000..d6383e4475c --- /dev/null +++ b/2019/10xxx/CVE-2019-10062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10063.json b/2019/10xxx/CVE-2019-10063.json new file mode 100644 index 00000000000..e5f080b007d --- /dev/null +++ b/2019/10xxx/CVE-2019-10063.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/flatpak/flatpak/issues/2782", + "refsource": "MISC", + "name": "https://github.com/flatpak/flatpak/issues/2782" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10064.json b/2019/10xxx/CVE-2019-10064.json new file mode 100644 index 00000000000..f8b07b4d0e9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10065.json b/2019/10xxx/CVE-2019-10065.json new file mode 100644 index 00000000000..1b825b8091c --- /dev/null +++ b/2019/10xxx/CVE-2019-10065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10066.json b/2019/10xxx/CVE-2019-10066.json new file mode 100644 index 00000000000..02d6dc523a2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10067.json b/2019/10xxx/CVE-2019-10067.json new file mode 100644 index 00000000000..6d042eab2a2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10068.json b/2019/10xxx/CVE-2019-10068.json new file mode 100644 index 00000000000..386738ef988 --- /dev/null +++ b/2019/10xxx/CVE-2019-10068.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://devnet.kentico.com/download/hotfixes#securityBugs-v12", + "refsource": "MISC", + "name": "https://devnet.kentico.com/download/hotfixes#securityBugs-v12" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10069.json b/2019/10xxx/CVE-2019-10069.json new file mode 100644 index 00000000000..e15e30d0cc8 --- /dev/null +++ b/2019/10xxx/CVE-2019-10069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10070.json b/2019/10xxx/CVE-2019-10070.json new file mode 100644 index 00000000000..2aacc629864 --- /dev/null +++ b/2019/10xxx/CVE-2019-10070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10071.json b/2019/10xxx/CVE-2019-10071.json new file mode 100644 index 00000000000..dac375e154b --- /dev/null +++ b/2019/10xxx/CVE-2019-10071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10072.json b/2019/10xxx/CVE-2019-10072.json new file mode 100644 index 00000000000..6282dba92d1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10073.json b/2019/10xxx/CVE-2019-10073.json new file mode 100644 index 00000000000..70d426b8c81 --- /dev/null +++ b/2019/10xxx/CVE-2019-10073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10074.json b/2019/10xxx/CVE-2019-10074.json new file mode 100644 index 00000000000..f0cd1e8c305 --- /dev/null +++ b/2019/10xxx/CVE-2019-10074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10075.json b/2019/10xxx/CVE-2019-10075.json new file mode 100644 index 00000000000..c4dd2309bc8 --- /dev/null +++ b/2019/10xxx/CVE-2019-10075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10076.json b/2019/10xxx/CVE-2019-10076.json new file mode 100644 index 00000000000..dc50b88b5c3 --- /dev/null +++ b/2019/10xxx/CVE-2019-10076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10077.json b/2019/10xxx/CVE-2019-10077.json new file mode 100644 index 00000000000..ef466b1d273 --- /dev/null +++ b/2019/10xxx/CVE-2019-10077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10078.json b/2019/10xxx/CVE-2019-10078.json new file mode 100644 index 00000000000..f84215cbc3a --- /dev/null +++ b/2019/10xxx/CVE-2019-10078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10079.json b/2019/10xxx/CVE-2019-10079.json new file mode 100644 index 00000000000..850b9627875 --- /dev/null +++ b/2019/10xxx/CVE-2019-10079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10080.json b/2019/10xxx/CVE-2019-10080.json new file mode 100644 index 00000000000..d8b97931137 --- /dev/null +++ b/2019/10xxx/CVE-2019-10080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10081.json b/2019/10xxx/CVE-2019-10081.json new file mode 100644 index 00000000000..7b3354416ec --- /dev/null +++ b/2019/10xxx/CVE-2019-10081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10082.json b/2019/10xxx/CVE-2019-10082.json new file mode 100644 index 00000000000..90ef8b1c30e --- /dev/null +++ b/2019/10xxx/CVE-2019-10082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10083.json b/2019/10xxx/CVE-2019-10083.json new file mode 100644 index 00000000000..879113a911e --- /dev/null +++ b/2019/10xxx/CVE-2019-10083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10084.json b/2019/10xxx/CVE-2019-10084.json new file mode 100644 index 00000000000..c5133e48fd1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10085.json b/2019/10xxx/CVE-2019-10085.json new file mode 100644 index 00000000000..400cba00f67 --- /dev/null +++ b/2019/10xxx/CVE-2019-10085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json new file mode 100644 index 00000000000..1a20aa7b059 --- /dev/null +++ b/2019/10xxx/CVE-2019-10086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10087.json b/2019/10xxx/CVE-2019-10087.json new file mode 100644 index 00000000000..13688684f8e --- /dev/null +++ b/2019/10xxx/CVE-2019-10087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10088.json b/2019/10xxx/CVE-2019-10088.json new file mode 100644 index 00000000000..24c6dcaabf5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10089.json b/2019/10xxx/CVE-2019-10089.json new file mode 100644 index 00000000000..a8c384f6137 --- /dev/null +++ b/2019/10xxx/CVE-2019-10089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10090.json b/2019/10xxx/CVE-2019-10090.json new file mode 100644 index 00000000000..b42a734ea28 --- /dev/null +++ b/2019/10xxx/CVE-2019-10090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10091.json b/2019/10xxx/CVE-2019-10091.json new file mode 100644 index 00000000000..dbdb862066e --- /dev/null +++ b/2019/10xxx/CVE-2019-10091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10092.json b/2019/10xxx/CVE-2019-10092.json new file mode 100644 index 00000000000..177319e320b --- /dev/null +++ b/2019/10xxx/CVE-2019-10092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10093.json b/2019/10xxx/CVE-2019-10093.json new file mode 100644 index 00000000000..6253c48bb4a --- /dev/null +++ b/2019/10xxx/CVE-2019-10093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10094.json b/2019/10xxx/CVE-2019-10094.json new file mode 100644 index 00000000000..81a28ef80b4 --- /dev/null +++ b/2019/10xxx/CVE-2019-10094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10095.json b/2019/10xxx/CVE-2019-10095.json new file mode 100644 index 00000000000..5af819dffa5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10096.json b/2019/10xxx/CVE-2019-10096.json new file mode 100644 index 00000000000..bd9db053991 --- /dev/null +++ b/2019/10xxx/CVE-2019-10096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10097.json b/2019/10xxx/CVE-2019-10097.json new file mode 100644 index 00000000000..996b7957d20 --- /dev/null +++ b/2019/10xxx/CVE-2019-10097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10098.json b/2019/10xxx/CVE-2019-10098.json new file mode 100644 index 00000000000..2fc95659008 --- /dev/null +++ b/2019/10xxx/CVE-2019-10098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10099.json b/2019/10xxx/CVE-2019-10099.json new file mode 100644 index 00000000000..621769d7305 --- /dev/null +++ b/2019/10xxx/CVE-2019-10099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10100.json b/2019/10xxx/CVE-2019-10100.json new file mode 100644 index 00000000000..997eae8c59e --- /dev/null +++ b/2019/10xxx/CVE-2019-10100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10101.json b/2019/10xxx/CVE-2019-10101.json new file mode 100644 index 00000000000..3482fa42210 --- /dev/null +++ b/2019/10xxx/CVE-2019-10101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10102.json b/2019/10xxx/CVE-2019-10102.json new file mode 100644 index 00000000000..8f64169cb62 --- /dev/null +++ b/2019/10xxx/CVE-2019-10102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10103.json b/2019/10xxx/CVE-2019-10103.json new file mode 100644 index 00000000000..2ac370c41a4 --- /dev/null +++ b/2019/10xxx/CVE-2019-10103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10104.json b/2019/10xxx/CVE-2019-10104.json new file mode 100644 index 00000000000..5173cf22917 --- /dev/null +++ b/2019/10xxx/CVE-2019-10104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10105.json b/2019/10xxx/CVE-2019-10105.json new file mode 100644 index 00000000000..81bcb661bc1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10105.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager \"Name\" field, which is reachable via a \"Create a new Template\" action to the Design Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12002", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12002" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10106.json b/2019/10xxx/CVE-2019-10106.json new file mode 100644 index 00000000000..b61e10c3396 --- /dev/null +++ b/2019/10xxx/CVE-2019-10106.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an \"Add Category\" action to the \"Site Admin Settings - News module\" section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12004", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12004" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10107.json b/2019/10xxx/CVE-2019-10107.json new file mode 100644 index 00000000000..fc821c13b96 --- /dev/null +++ b/2019/10xxx/CVE-2019-10107.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple 2.2.10 has XSS via the myaccount.php \"Email Address\" field, which is reachable via the \"My Preferences -> My Account\" section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12003", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12003" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10108.json b/2019/10xxx/CVE-2019-10108.json new file mode 100644 index 00000000000..0009c14031f --- /dev/null +++ b/2019/10xxx/CVE-2019-10108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10109.json b/2019/10xxx/CVE-2019-10109.json new file mode 100644 index 00000000000..c854012c494 --- /dev/null +++ b/2019/10xxx/CVE-2019-10109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10110.json b/2019/10xxx/CVE-2019-10110.json new file mode 100644 index 00000000000..865e5ec1fe2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10111.json b/2019/10xxx/CVE-2019-10111.json new file mode 100644 index 00000000000..9375379b847 --- /dev/null +++ b/2019/10xxx/CVE-2019-10111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10112.json b/2019/10xxx/CVE-2019-10112.json new file mode 100644 index 00000000000..1a7755292f8 --- /dev/null +++ b/2019/10xxx/CVE-2019-10112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10113.json b/2019/10xxx/CVE-2019-10113.json new file mode 100644 index 00000000000..e0a58a09d39 --- /dev/null +++ b/2019/10xxx/CVE-2019-10113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10114.json b/2019/10xxx/CVE-2019-10114.json new file mode 100644 index 00000000000..b57f6560c15 --- /dev/null +++ b/2019/10xxx/CVE-2019-10114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10115.json b/2019/10xxx/CVE-2019-10115.json new file mode 100644 index 00000000000..69eae4c0fb3 --- /dev/null +++ b/2019/10xxx/CVE-2019-10115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10116.json b/2019/10xxx/CVE-2019-10116.json new file mode 100644 index 00000000000..52c08cc2344 --- /dev/null +++ b/2019/10xxx/CVE-2019-10116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10117.json b/2019/10xxx/CVE-2019-10117.json new file mode 100644 index 00000000000..26f4df40edb --- /dev/null +++ b/2019/10xxx/CVE-2019-10117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10118.json b/2019/10xxx/CVE-2019-10118.json new file mode 100644 index 00000000000..efb1448b240 --- /dev/null +++ b/2019/10xxx/CVE-2019-10118.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/snipe/snipe-it/pull/6831", + "refsource": "MISC", + "name": "https://github.com/snipe/snipe-it/pull/6831" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10119.json b/2019/10xxx/CVE-2019-10119.json new file mode 100644 index 00000000000..cc38e68d046 --- /dev/null +++ b/2019/10xxx/CVE-2019-10119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10120.json b/2019/10xxx/CVE-2019-10120.json new file mode 100644 index 00000000000..32e0627926a --- /dev/null +++ b/2019/10xxx/CVE-2019-10120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10121.json b/2019/10xxx/CVE-2019-10121.json new file mode 100644 index 00000000000..46ac388c9fe --- /dev/null +++ b/2019/10xxx/CVE-2019-10121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10122.json b/2019/10xxx/CVE-2019-10122.json new file mode 100644 index 00000000000..efca3790a5d --- /dev/null +++ b/2019/10xxx/CVE-2019-10122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10123.json b/2019/10xxx/CVE-2019-10123.json new file mode 100644 index 00000000000..76f966cae77 --- /dev/null +++ b/2019/10xxx/CVE-2019-10123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10124.json b/2019/10xxx/CVE-2019-10124.json new file mode 100644 index 00000000000..d74a9d14dc1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10124.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4" + }, + { + "url": "https://github.com/torvalds/linux/commit/46612b751c4941c5c0472ddf04027e877ae5990f", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/46612b751c4941c5c0472ddf04027e877ae5990f" + }, + { + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=46612b751c4941c5c0472ddf04027e877ae5990f", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=46612b751c4941c5c0472ddf04027e877ae5990f" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10125.json b/2019/10xxx/CVE-2019-10125.json new file mode 100644 index 00000000000..1d5e841e78c --- /dev/null +++ b/2019/10xxx/CVE-2019-10125.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://patchwork.kernel.org/patch/10828359/", + "refsource": "MISC", + "name": "https://patchwork.kernel.org/patch/10828359/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10126.json b/2019/10xxx/CVE-2019-10126.json new file mode 100644 index 00000000000..2afb057ff49 --- /dev/null +++ b/2019/10xxx/CVE-2019-10126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10127.json b/2019/10xxx/CVE-2019-10127.json new file mode 100644 index 00000000000..7ac76b7a7dc --- /dev/null +++ b/2019/10xxx/CVE-2019-10127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10128.json b/2019/10xxx/CVE-2019-10128.json new file mode 100644 index 00000000000..00d2ce5d0df --- /dev/null +++ b/2019/10xxx/CVE-2019-10128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10129.json b/2019/10xxx/CVE-2019-10129.json new file mode 100644 index 00000000000..af6ace05393 --- /dev/null +++ b/2019/10xxx/CVE-2019-10129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10130.json b/2019/10xxx/CVE-2019-10130.json new file mode 100644 index 00000000000..812c3b98dc6 --- /dev/null +++ b/2019/10xxx/CVE-2019-10130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10131.json b/2019/10xxx/CVE-2019-10131.json new file mode 100644 index 00000000000..f272171442f --- /dev/null +++ b/2019/10xxx/CVE-2019-10131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10132.json b/2019/10xxx/CVE-2019-10132.json new file mode 100644 index 00000000000..f6217aab233 --- /dev/null +++ b/2019/10xxx/CVE-2019-10132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10133.json b/2019/10xxx/CVE-2019-10133.json new file mode 100644 index 00000000000..6461f3ccb4c --- /dev/null +++ b/2019/10xxx/CVE-2019-10133.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10133", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10134.json b/2019/10xxx/CVE-2019-10134.json new file mode 100644 index 00000000000..ab994f3e9f5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10135.json b/2019/10xxx/CVE-2019-10135.json new file mode 100644 index 00000000000..58d0bf99ed1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10136.json b/2019/10xxx/CVE-2019-10136.json new file mode 100644 index 00000000000..0bee8c20ce6 --- /dev/null +++ b/2019/10xxx/CVE-2019-10136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10137.json b/2019/10xxx/CVE-2019-10137.json new file mode 100644 index 00000000000..d765b1597b0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10138.json b/2019/10xxx/CVE-2019-10138.json new file mode 100644 index 00000000000..99d9b771a0b --- /dev/null +++ b/2019/10xxx/CVE-2019-10138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10139.json b/2019/10xxx/CVE-2019-10139.json new file mode 100644 index 00000000000..69e34296400 --- /dev/null +++ b/2019/10xxx/CVE-2019-10139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10140.json b/2019/10xxx/CVE-2019-10140.json new file mode 100644 index 00000000000..26cdd57b09e --- /dev/null +++ b/2019/10xxx/CVE-2019-10140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10141.json b/2019/10xxx/CVE-2019-10141.json new file mode 100644 index 00000000000..60ec6686f0f --- /dev/null +++ b/2019/10xxx/CVE-2019-10141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10142.json b/2019/10xxx/CVE-2019-10142.json new file mode 100644 index 00000000000..81ba34442b0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10143.json b/2019/10xxx/CVE-2019-10143.json new file mode 100644 index 00000000000..9c77effd5a2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10144.json b/2019/10xxx/CVE-2019-10144.json new file mode 100644 index 00000000000..362abb16075 --- /dev/null +++ b/2019/10xxx/CVE-2019-10144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10145.json b/2019/10xxx/CVE-2019-10145.json new file mode 100644 index 00000000000..680d92df4c9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10146.json b/2019/10xxx/CVE-2019-10146.json new file mode 100644 index 00000000000..04fbcca9df2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10147.json b/2019/10xxx/CVE-2019-10147.json new file mode 100644 index 00000000000..20f70d5f22a --- /dev/null +++ b/2019/10xxx/CVE-2019-10147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10148.json b/2019/10xxx/CVE-2019-10148.json new file mode 100644 index 00000000000..a5631fc6d5d --- /dev/null +++ b/2019/10xxx/CVE-2019-10148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10149.json b/2019/10xxx/CVE-2019-10149.json new file mode 100644 index 00000000000..bbd92eedf00 --- /dev/null +++ b/2019/10xxx/CVE-2019-10149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10150.json b/2019/10xxx/CVE-2019-10150.json new file mode 100644 index 00000000000..e997a305c5e --- /dev/null +++ b/2019/10xxx/CVE-2019-10150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10151.json b/2019/10xxx/CVE-2019-10151.json new file mode 100644 index 00000000000..3df2aa6adf2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10152.json b/2019/10xxx/CVE-2019-10152.json new file mode 100644 index 00000000000..8a690fd6e84 --- /dev/null +++ b/2019/10xxx/CVE-2019-10152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10153.json b/2019/10xxx/CVE-2019-10153.json new file mode 100644 index 00000000000..0bb01fa71a3 --- /dev/null +++ b/2019/10xxx/CVE-2019-10153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10154.json b/2019/10xxx/CVE-2019-10154.json new file mode 100644 index 00000000000..81c2d88d37b --- /dev/null +++ b/2019/10xxx/CVE-2019-10154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10155.json b/2019/10xxx/CVE-2019-10155.json new file mode 100644 index 00000000000..61fa7898a7d --- /dev/null +++ b/2019/10xxx/CVE-2019-10155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10156.json b/2019/10xxx/CVE-2019-10156.json new file mode 100644 index 00000000000..1c99abf2f07 --- /dev/null +++ b/2019/10xxx/CVE-2019-10156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10157.json b/2019/10xxx/CVE-2019-10157.json new file mode 100644 index 00000000000..dede98a0c0a --- /dev/null +++ b/2019/10xxx/CVE-2019-10157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10158.json b/2019/10xxx/CVE-2019-10158.json new file mode 100644 index 00000000000..5fbb00ea9e2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10159.json b/2019/10xxx/CVE-2019-10159.json new file mode 100644 index 00000000000..d631109f968 --- /dev/null +++ b/2019/10xxx/CVE-2019-10159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10160.json b/2019/10xxx/CVE-2019-10160.json new file mode 100644 index 00000000000..88fe7d55788 --- /dev/null +++ b/2019/10xxx/CVE-2019-10160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10161.json b/2019/10xxx/CVE-2019-10161.json new file mode 100644 index 00000000000..f44c2851b4e --- /dev/null +++ b/2019/10xxx/CVE-2019-10161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10162.json b/2019/10xxx/CVE-2019-10162.json new file mode 100644 index 00000000000..f08000c6056 --- /dev/null +++ b/2019/10xxx/CVE-2019-10162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10163.json b/2019/10xxx/CVE-2019-10163.json new file mode 100644 index 00000000000..b1900fab4e2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10164.json b/2019/10xxx/CVE-2019-10164.json new file mode 100644 index 00000000000..149f5473288 --- /dev/null +++ b/2019/10xxx/CVE-2019-10164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10165.json b/2019/10xxx/CVE-2019-10165.json new file mode 100644 index 00000000000..6d9f2a1c788 --- /dev/null +++ b/2019/10xxx/CVE-2019-10165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10166.json b/2019/10xxx/CVE-2019-10166.json new file mode 100644 index 00000000000..e5f08902872 --- /dev/null +++ b/2019/10xxx/CVE-2019-10166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10167.json b/2019/10xxx/CVE-2019-10167.json new file mode 100644 index 00000000000..fa5769d6c42 --- /dev/null +++ b/2019/10xxx/CVE-2019-10167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10168.json b/2019/10xxx/CVE-2019-10168.json new file mode 100644 index 00000000000..45e5421e14f --- /dev/null +++ b/2019/10xxx/CVE-2019-10168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10169.json b/2019/10xxx/CVE-2019-10169.json new file mode 100644 index 00000000000..034c81dbfb4 --- /dev/null +++ b/2019/10xxx/CVE-2019-10169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10170.json b/2019/10xxx/CVE-2019-10170.json new file mode 100644 index 00000000000..0e4b47c4123 --- /dev/null +++ b/2019/10xxx/CVE-2019-10170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10171.json b/2019/10xxx/CVE-2019-10171.json new file mode 100644 index 00000000000..4636ff005f0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10172.json b/2019/10xxx/CVE-2019-10172.json new file mode 100644 index 00000000000..176c1aa58c3 --- /dev/null +++ b/2019/10xxx/CVE-2019-10172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10173.json b/2019/10xxx/CVE-2019-10173.json new file mode 100644 index 00000000000..4ee4824d28d --- /dev/null +++ b/2019/10xxx/CVE-2019-10173.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10173", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10174.json b/2019/10xxx/CVE-2019-10174.json new file mode 100644 index 00000000000..59b1d68cff7 --- /dev/null +++ b/2019/10xxx/CVE-2019-10174.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10174", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10175.json b/2019/10xxx/CVE-2019-10175.json new file mode 100644 index 00000000000..db1815aef87 --- /dev/null +++ b/2019/10xxx/CVE-2019-10175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10176.json b/2019/10xxx/CVE-2019-10176.json new file mode 100644 index 00000000000..fae964daa61 --- /dev/null +++ b/2019/10xxx/CVE-2019-10176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10177.json b/2019/10xxx/CVE-2019-10177.json new file mode 100644 index 00000000000..a0d325891b9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10178.json b/2019/10xxx/CVE-2019-10178.json new file mode 100644 index 00000000000..62da8868665 --- /dev/null +++ b/2019/10xxx/CVE-2019-10178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10179.json b/2019/10xxx/CVE-2019-10179.json new file mode 100644 index 00000000000..2764aadb68c --- /dev/null +++ b/2019/10xxx/CVE-2019-10179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10180.json b/2019/10xxx/CVE-2019-10180.json new file mode 100644 index 00000000000..5626871b253 --- /dev/null +++ b/2019/10xxx/CVE-2019-10180.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10180", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10181.json b/2019/10xxx/CVE-2019-10181.json new file mode 100644 index 00000000000..eab22c86302 --- /dev/null +++ b/2019/10xxx/CVE-2019-10181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10182.json b/2019/10xxx/CVE-2019-10182.json new file mode 100644 index 00000000000..56860f7a835 --- /dev/null +++ b/2019/10xxx/CVE-2019-10182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10183.json b/2019/10xxx/CVE-2019-10183.json new file mode 100644 index 00000000000..2a9f84feebb --- /dev/null +++ b/2019/10xxx/CVE-2019-10183.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10183", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10184.json b/2019/10xxx/CVE-2019-10184.json new file mode 100644 index 00000000000..4e5430be9d7 --- /dev/null +++ b/2019/10xxx/CVE-2019-10184.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10184", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10185.json b/2019/10xxx/CVE-2019-10185.json new file mode 100644 index 00000000000..7e0ec53317e --- /dev/null +++ b/2019/10xxx/CVE-2019-10185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10186.json b/2019/10xxx/CVE-2019-10186.json new file mode 100644 index 00000000000..c5923a23e5f --- /dev/null +++ b/2019/10xxx/CVE-2019-10186.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10186", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10187.json b/2019/10xxx/CVE-2019-10187.json new file mode 100644 index 00000000000..4d6e1bb45b0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10188.json b/2019/10xxx/CVE-2019-10188.json new file mode 100644 index 00000000000..254a6703880 --- /dev/null +++ b/2019/10xxx/CVE-2019-10188.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10188", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10189.json b/2019/10xxx/CVE-2019-10189.json new file mode 100644 index 00000000000..9ee625f563c --- /dev/null +++ b/2019/10xxx/CVE-2019-10189.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10189", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10190.json b/2019/10xxx/CVE-2019-10190.json new file mode 100644 index 00000000000..ff9819ecfff --- /dev/null +++ b/2019/10xxx/CVE-2019-10190.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10190", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10191.json b/2019/10xxx/CVE-2019-10191.json new file mode 100644 index 00000000000..54def09fc67 --- /dev/null +++ b/2019/10xxx/CVE-2019-10191.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10191", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10192.json b/2019/10xxx/CVE-2019-10192.json new file mode 100644 index 00000000000..e6c54d7af43 --- /dev/null +++ b/2019/10xxx/CVE-2019-10192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10193.json b/2019/10xxx/CVE-2019-10193.json new file mode 100644 index 00000000000..09127e908ac --- /dev/null +++ b/2019/10xxx/CVE-2019-10193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10194.json b/2019/10xxx/CVE-2019-10194.json new file mode 100644 index 00000000000..37f7d61a7cc --- /dev/null +++ b/2019/10xxx/CVE-2019-10194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10195.json b/2019/10xxx/CVE-2019-10195.json new file mode 100644 index 00000000000..7191cc78f88 --- /dev/null +++ b/2019/10xxx/CVE-2019-10195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10196.json b/2019/10xxx/CVE-2019-10196.json new file mode 100644 index 00000000000..272ba59f656 --- /dev/null +++ b/2019/10xxx/CVE-2019-10196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10197.json b/2019/10xxx/CVE-2019-10197.json new file mode 100644 index 00000000000..b97364db089 --- /dev/null +++ b/2019/10xxx/CVE-2019-10197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10198.json b/2019/10xxx/CVE-2019-10198.json new file mode 100644 index 00000000000..d85139bb789 --- /dev/null +++ b/2019/10xxx/CVE-2019-10198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10199.json b/2019/10xxx/CVE-2019-10199.json new file mode 100644 index 00000000000..227a078cc7e --- /dev/null +++ b/2019/10xxx/CVE-2019-10199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10200.json b/2019/10xxx/CVE-2019-10200.json new file mode 100644 index 00000000000..0bc318065b8 --- /dev/null +++ b/2019/10xxx/CVE-2019-10200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10201.json b/2019/10xxx/CVE-2019-10201.json new file mode 100644 index 00000000000..30119b016e4 --- /dev/null +++ b/2019/10xxx/CVE-2019-10201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10202.json b/2019/10xxx/CVE-2019-10202.json new file mode 100644 index 00000000000..1724377fd7a --- /dev/null +++ b/2019/10xxx/CVE-2019-10202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10203.json b/2019/10xxx/CVE-2019-10203.json new file mode 100644 index 00000000000..99666ac54cb --- /dev/null +++ b/2019/10xxx/CVE-2019-10203.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10204.json b/2019/10xxx/CVE-2019-10204.json new file mode 100644 index 00000000000..7f211ec989f --- /dev/null +++ b/2019/10xxx/CVE-2019-10204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10205.json b/2019/10xxx/CVE-2019-10205.json new file mode 100644 index 00000000000..b853403099c --- /dev/null +++ b/2019/10xxx/CVE-2019-10205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10206.json b/2019/10xxx/CVE-2019-10206.json new file mode 100644 index 00000000000..16d628096c3 --- /dev/null +++ b/2019/10xxx/CVE-2019-10206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10207.json b/2019/10xxx/CVE-2019-10207.json new file mode 100644 index 00000000000..34704e70903 --- /dev/null +++ b/2019/10xxx/CVE-2019-10207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10208.json b/2019/10xxx/CVE-2019-10208.json new file mode 100644 index 00000000000..6d336789713 --- /dev/null +++ b/2019/10xxx/CVE-2019-10208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10209.json b/2019/10xxx/CVE-2019-10209.json new file mode 100644 index 00000000000..f35e9354a79 --- /dev/null +++ b/2019/10xxx/CVE-2019-10209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10210.json b/2019/10xxx/CVE-2019-10210.json new file mode 100644 index 00000000000..27d2cf56857 --- /dev/null +++ b/2019/10xxx/CVE-2019-10210.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10210", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10211.json b/2019/10xxx/CVE-2019-10211.json new file mode 100644 index 00000000000..9f48b715318 --- /dev/null +++ b/2019/10xxx/CVE-2019-10211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10212.json b/2019/10xxx/CVE-2019-10212.json new file mode 100644 index 00000000000..0080d3de9b9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10212.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10212", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10213.json b/2019/10xxx/CVE-2019-10213.json new file mode 100644 index 00000000000..79d938421f9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10214.json b/2019/10xxx/CVE-2019-10214.json new file mode 100644 index 00000000000..3c7f74447f9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10215.json b/2019/10xxx/CVE-2019-10215.json new file mode 100644 index 00000000000..a796d68e566 --- /dev/null +++ b/2019/10xxx/CVE-2019-10215.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10215", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10216.json b/2019/10xxx/CVE-2019-10216.json new file mode 100644 index 00000000000..9839849a095 --- /dev/null +++ b/2019/10xxx/CVE-2019-10216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10217.json b/2019/10xxx/CVE-2019-10217.json new file mode 100644 index 00000000000..f51579d8ca9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10218.json b/2019/10xxx/CVE-2019-10218.json new file mode 100644 index 00000000000..410ca6374aa --- /dev/null +++ b/2019/10xxx/CVE-2019-10218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10219.json b/2019/10xxx/CVE-2019-10219.json new file mode 100644 index 00000000000..d8eaac54824 --- /dev/null +++ b/2019/10xxx/CVE-2019-10219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10220.json b/2019/10xxx/CVE-2019-10220.json new file mode 100644 index 00000000000..4c2b4635a7e --- /dev/null +++ b/2019/10xxx/CVE-2019-10220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10221.json b/2019/10xxx/CVE-2019-10221.json new file mode 100644 index 00000000000..0df9236bce5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10222.json b/2019/10xxx/CVE-2019-10222.json new file mode 100644 index 00000000000..05c3f9f06fe --- /dev/null +++ b/2019/10xxx/CVE-2019-10222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10223.json b/2019/10xxx/CVE-2019-10223.json new file mode 100644 index 00000000000..8670ac872cd --- /dev/null +++ b/2019/10xxx/CVE-2019-10223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10224.json b/2019/10xxx/CVE-2019-10224.json new file mode 100644 index 00000000000..a1437edc876 --- /dev/null +++ b/2019/10xxx/CVE-2019-10224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10225.json b/2019/10xxx/CVE-2019-10225.json new file mode 100644 index 00000000000..634b1d71d12 --- /dev/null +++ b/2019/10xxx/CVE-2019-10225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10226.json b/2019/10xxx/CVE-2019-10226.json new file mode 100644 index 00000000000..664194d9850 --- /dev/null +++ b/2019/10xxx/CVE-2019-10226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10227.json b/2019/10xxx/CVE-2019-10227.json new file mode 100644 index 00000000000..383a7aa5f62 --- /dev/null +++ b/2019/10xxx/CVE-2019-10227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10228.json b/2019/10xxx/CVE-2019-10228.json new file mode 100644 index 00000000000..4a79fbe4dc0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10229.json b/2019/10xxx/CVE-2019-10229.json new file mode 100644 index 00000000000..3be6e838c49 --- /dev/null +++ b/2019/10xxx/CVE-2019-10229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10230.json b/2019/10xxx/CVE-2019-10230.json new file mode 100644 index 00000000000..b9ef31b92a6 --- /dev/null +++ b/2019/10xxx/CVE-2019-10230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10231.json b/2019/10xxx/CVE-2019-10231.json new file mode 100644 index 00000000000..764a06b06c4 --- /dev/null +++ b/2019/10xxx/CVE-2019-10231.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/glpi-project/glpi/pull/5520", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/pull/5520" + }, + { + "url": "https://github.com/glpi-project/glpi/releases/tag/9.4.1.1", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/releases/tag/9.4.1.1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10232.json b/2019/10xxx/CVE-2019-10232.json new file mode 100644 index 00000000000..20bf4c8da04 --- /dev/null +++ b/2019/10xxx/CVE-2019-10232.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Teclib GLPI through 9.3.3 has SQL injection via the \"cycle\" parameter in /scripts/unlock_tasks.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10233.json b/2019/10xxx/CVE-2019-10233.json new file mode 100644 index 00000000000..0f48b69edca --- /dev/null +++ b/2019/10xxx/CVE-2019-10233.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/glpi-project/glpi/releases/tag/9.4.1.1", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/releases/tag/9.4.1.1" + }, + { + "url": "https://github.com/glpi-project/glpi/pull/5562", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/pull/5562" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10234.json b/2019/10xxx/CVE-2019-10234.json new file mode 100644 index 00000000000..a981b800198 --- /dev/null +++ b/2019/10xxx/CVE-2019-10234.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10234", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10235.json b/2019/10xxx/CVE-2019-10235.json new file mode 100644 index 00000000000..1128b614b54 --- /dev/null +++ b/2019/10xxx/CVE-2019-10235.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10235", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10236.json b/2019/10xxx/CVE-2019-10236.json new file mode 100644 index 00000000000..01a159bcc4f --- /dev/null +++ b/2019/10xxx/CVE-2019-10236.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10236", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10237.json b/2019/10xxx/CVE-2019-10237.json new file mode 100644 index 00000000000..1072a6d462e --- /dev/null +++ b/2019/10xxx/CVE-2019-10237.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/172/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/172/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10238.json b/2019/10xxx/CVE-2019-10238.json new file mode 100644 index 00000000000..b01c4c9f13c --- /dev/null +++ b/2019/10xxx/CVE-2019-10238.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/175/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/175/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10239.json b/2019/10xxx/CVE-2019-10239.json new file mode 100644 index 00000000000..f7cefeb2c24 --- /dev/null +++ b/2019/10xxx/CVE-2019-10239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10240.json b/2019/10xxx/CVE-2019-10240.json new file mode 100644 index 00000000000..49228f08c6c --- /dev/null +++ b/2019/10xxx/CVE-2019-10240.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10240", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10241.json b/2019/10xxx/CVE-2019-10241.json new file mode 100644 index 00000000000..04451ffead8 --- /dev/null +++ b/2019/10xxx/CVE-2019-10241.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10241", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10242.json b/2019/10xxx/CVE-2019-10242.json new file mode 100644 index 00000000000..1758d2f6ca5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10243.json b/2019/10xxx/CVE-2019-10243.json new file mode 100644 index 00000000000..cde7d5e646b --- /dev/null +++ b/2019/10xxx/CVE-2019-10243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10244.json b/2019/10xxx/CVE-2019-10244.json new file mode 100644 index 00000000000..6a878f478d2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10245.json b/2019/10xxx/CVE-2019-10245.json new file mode 100644 index 00000000000..2460c8238af --- /dev/null +++ b/2019/10xxx/CVE-2019-10245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10246.json b/2019/10xxx/CVE-2019-10246.json new file mode 100644 index 00000000000..6aa7c835414 --- /dev/null +++ b/2019/10xxx/CVE-2019-10246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10247.json b/2019/10xxx/CVE-2019-10247.json new file mode 100644 index 00000000000..40f0af60b51 --- /dev/null +++ b/2019/10xxx/CVE-2019-10247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10248.json b/2019/10xxx/CVE-2019-10248.json new file mode 100644 index 00000000000..581a73a10d0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10249.json b/2019/10xxx/CVE-2019-10249.json new file mode 100644 index 00000000000..5bae84739fe --- /dev/null +++ b/2019/10xxx/CVE-2019-10249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10250.json b/2019/10xxx/CVE-2019-10250.json new file mode 100644 index 00000000000..dfd0127a7e8 --- /dev/null +++ b/2019/10xxx/CVE-2019-10250.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/", + "refsource": "MISC", + "name": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10251.json b/2019/10xxx/CVE-2019-10251.json new file mode 100644 index 00000000000..5b72d12d0ab --- /dev/null +++ b/2019/10xxx/CVE-2019-10251.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/", + "refsource": "MISC", + "name": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/" + }, + { + "url": "https://news.drweb.com/show/?i=13176&c=38", + "refsource": "MISC", + "name": "https://news.drweb.com/show/?i=13176&c=38" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10252.json b/2019/10xxx/CVE-2019-10252.json new file mode 100644 index 00000000000..e63924ea9e9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10253.json b/2019/10xxx/CVE-2019-10253.json new file mode 100644 index 00000000000..96612bd3224 --- /dev/null +++ b/2019/10xxx/CVE-2019-10253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10254.json b/2019/10xxx/CVE-2019-10254.json new file mode 100644 index 00000000000..a6579bbf34a --- /dev/null +++ b/2019/10xxx/CVE-2019-10254.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/586cca384be6710b03e14bcbeb7588c1772604ec", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/586cca384be6710b03e14bcbeb7588c1772604ec" + }, + { + "url": "https://github.com/MISP/MISP/compare/f493659...0e4f66e", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/f493659...0e4f66e" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10255.json b/2019/10xxx/CVE-2019-10255.json new file mode 100644 index 00000000000..38202e7eaa2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10255.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed", + "refsource": "MISC", + "name": "https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed" + }, + { + "url": "https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb", + "refsource": "MISC", + "name": "https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb" + }, + { + "url": "https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b", + "refsource": "MISC", + "name": "https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b" + }, + { + "url": "https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c", + "refsource": "MISC", + "name": "https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c" + }, + { + "url": "https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4", + "refsource": "MISC", + "name": "https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10256.json b/2019/10xxx/CVE-2019-10256.json new file mode 100644 index 00000000000..8c943d3c425 --- /dev/null +++ b/2019/10xxx/CVE-2019-10256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10257.json b/2019/10xxx/CVE-2019-10257.json new file mode 100644 index 00000000000..8c2624a8572 --- /dev/null +++ b/2019/10xxx/CVE-2019-10257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10258.json b/2019/10xxx/CVE-2019-10258.json new file mode 100644 index 00000000000..bfffc5a5fc0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10259.json b/2019/10xxx/CVE-2019-10259.json new file mode 100644 index 00000000000..1a8020c4004 --- /dev/null +++ b/2019/10xxx/CVE-2019-10259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10260.json b/2019/10xxx/CVE-2019-10260.json new file mode 100644 index 00000000000..9718ca70aee --- /dev/null +++ b/2019/10xxx/CVE-2019-10260.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/totaljs/cms/commit/8b9d7dada998c08d172481d9f0fc0397c4b3c78d", + "refsource": "MISC", + "name": "https://github.com/totaljs/cms/commit/8b9d7dada998c08d172481d9f0fc0397c4b3c78d" + }, + { + "url": "https://github.com/totaljs/cms/commit/75205f93009db3cf8c0b0f4f1fc8ab82d70da8ad", + "refsource": "MISC", + "name": "https://github.com/totaljs/cms/commit/75205f93009db3cf8c0b0f4f1fc8ab82d70da8ad" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10261.json b/2019/10xxx/CVE-2019-10261.json new file mode 100644 index 00000000000..794311cd09a --- /dev/null +++ b/2019/10xxx/CVE-2019-10261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index 0501ba7ebd7..4fd63eb9387 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -116,6 +116,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K18549143", "url": "https://support.f5.com/csp/article/K18549143" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2019-02", + "url": "https://www.tenable.com/security/tns-2019-02" } ] } diff --git a/2019/1xxx/CVE-2019-1569.json b/2019/1xxx/CVE-2019-1569.json index ea043ca719a..85f58573085 100644 --- a/2019/1xxx/CVE-2019-1569.json +++ b/2019/1xxx/CVE-2019-1569.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1569", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1569", + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto", + "product": { + "product_data": [ + { + "product_name": "Palo Alto Networks Expedition Migration Tool", + "version": { + "version_data": [ + { + "version_value": "Expedition 1.1.8 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-13", + "url": "https://www.tenable.com/security/research/tra-2019-13" + }, + { + "refsource": "BID", + "name": "107564", + "url": "http://www.securityfocus.com/bid/107564" + }, + { + "refsource": "MISC", + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user." } ] } diff --git a/2019/1xxx/CVE-2019-1570.json b/2019/1xxx/CVE-2019-1570.json index ea95da6d8b5..8f00f3d1229 100644 --- a/2019/1xxx/CVE-2019-1570.json +++ b/2019/1xxx/CVE-2019-1570.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1570", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1570", + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto", + "product": { + "product_data": [ + { + "product_name": "Palo Alto Networks Expedition Migration Tool", + "version": { + "version_data": [ + { + "version_value": "Expedition 1.1.8 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-13", + "url": "https://www.tenable.com/security/research/tra-2019-13" + }, + { + "refsource": "BID", + "name": "107564", + "url": "http://www.securityfocus.com/bid/107564" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings." } ] } diff --git a/2019/1xxx/CVE-2019-1571.json b/2019/1xxx/CVE-2019-1571.json index 43241bb521d..a566e22caa9 100644 --- a/2019/1xxx/CVE-2019-1571.json +++ b/2019/1xxx/CVE-2019-1571.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1571", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1571", + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto", + "product": { + "product_data": [ + { + "product_name": "Palo Alto Networks Expedition Migration Tool", + "version": { + "version_data": [ + { + "version_value": "Expedition 1.1.8 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-13", + "url": "https://www.tenable.com/security/research/tra-2019-13" + }, + { + "refsource": "BID", + "name": "107564", + "url": "http://www.securityfocus.com/bid/107564" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings." } ] } diff --git a/2019/1xxx/CVE-2019-1572.json b/2019/1xxx/CVE-2019-1572.json index 007adbf1920..909840442b8 100644 --- a/2019/1xxx/CVE-2019-1572.json +++ b/2019/1xxx/CVE-2019-1572.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1572", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1572", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-1571. Reason: This candidate is a reservation duplicate of CVE-2019-1571. Notes: All CVE users should reference CVE-2019-1571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/1xxx/CVE-2019-1652.json b/2019/1xxx/CVE-2019-1652.json index 227e3541eae..b9aed84af72 100644 --- a/2019/1xxx/CVE-2019-1652.json +++ b/2019/1xxx/CVE-2019-1652.json @@ -81,6 +81,21 @@ "name": "106728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106728" + }, + { + "refsource": "FULLDISC", + "name": "20190327 [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval", + "url": "http://seclists.org/fulldisclosure/2019/Mar/61" + }, + { + "refsource": "BUGTRAQ", + "name": "20190327 [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval", + "url": "https://seclists.org/bugtraq/2019/Mar/55" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html" } ] }, diff --git a/2019/1xxx/CVE-2019-1653.json b/2019/1xxx/CVE-2019-1653.json index 9bd10c9b241..716353fc6be 100644 --- a/2019/1xxx/CVE-2019-1653.json +++ b/2019/1xxx/CVE-2019-1653.json @@ -91,6 +91,36 @@ "name": "46262", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46262/" + }, + { + "refsource": "FULLDISC", + "name": "20190327 [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval", + "url": "http://seclists.org/fulldisclosure/2019/Mar/60" + }, + { + "refsource": "FULLDISC", + "name": "20190327 [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export", + "url": "http://seclists.org/fulldisclosure/2019/Mar/59" + }, + { + "refsource": "BUGTRAQ", + "name": "20190327 [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval", + "url": "https://seclists.org/bugtraq/2019/Mar/54" + }, + { + "refsource": "BUGTRAQ", + "name": "20190327 [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export", + "url": "https://seclists.org/bugtraq/2019/Mar/53" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html", + "url": "http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html", + "url": "http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html" } ] }, diff --git a/2019/1xxx/CVE-2019-1737.json b/2019/1xxx/CVE-2019-1737.json index fe4b7b0e818..f0ffdba8ef3 100644 --- a/2019/1xxx/CVE-2019-1737.json +++ b/2019/1xxx/CVE-2019-1737.json @@ -1,8 +1,814 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1737", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS-XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7.0S" + }, + { + "version_affected": "=", + "version_value": "3.7.1S" + }, + { + "version_affected": "=", + "version_value": "3.7.2S" + }, + { + "version_affected": "=", + "version_value": "3.7.3S" + }, + { + "version_affected": "=", + "version_value": "3.7.4S" + }, + { + "version_affected": "=", + "version_value": "3.7.5S" + }, + { + "version_affected": "=", + "version_value": "3.7.6S" + }, + { + "version_affected": "=", + "version_value": "3.7.7S" + }, + { + "version_affected": "=", + "version_value": "3.7.8S" + }, + { + "version_affected": "=", + "version_value": "3.7.4aS" + }, + { + "version_affected": "=", + "version_value": "3.7.2tS" + }, + { + "version_affected": "=", + "version_value": "3.7.0bS" + }, + { + "version_affected": "=", + "version_value": "3.7.1aS" + }, + { + "version_affected": "=", + "version_value": "3.8.0S" + }, + { + "version_affected": "=", + "version_value": "3.8.1S" + }, + { + "version_affected": "=", + "version_value": "3.8.2S" + }, + { + "version_affected": "=", + "version_value": "3.9.1S" + }, + { + "version_affected": "=", + "version_value": "3.9.0S" + }, + { + "version_affected": "=", + "version_value": "3.9.2S" + }, + { + "version_affected": "=", + "version_value": "3.9.1aS" + }, + { + "version_affected": "=", + "version_value": "3.9.0aS" + }, + { + "version_affected": "=", + "version_value": "3.2.0SE" + }, + { + "version_affected": "=", + "version_value": "3.2.1SE" + }, + { + "version_affected": "=", + "version_value": "3.2.2SE" + }, + { + "version_affected": "=", + "version_value": "3.2.3SE" + }, + { + "version_affected": "=", + "version_value": "3.3.0SE" + }, + { + "version_affected": "=", + "version_value": "3.3.1SE" + }, + { + "version_affected": "=", + "version_value": "3.3.2SE" + }, + { + "version_affected": "=", + "version_value": "3.3.3SE" + }, + { + "version_affected": "=", + "version_value": "3.3.4SE" + }, + { + "version_affected": "=", + "version_value": "3.3.5SE" + }, + { + "version_affected": "=", + "version_value": "3.3.0XO" + }, + { + "version_affected": "=", + "version_value": "3.3.1XO" + }, + { + "version_affected": "=", + "version_value": "3.3.2XO" + }, + { + "version_affected": "=", + "version_value": "3.4.0SG" + }, + { + "version_affected": "=", + "version_value": "3.4.2SG" + }, + { + "version_affected": "=", + "version_value": "3.4.1SG" + }, + { + "version_affected": "=", + "version_value": "3.4.3SG" + }, + { + "version_affected": "=", + "version_value": "3.4.4SG" + }, + { + "version_affected": "=", + "version_value": "3.4.5SG" + }, + { + "version_affected": "=", + "version_value": "3.4.6SG" + }, + { + "version_affected": "=", + "version_value": "3.4.7SG" + }, + { + "version_affected": "=", + "version_value": "3.4.8SG" + }, + { + "version_affected": "=", + "version_value": "3.5.0E" + }, + { + "version_affected": "=", + "version_value": "3.5.1E" + }, + { + "version_affected": "=", + "version_value": "3.5.2E" + }, + { + "version_affected": "=", + "version_value": "3.5.3E" + }, + { + "version_affected": "=", + "version_value": "3.10.0S" + }, + { + "version_affected": "=", + "version_value": "3.10.1S" + }, + { + "version_affected": "=", + "version_value": "3.10.2S" + }, + { + "version_affected": "=", + "version_value": "3.10.3S" + }, + { + "version_affected": "=", + "version_value": "3.10.4S" + }, + { + "version_affected": "=", + "version_value": "3.10.5S" + }, + { + "version_affected": "=", + "version_value": "3.10.6S" + }, + { + "version_affected": "=", + "version_value": "3.10.2aS" + }, + { + "version_affected": "=", + "version_value": "3.10.2tS" + }, + { + "version_affected": "=", + "version_value": "3.10.7S" + }, + { + "version_affected": "=", + "version_value": "3.10.8S" + }, + { + "version_affected": "=", + "version_value": "3.10.8aS" + }, + { + "version_affected": "=", + "version_value": "3.10.9S" + }, + { + "version_affected": "=", + "version_value": "3.10.10S" + }, + { + "version_affected": "=", + "version_value": "3.11.1S" + }, + { + "version_affected": "=", + "version_value": "3.11.2S" + }, + { + "version_affected": "=", + "version_value": "3.11.0S" + }, + { + "version_affected": "=", + "version_value": "3.11.3S" + }, + { + "version_affected": "=", + "version_value": "3.11.4S" + }, + { + "version_affected": "=", + "version_value": "3.12.0S" + }, + { + "version_affected": "=", + "version_value": "3.12.1S" + }, + { + "version_affected": "=", + "version_value": "3.12.2S" + }, + { + "version_affected": "=", + "version_value": "3.12.3S" + }, + { + "version_affected": "=", + "version_value": "3.12.0aS" + }, + { + "version_affected": "=", + "version_value": "3.12.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.0S" + }, + { + "version_affected": "=", + "version_value": "3.13.1S" + }, + { + "version_affected": "=", + "version_value": "3.13.2S" + }, + { + "version_affected": "=", + "version_value": "3.13.3S" + }, + { + "version_affected": "=", + "version_value": "3.13.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.5S" + }, + { + "version_affected": "=", + "version_value": "3.13.2aS" + }, + { + "version_affected": "=", + "version_value": "3.13.0aS" + }, + { + "version_affected": "=", + "version_value": "3.13.5aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6S" + }, + { + "version_affected": "=", + "version_value": "3.13.7S" + }, + { + "version_affected": "=", + "version_value": "3.13.6aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6bS" + }, + { + "version_affected": "=", + "version_value": "3.13.7aS" + }, + { + "version_affected": "=", + "version_value": "3.13.8S" + }, + { + "version_affected": "=", + "version_value": "3.6.0E" + }, + { + "version_affected": "=", + "version_value": "3.6.1E" + }, + { + "version_affected": "=", + "version_value": "3.6.0aE" + }, + { + "version_affected": "=", + "version_value": "3.6.0bE" + }, + { + "version_affected": "=", + "version_value": "3.6.2aE" + }, + { + "version_affected": "=", + "version_value": "3.6.2E" + }, + { + "version_affected": "=", + "version_value": "3.6.3E" + }, + { + "version_affected": "=", + "version_value": "3.6.4E" + }, + { + "version_affected": "=", + "version_value": "3.6.5E" + }, + { + "version_affected": "=", + "version_value": "3.6.6E" + }, + { + "version_affected": "=", + "version_value": "3.6.5aE" + }, + { + "version_affected": "=", + "version_value": "3.6.5bE" + }, + { + "version_affected": "=", + "version_value": "3.6.7E" + }, + { + "version_affected": "=", + "version_value": "3.6.7aE" + }, + { + "version_affected": "=", + "version_value": "3.6.7bE" + }, + { + "version_affected": "=", + "version_value": "3.14.0S" + }, + { + "version_affected": "=", + "version_value": "3.14.1S" + }, + { + "version_affected": "=", + "version_value": "3.14.2S" + }, + { + "version_affected": "=", + "version_value": "3.14.3S" + }, + { + "version_affected": "=", + "version_value": "3.14.4S" + }, + { + "version_affected": "=", + "version_value": "3.15.0S" + }, + { + "version_affected": "=", + "version_value": "3.15.1S" + }, + { + "version_affected": "=", + "version_value": "3.15.2S" + }, + { + "version_affected": "=", + "version_value": "3.15.1cS" + }, + { + "version_affected": "=", + "version_value": "3.15.3S" + }, + { + "version_affected": "=", + "version_value": "3.15.4S" + }, + { + "version_affected": "=", + "version_value": "3.7.0E" + }, + { + "version_affected": "=", + "version_value": "3.7.1E" + }, + { + "version_affected": "=", + "version_value": "3.7.2E" + }, + { + "version_affected": "=", + "version_value": "3.7.3E" + }, + { + "version_affected": "=", + "version_value": "3.7.4E" + }, + { + "version_affected": "=", + "version_value": "3.7.5E" + }, + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.5bS" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "16.1.1" + }, + { + "version_affected": "=", + "version_value": "16.1.2" + }, + { + "version_affected": "=", + "version_value": "16.1.3" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "3.8.0E" + }, + { + "version_affected": "=", + "version_value": "3.8.1E" + }, + { + "version_affected": "=", + "version_value": "3.8.2E" + }, + { + "version_affected": "=", + "version_value": "3.8.3E" + }, + { + "version_affected": "=", + "version_value": "3.8.4E" + }, + { + "version_affected": "=", + "version_value": "3.8.5E" + }, + { + "version_affected": "=", + "version_value": "3.8.5aE" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + }, + { + "version_affected": "=", + "version_value": "3.9.0E" + }, + { + "version_affected": "=", + "version_value": "3.9.1E" + }, + { + "version_affected": "=", + "version_value": "3.9.2E" + }, + { + "version_affected": "=", + "version_value": "3.9.2bE" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "3.10.0E" + }, + { + "version_affected": "=", + "version_value": "3.10.0cE" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +817,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ipsla-dos" + }, + { + "refsource": "BID", + "name": "107604", + "url": "http://www.securityfocus.com/bid/107604" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-ipsla-dos", + "defect": [ + [ + "CSCvf37838" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1738.json b/2019/1xxx/CVE-2019-1738.json index b9f40a1977e..04abcabc370 100644 --- a/2019/1xxx/CVE-2019-1738.json +++ b/2019/1xxx/CVE-2019-1738.json @@ -1,8 +1,254 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1738", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS-XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +257,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar" + }, + { + "refsource": "BID", + "name": "107597", + "url": "http://www.securityfocus.com/bid/107597" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-nbar", + "defect": [ + [ + "CSCvb51688", + "CSCvc94856", + "CSCvc99155", + "CSCvf01501" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1739.json b/2019/1xxx/CVE-2019-1739.json index a67ec2253e4..b59045c7a30 100644 --- a/2019/1xxx/CVE-2019-1739.json +++ b/2019/1xxx/CVE-2019-1739.json @@ -1,8 +1,254 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1739", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and Cisco IOS-XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +257,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar" + }, + { + "refsource": "BID", + "name": "107597", + "url": "http://www.securityfocus.com/bid/107597" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-nbar", + "defect": [ + [ + "CSCvb51688", + "CSCvc94856", + "CSCvc99155", + "CSCvf01501" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1740.json b/2019/1xxx/CVE-2019-1740.json index bf74bd655fe..4930f4c051b 100644 --- a/2019/1xxx/CVE-2019-1740.json +++ b/2019/1xxx/CVE-2019-1740.json @@ -1,8 +1,254 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1740", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and Cisco IOS-XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +257,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar" + }, + { + "refsource": "BID", + "name": "107597", + "url": "http://www.securityfocus.com/bid/107597" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-nbar", + "defect": [ + [ + "CSCvb51688", + "CSCvc94856", + "CSCvc99155", + "CSCvf01501" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1741.json b/2019/1xxx/CVE-2019-1741.json index 94694a82f63..bd6daf1d36b 100644 --- a/2019/1xxx/CVE-2019-1741.json +++ b/2019/1xxx/CVE-2019-1741.json @@ -1,8 +1,86 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1741", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +89,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-eta-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-eta-dos", + "defect": [ + [ + "CSCvi77889" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1742.json b/2019/1xxx/CVE-2019-1742.json index 2608cb72b75..749607269aa 100644 --- a/2019/1xxx/CVE-2019-1742.json +++ b/2019/1xxx/CVE-2019-1742.json @@ -1,8 +1,122 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1742", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +125,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-16" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid" + }, + { + "refsource": "BID", + "name": "107600", + "url": "http://www.securityfocus.com/bid/107600" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-xeid", + "defect": [ + [ + "CSCvi36797" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1743.json b/2019/1xxx/CVE-2019-1743.json index f46b9b408c3..ae701e97d10 100644 --- a/2019/1xxx/CVE-2019-1743.json +++ b/2019/1xxx/CVE-2019-1743.json @@ -1,8 +1,154 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1743", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Arbitrary File Upload Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +157,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Arbitrary File Upload Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-afu" + }, + { + "refsource": "BID", + "name": "107591", + "url": "http://www.securityfocus.com/bid/107591" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-afu", + "defect": [ + [ + "CSCvi48984" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1745.json b/2019/1xxx/CVE-2019-1745.json index f46d097b82c..ecc0b86fc00 100644 --- a/2019/1xxx/CVE-2019-1745.json +++ b/2019/1xxx/CVE-2019-1745.json @@ -1,8 +1,650 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1745", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.10.0S" + }, + { + "version_affected": "=", + "version_value": "3.10.1S" + }, + { + "version_affected": "=", + "version_value": "3.10.2S" + }, + { + "version_affected": "=", + "version_value": "3.10.3S" + }, + { + "version_affected": "=", + "version_value": "3.10.4S" + }, + { + "version_affected": "=", + "version_value": "3.10.5S" + }, + { + "version_affected": "=", + "version_value": "3.10.6S" + }, + { + "version_affected": "=", + "version_value": "3.10.2aS" + }, + { + "version_affected": "=", + "version_value": "3.10.2tS" + }, + { + "version_affected": "=", + "version_value": "3.10.7S" + }, + { + "version_affected": "=", + "version_value": "3.10.8S" + }, + { + "version_affected": "=", + "version_value": "3.10.8aS" + }, + { + "version_affected": "=", + "version_value": "3.10.9S" + }, + { + "version_affected": "=", + "version_value": "3.10.10S" + }, + { + "version_affected": "=", + "version_value": "3.11.1S" + }, + { + "version_affected": "=", + "version_value": "3.11.2S" + }, + { + "version_affected": "=", + "version_value": "3.11.0S" + }, + { + "version_affected": "=", + "version_value": "3.11.3S" + }, + { + "version_affected": "=", + "version_value": "3.11.4S" + }, + { + "version_affected": "=", + "version_value": "3.12.0S" + }, + { + "version_affected": "=", + "version_value": "3.12.1S" + }, + { + "version_affected": "=", + "version_value": "3.12.2S" + }, + { + "version_affected": "=", + "version_value": "3.12.3S" + }, + { + "version_affected": "=", + "version_value": "3.12.0aS" + }, + { + "version_affected": "=", + "version_value": "3.12.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.0S" + }, + { + "version_affected": "=", + "version_value": "3.13.1S" + }, + { + "version_affected": "=", + "version_value": "3.13.2S" + }, + { + "version_affected": "=", + "version_value": "3.13.3S" + }, + { + "version_affected": "=", + "version_value": "3.13.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.5S" + }, + { + "version_affected": "=", + "version_value": "3.13.2aS" + }, + { + "version_affected": "=", + "version_value": "3.13.0aS" + }, + { + "version_affected": "=", + "version_value": "3.13.5aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6S" + }, + { + "version_affected": "=", + "version_value": "3.13.7S" + }, + { + "version_affected": "=", + "version_value": "3.13.6aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6bS" + }, + { + "version_affected": "=", + "version_value": "3.13.7aS" + }, + { + "version_affected": "=", + "version_value": "3.13.8S" + }, + { + "version_affected": "=", + "version_value": "3.13.9S" + }, + { + "version_affected": "=", + "version_value": "3.13.10S" + }, + { + "version_affected": "=", + "version_value": "3.14.0S" + }, + { + "version_affected": "=", + "version_value": "3.14.1S" + }, + { + "version_affected": "=", + "version_value": "3.14.2S" + }, + { + "version_affected": "=", + "version_value": "3.14.3S" + }, + { + "version_affected": "=", + "version_value": "3.14.4S" + }, + { + "version_affected": "=", + "version_value": "3.15.0S" + }, + { + "version_affected": "=", + "version_value": "3.15.1S" + }, + { + "version_affected": "=", + "version_value": "3.15.2S" + }, + { + "version_affected": "=", + "version_value": "3.15.1cS" + }, + { + "version_affected": "=", + "version_value": "3.15.3S" + }, + { + "version_affected": "=", + "version_value": "3.15.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.5bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7S" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7aS" + }, + { + "version_affected": "=", + "version_value": "3.16.7bS" + }, + { + "version_affected": "=", + "version_value": "3.16.8S" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "16.1.1" + }, + { + "version_affected": "=", + "version_value": "16.1.2" + }, + { + "version_affected": "=", + "version_value": "16.1.3" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.3.7" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3SP" + }, + { + "version_affected": "=", + "version_value": "3.18.4SP" + }, + { + "version_affected": "=", + "version_value": "3.18.3aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.5SP" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.6.4" + }, + { + "version_affected": "=", + "version_value": "16.6.4s" + }, + { + "version_affected": "=", + "version_value": "16.6.4a" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + }, + { + "version_affected": "=", + "version_value": "16.9.1" + }, + { + "version_affected": "=", + "version_value": "16.9.2" + }, + { + "version_affected": "=", + "version_value": "16.9.1a" + }, + { + "version_affected": "=", + "version_value": "16.9.1b" + }, + { + "version_affected": "=", + "version_value": "16.9.1s" + }, + { + "version_affected": "=", + "version_value": "16.9.1c" + }, + { + "version_affected": "=", + "version_value": "16.9.1d" + }, + { + "version_affected": "=", + "version_value": "16.9.2a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +653,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xecmd" + }, + { + "refsource": "BID", + "name": "107588", + "url": "http://www.securityfocus.com/bid/107588" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-xecmd", + "defect": [ + [ + "CSCvj61307" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1746.json b/2019/1xxx/CVE-2019-1746.json index c5cf802ae33..1604e363fcd 100644 --- a/2019/1xxx/CVE-2019-1746.json +++ b/2019/1xxx/CVE-2019-1746.json @@ -1,8 +1,402 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1746", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0SG" + }, + { + "version_affected": "=", + "version_value": "3.2.1SG" + }, + { + "version_affected": "=", + "version_value": "3.2.2SG" + }, + { + "version_affected": "=", + "version_value": "3.2.3SG" + }, + { + "version_affected": "=", + "version_value": "3.2.4SG" + }, + { + "version_affected": "=", + "version_value": "3.2.5SG" + }, + { + "version_affected": "=", + "version_value": "3.2.6SG" + }, + { + "version_affected": "=", + "version_value": "3.2.7SG" + }, + { + "version_affected": "=", + "version_value": "3.2.8SG" + }, + { + "version_affected": "=", + "version_value": "3.2.9SG" + }, + { + "version_affected": "=", + "version_value": "3.2.10SG" + }, + { + "version_affected": "=", + "version_value": "3.2.11SG" + }, + { + "version_affected": "=", + "version_value": "3.3.0SG" + }, + { + "version_affected": "=", + "version_value": "3.3.2SG" + }, + { + "version_affected": "=", + "version_value": "3.3.1SG" + }, + { + "version_affected": "=", + "version_value": "3.3.0XO" + }, + { + "version_affected": "=", + "version_value": "3.3.1XO" + }, + { + "version_affected": "=", + "version_value": "3.3.2XO" + }, + { + "version_affected": "=", + "version_value": "3.4.0SG" + }, + { + "version_affected": "=", + "version_value": "3.4.2SG" + }, + { + "version_affected": "=", + "version_value": "3.4.1SG" + }, + { + "version_affected": "=", + "version_value": "3.4.3SG" + }, + { + "version_affected": "=", + "version_value": "3.4.4SG" + }, + { + "version_affected": "=", + "version_value": "3.4.5SG" + }, + { + "version_affected": "=", + "version_value": "3.4.6SG" + }, + { + "version_affected": "=", + "version_value": "3.4.7SG" + }, + { + "version_affected": "=", + "version_value": "3.4.8SG" + }, + { + "version_affected": "=", + "version_value": "3.5.0E" + }, + { + "version_affected": "=", + "version_value": "3.5.1E" + }, + { + "version_affected": "=", + "version_value": "3.5.2E" + }, + { + "version_affected": "=", + "version_value": "3.5.3E" + }, + { + "version_affected": "=", + "version_value": "3.10.4S" + }, + { + "version_affected": "=", + "version_value": "3.12.0aS" + }, + { + "version_affected": "=", + "version_value": "3.6.0E" + }, + { + "version_affected": "=", + "version_value": "3.6.1E" + }, + { + "version_affected": "=", + "version_value": "3.6.0aE" + }, + { + "version_affected": "=", + "version_value": "3.6.0bE" + }, + { + "version_affected": "=", + "version_value": "3.6.2aE" + }, + { + "version_affected": "=", + "version_value": "3.6.2E" + }, + { + "version_affected": "=", + "version_value": "3.6.3E" + }, + { + "version_affected": "=", + "version_value": "3.6.4E" + }, + { + "version_affected": "=", + "version_value": "3.6.5E" + }, + { + "version_affected": "=", + "version_value": "3.6.6E" + }, + { + "version_affected": "=", + "version_value": "3.6.5aE" + }, + { + "version_affected": "=", + "version_value": "3.6.5bE" + }, + { + "version_affected": "=", + "version_value": "3.6.7E" + }, + { + "version_affected": "=", + "version_value": "3.6.8E" + }, + { + "version_affected": "=", + "version_value": "3.6.7aE" + }, + { + "version_affected": "=", + "version_value": "3.6.7bE" + }, + { + "version_affected": "=", + "version_value": "3.6.9E" + }, + { + "version_affected": "=", + "version_value": "3.6.10E" + }, + { + "version_affected": "=", + "version_value": "3.3.0SQ" + }, + { + "version_affected": "=", + "version_value": "3.3.1SQ" + }, + { + "version_affected": "=", + "version_value": "3.4.0SQ" + }, + { + "version_affected": "=", + "version_value": "3.4.1SQ" + }, + { + "version_affected": "=", + "version_value": "3.7.0E" + }, + { + "version_affected": "=", + "version_value": "3.7.1E" + }, + { + "version_affected": "=", + "version_value": "3.7.2E" + }, + { + "version_affected": "=", + "version_value": "3.7.3E" + }, + { + "version_affected": "=", + "version_value": "3.7.4E" + }, + { + "version_affected": "=", + "version_value": "3.7.5E" + }, + { + "version_affected": "=", + "version_value": "3.5.0SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.1SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.2SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.3SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.4SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.5SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.6SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.7SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.8SQ" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.10S" + }, + { + "version_affected": "=", + "version_value": "3.8.0E" + }, + { + "version_affected": "=", + "version_value": "3.8.1E" + }, + { + "version_affected": "=", + "version_value": "3.8.2E" + }, + { + "version_affected": "=", + "version_value": "3.8.3E" + }, + { + "version_affected": "=", + "version_value": "3.8.4E" + }, + { + "version_affected": "=", + "version_value": "3.8.5E" + }, + { + "version_affected": "=", + "version_value": "3.8.5aE" + }, + { + "version_affected": "=", + "version_value": "3.8.6E" + }, + { + "version_affected": "=", + "version_value": "3.8.7E" + }, + { + "version_affected": "=", + "version_value": "3.9.0E" + }, + { + "version_affected": "=", + "version_value": "3.9.1E" + }, + { + "version_affected": "=", + "version_value": "3.9.2E" + }, + { + "version_affected": "=", + "version_value": "3.9.2bE" + }, + { + "version_affected": "=", + "version_value": "16.9.2h" + }, + { + "version_affected": "=", + "version_value": "3.10.0E" + }, + { + "version_affected": "=", + "version_value": "3.10.1E" + }, + { + "version_affected": "=", + "version_value": "3.10.0cE" + }, + { + "version_affected": "=", + "version_value": "3.10.1aE" + }, + { + "version_affected": "=", + "version_value": "3.10.1sE" + }, + { + "version_affected": "=", + "version_value": "16.12.1" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +405,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-cmp-dos", + "defect": [ + [ + "CSCvj25068", + "CSCvj25124" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1747.json b/2019/1xxx/CVE-2019-1747.json index 0a2e6ea1915..d83baee5501 100644 --- a/2019/1xxx/CVE-2019-1747.json +++ b/2019/1xxx/CVE-2019-1747.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1747", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.10.1" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-sms-dos" + }, + { + "refsource": "BID", + "name": "107599", + "url": "http://www.securityfocus.com/bid/107599" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-sms-dos", + "defect": [ + [ + "CSCvm07801" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1748.json b/2019/1xxx/CVE-2019-1748.json index 378d1b092e9..df3fe8cab52 100644 --- a/2019/1xxx/CVE-2019-1748.json +++ b/2019/1xxx/CVE-2019-1748.json @@ -1,8 +1,758 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1748", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7.7S" + }, + { + "version_affected": "=", + "version_value": "3.9.1S" + }, + { + "version_affected": "=", + "version_value": "3.9.0S" + }, + { + "version_affected": "=", + "version_value": "3.9.2S" + }, + { + "version_affected": "=", + "version_value": "3.9.1aS" + }, + { + "version_affected": "=", + "version_value": "3.9.0aS" + }, + { + "version_affected": "=", + "version_value": "3.3.0SE" + }, + { + "version_affected": "=", + "version_value": "3.3.1SE" + }, + { + "version_affected": "=", + "version_value": "3.3.2SE" + }, + { + "version_affected": "=", + "version_value": "3.3.3SE" + }, + { + "version_affected": "=", + "version_value": "3.3.4SE" + }, + { + "version_affected": "=", + "version_value": "3.3.5SE" + }, + { + "version_affected": "=", + "version_value": "3.3.0XO" + }, + { + "version_affected": "=", + "version_value": "3.3.1XO" + }, + { + "version_affected": "=", + "version_value": "3.3.2XO" + }, + { + "version_affected": "=", + "version_value": "3.5.0E" + }, + { + "version_affected": "=", + "version_value": "3.5.1E" + }, + { + "version_affected": "=", + "version_value": "3.5.2E" + }, + { + "version_affected": "=", + "version_value": "3.5.3E" + }, + { + "version_affected": "=", + "version_value": "3.10.0S" + }, + { + "version_affected": "=", + "version_value": "3.10.1S" + }, + { + "version_affected": "=", + "version_value": "3.10.2S" + }, + { + "version_affected": "=", + "version_value": "3.10.3S" + }, + { + "version_affected": "=", + "version_value": "3.10.4S" + }, + { + "version_affected": "=", + "version_value": "3.10.5S" + }, + { + "version_affected": "=", + "version_value": "3.10.6S" + }, + { + "version_affected": "=", + "version_value": "3.10.2aS" + }, + { + "version_affected": "=", + "version_value": "3.10.2tS" + }, + { + "version_affected": "=", + "version_value": "3.10.7S" + }, + { + "version_affected": "=", + "version_value": "3.10.8S" + }, + { + "version_affected": "=", + "version_value": "3.10.8aS" + }, + { + "version_affected": "=", + "version_value": "3.10.9S" + }, + { + "version_affected": "=", + "version_value": "3.10.10S" + }, + { + "version_affected": "=", + "version_value": "3.11.1S" + }, + { + "version_affected": "=", + "version_value": "3.11.2S" + }, + { + "version_affected": "=", + "version_value": "3.11.0S" + }, + { + "version_affected": "=", + "version_value": "3.11.3S" + }, + { + "version_affected": "=", + "version_value": "3.11.4S" + }, + { + "version_affected": "=", + "version_value": "3.12.0S" + }, + { + "version_affected": "=", + "version_value": "3.12.1S" + }, + { + "version_affected": "=", + "version_value": "3.12.2S" + }, + { + "version_affected": "=", + "version_value": "3.12.3S" + }, + { + "version_affected": "=", + "version_value": "3.12.0aS" + }, + { + "version_affected": "=", + "version_value": "3.12.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.0S" + }, + { + "version_affected": "=", + "version_value": "3.13.1S" + }, + { + "version_affected": "=", + "version_value": "3.13.2S" + }, + { + "version_affected": "=", + "version_value": "3.13.3S" + }, + { + "version_affected": "=", + "version_value": "3.13.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.5S" + }, + { + "version_affected": "=", + "version_value": "3.13.2aS" + }, + { + "version_affected": "=", + "version_value": "3.13.0aS" + }, + { + "version_affected": "=", + "version_value": "3.13.5aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6S" + }, + { + "version_affected": "=", + "version_value": "3.13.7S" + }, + { + "version_affected": "=", + "version_value": "3.13.6aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6bS" + }, + { + "version_affected": "=", + "version_value": "3.13.7aS" + }, + { + "version_affected": "=", + "version_value": "3.13.8S" + }, + { + "version_affected": "=", + "version_value": "3.13.9S" + }, + { + "version_affected": "=", + "version_value": "3.6.0E" + }, + { + "version_affected": "=", + "version_value": "3.6.1E" + }, + { + "version_affected": "=", + "version_value": "3.6.0aE" + }, + { + "version_affected": "=", + "version_value": "3.6.0bE" + }, + { + "version_affected": "=", + "version_value": "3.6.2aE" + }, + { + "version_affected": "=", + "version_value": "3.6.2E" + }, + { + "version_affected": "=", + "version_value": "3.6.3E" + }, + { + "version_affected": "=", + "version_value": "3.6.4E" + }, + { + "version_affected": "=", + "version_value": "3.6.5E" + }, + { + "version_affected": "=", + "version_value": "3.6.6E" + }, + { + "version_affected": "=", + "version_value": "3.6.5aE" + }, + { + "version_affected": "=", + "version_value": "3.6.5bE" + }, + { + "version_affected": "=", + "version_value": "3.6.7E" + }, + { + "version_affected": "=", + "version_value": "3.6.7aE" + }, + { + "version_affected": "=", + "version_value": "3.6.7bE" + }, + { + "version_affected": "=", + "version_value": "3.6.9E" + }, + { + "version_affected": "=", + "version_value": "3.6.10E" + }, + { + "version_affected": "=", + "version_value": "3.6.9aE" + }, + { + "version_affected": "=", + "version_value": "3.14.0S" + }, + { + "version_affected": "=", + "version_value": "3.14.1S" + }, + { + "version_affected": "=", + "version_value": "3.14.2S" + }, + { + "version_affected": "=", + "version_value": "3.14.3S" + }, + { + "version_affected": "=", + "version_value": "3.14.4S" + }, + { + "version_affected": "=", + "version_value": "3.15.0S" + }, + { + "version_affected": "=", + "version_value": "3.15.1S" + }, + { + "version_affected": "=", + "version_value": "3.15.2S" + }, + { + "version_affected": "=", + "version_value": "3.15.1cS" + }, + { + "version_affected": "=", + "version_value": "3.15.3S" + }, + { + "version_affected": "=", + "version_value": "3.15.4S" + }, + { + "version_affected": "=", + "version_value": "3.7.0E" + }, + { + "version_affected": "=", + "version_value": "3.7.1E" + }, + { + "version_affected": "=", + "version_value": "3.7.2E" + }, + { + "version_affected": "=", + "version_value": "3.7.3E" + }, + { + "version_affected": "=", + "version_value": "3.7.4E" + }, + { + "version_affected": "=", + "version_value": "3.7.5E" + }, + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.5bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7S" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7aS" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "16.1.1" + }, + { + "version_affected": "=", + "version_value": "16.1.2" + }, + { + "version_affected": "=", + "version_value": "16.1.3" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "3.8.0E" + }, + { + "version_affected": "=", + "version_value": "3.8.1E" + }, + { + "version_affected": "=", + "version_value": "3.8.2E" + }, + { + "version_affected": "=", + "version_value": "3.8.3E" + }, + { + "version_affected": "=", + "version_value": "3.8.4E" + }, + { + "version_affected": "=", + "version_value": "3.8.5E" + }, + { + "version_affected": "=", + "version_value": "3.8.5aE" + }, + { + "version_affected": "=", + "version_value": "3.8.6E" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3SP" + }, + { + "version_affected": "=", + "version_value": "3.18.4SP" + }, + { + "version_affected": "=", + "version_value": "3.18.3aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.5SP" + }, + { + "version_affected": "=", + "version_value": "3.9.0E" + }, + { + "version_affected": "=", + "version_value": "3.9.1E" + }, + { + "version_affected": "=", + "version_value": "3.9.2E" + }, + { + "version_affected": "=", + "version_value": "3.9.2bE" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "3.10.0E" + }, + { + "version_affected": "=", + "version_value": "3.10.0cE" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +761,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-pnp-cert", + "defect": [ + [ + "CSCvf36269", + "CSCvg01089" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1749.json b/2019/1xxx/CVE-2019-1749.json index 5218be3ab84..5c2d731ae53 100644 --- a/2019/1xxx/CVE-2019-1749.json +++ b/2019/1xxx/CVE-2019-1749.json @@ -1,8 +1,226 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1749", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.13.6aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.7S" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7bS" + }, + { + "version_affected": "=", + "version_value": "3.16.8S" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3SP" + }, + { + "version_affected": "=", + "version_value": "3.18.4SP" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.6.4" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +229,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-rsp3-ospf" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-rsp3-ospf", + "defect": [ + [ + "CSCvh06656" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1750.json b/2019/1xxx/CVE-2019-1750.json index 5c7445e28c0..02e2d9c5768 100644 --- a/2019/1xxx/CVE-2019-1750.json +++ b/2019/1xxx/CVE-2019-1750.json @@ -1,8 +1,198 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1750", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.6.0E" + }, + { + "version_affected": "=", + "version_value": "3.6.1E" + }, + { + "version_affected": "=", + "version_value": "3.6.0aE" + }, + { + "version_affected": "=", + "version_value": "3.6.0bE" + }, + { + "version_affected": "=", + "version_value": "3.6.2aE" + }, + { + "version_affected": "=", + "version_value": "3.6.2E" + }, + { + "version_affected": "=", + "version_value": "3.6.3E" + }, + { + "version_affected": "=", + "version_value": "3.6.4E" + }, + { + "version_affected": "=", + "version_value": "3.6.5E" + }, + { + "version_affected": "=", + "version_value": "3.6.6E" + }, + { + "version_affected": "=", + "version_value": "3.6.5aE" + }, + { + "version_affected": "=", + "version_value": "3.6.5bE" + }, + { + "version_affected": "=", + "version_value": "3.6.7E" + }, + { + "version_affected": "=", + "version_value": "3.6.8E" + }, + { + "version_affected": "=", + "version_value": "3.6.7aE" + }, + { + "version_affected": "=", + "version_value": "3.6.7bE" + }, + { + "version_affected": "=", + "version_value": "3.6.9E" + }, + { + "version_affected": "=", + "version_value": "3.6.10E" + }, + { + "version_affected": "=", + "version_value": "3.7.0E" + }, + { + "version_affected": "=", + "version_value": "3.7.1E" + }, + { + "version_affected": "=", + "version_value": "3.7.2E" + }, + { + "version_affected": "=", + "version_value": "3.7.3E" + }, + { + "version_affected": "=", + "version_value": "3.8.0E" + }, + { + "version_affected": "=", + "version_value": "3.8.1E" + }, + { + "version_affected": "=", + "version_value": "3.8.2E" + }, + { + "version_affected": "=", + "version_value": "3.8.3E" + }, + { + "version_affected": "=", + "version_value": "3.8.4E" + }, + { + "version_affected": "=", + "version_value": "3.8.5E" + }, + { + "version_affected": "=", + "version_value": "3.8.5aE" + }, + { + "version_affected": "=", + "version_value": "3.8.6E" + }, + { + "version_affected": "=", + "version_value": "3.8.7E" + }, + { + "version_affected": "=", + "version_value": "3.9.0E" + }, + { + "version_affected": "=", + "version_value": "3.9.1E" + }, + { + "version_affected": "=", + "version_value": "3.9.2E" + }, + { + "version_affected": "=", + "version_value": "3.9.2bE" + }, + { + "version_affected": "=", + "version_value": "16.9.2h" + }, + { + "version_affected": "=", + "version_value": "3.10.0E" + }, + { + "version_affected": "=", + "version_value": "3.10.1E" + }, + { + "version_affected": "=", + "version_value": "3.10.0cE" + }, + { + "version_affected": "=", + "version_value": "3.10.2E" + }, + { + "version_affected": "=", + "version_value": "3.10.1aE" + }, + { + "version_affected": "=", + "version_value": "3.10.1sE" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +201,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss" + }, + { + "refsource": "BID", + "name": "107607", + "url": "http://www.securityfocus.com/bid/107607" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-evss", + "defect": [ + [ + "CSCvk24566" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1751.json b/2019/1xxx/CVE-2019-1751.json index f80bc1b83e0..a6fcdbc5690 100644 --- a/2019/1xxx/CVE-2019-1751.json +++ b/2019/1xxx/CVE-2019-1751.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1751", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS Software NAT64 Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.x" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS Software NAT64 Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nat64" + }, + { + "refsource": "BID", + "name": "107601", + "url": "http://www.securityfocus.com/bid/107601" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-nat64", + "defect": [ + [ + "CSCvk61580" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1752.json b/2019/1xxx/CVE-2019-1752.json index 9875862fc2c..6d225a9cd07 100644 --- a/2019/1xxx/CVE-2019-1752.json +++ b/2019/1xxx/CVE-2019-1752.json @@ -1,8 +1,550 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1752", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.8.0S" + }, + { + "version_affected": "=", + "version_value": "3.8.1S" + }, + { + "version_affected": "=", + "version_value": "3.8.2S" + }, + { + "version_affected": "=", + "version_value": "3.9.1S" + }, + { + "version_affected": "=", + "version_value": "3.9.0S" + }, + { + "version_affected": "=", + "version_value": "3.9.2S" + }, + { + "version_affected": "=", + "version_value": "3.9.1aS" + }, + { + "version_affected": "=", + "version_value": "3.9.0aS" + }, + { + "version_affected": "=", + "version_value": "3.10.0S" + }, + { + "version_affected": "=", + "version_value": "3.10.1S" + }, + { + "version_affected": "=", + "version_value": "3.10.2S" + }, + { + "version_affected": "=", + "version_value": "3.10.3S" + }, + { + "version_affected": "=", + "version_value": "3.10.4S" + }, + { + "version_affected": "=", + "version_value": "3.10.5S" + }, + { + "version_affected": "=", + "version_value": "3.10.6S" + }, + { + "version_affected": "=", + "version_value": "3.10.2aS" + }, + { + "version_affected": "=", + "version_value": "3.10.2tS" + }, + { + "version_affected": "=", + "version_value": "3.10.7S" + }, + { + "version_affected": "=", + "version_value": "3.10.8S" + }, + { + "version_affected": "=", + "version_value": "3.10.8aS" + }, + { + "version_affected": "=", + "version_value": "3.10.9S" + }, + { + "version_affected": "=", + "version_value": "3.10.10S" + }, + { + "version_affected": "=", + "version_value": "3.11.1S" + }, + { + "version_affected": "=", + "version_value": "3.11.2S" + }, + { + "version_affected": "=", + "version_value": "3.11.0S" + }, + { + "version_affected": "=", + "version_value": "3.11.3S" + }, + { + "version_affected": "=", + "version_value": "3.11.4S" + }, + { + "version_affected": "=", + "version_value": "3.12.0S" + }, + { + "version_affected": "=", + "version_value": "3.12.1S" + }, + { + "version_affected": "=", + "version_value": "3.12.2S" + }, + { + "version_affected": "=", + "version_value": "3.12.3S" + }, + { + "version_affected": "=", + "version_value": "3.12.0aS" + }, + { + "version_affected": "=", + "version_value": "3.12.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.0S" + }, + { + "version_affected": "=", + "version_value": "3.13.1S" + }, + { + "version_affected": "=", + "version_value": "3.13.2S" + }, + { + "version_affected": "=", + "version_value": "3.13.3S" + }, + { + "version_affected": "=", + "version_value": "3.13.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.5S" + }, + { + "version_affected": "=", + "version_value": "3.13.2aS" + }, + { + "version_affected": "=", + "version_value": "3.13.5aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6S" + }, + { + "version_affected": "=", + "version_value": "3.13.7S" + }, + { + "version_affected": "=", + "version_value": "3.13.6aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6bS" + }, + { + "version_affected": "=", + "version_value": "3.13.7aS" + }, + { + "version_affected": "=", + "version_value": "3.13.8S" + }, + { + "version_affected": "=", + "version_value": "3.13.9S" + }, + { + "version_affected": "=", + "version_value": "3.13.10S" + }, + { + "version_affected": "=", + "version_value": "3.14.0S" + }, + { + "version_affected": "=", + "version_value": "3.14.1S" + }, + { + "version_affected": "=", + "version_value": "3.14.2S" + }, + { + "version_affected": "=", + "version_value": "3.14.3S" + }, + { + "version_affected": "=", + "version_value": "3.14.4S" + }, + { + "version_affected": "=", + "version_value": "3.15.0S" + }, + { + "version_affected": "=", + "version_value": "3.15.1S" + }, + { + "version_affected": "=", + "version_value": "3.15.2S" + }, + { + "version_affected": "=", + "version_value": "3.15.1cS" + }, + { + "version_affected": "=", + "version_value": "3.15.3S" + }, + { + "version_affected": "=", + "version_value": "3.15.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.5bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7S" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7aS" + }, + { + "version_affected": "=", + "version_value": "3.16.7bS" + }, + { + "version_affected": "=", + "version_value": "3.16.8S" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.3.7" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3SP" + }, + { + "version_affected": "=", + "version_value": "3.18.4SP" + }, + { + "version_affected": "=", + "version_value": "3.18.3aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.5SP" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.6.4" + }, + { + "version_affected": "=", + "version_value": "16.6.4s" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.7.3" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +553,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn" + }, + { + "refsource": "BID", + "name": "107589", + "url": "http://www.securityfocus.com/bid/107589" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-isdn", + "defect": [ + [ + "CSCuz74957", + "CSCvk01977" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1753.json b/2019/1xxx/CVE-2019-1753.json index 311a07e2008..03ed5bff106 100644 --- a/2019/1xxx/CVE-2019-1753.json +++ b/2019/1xxx/CVE-2019-1753.json @@ -1,8 +1,182 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1753", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Privilege Escalation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.6.10E" + }, + { + "version_affected": "=", + "version_value": "16.1.1" + }, + { + "version_affected": "=", + "version_value": "16.1.2" + }, + { + "version_affected": "=", + "version_value": "16.1.3" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.3.7" + }, + { + "version_affected": "=", + "version_value": "16.3.8" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +185,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-pe" + }, + { + "refsource": "BID", + "name": "107602", + "url": "http://www.securityfocus.com/bid/107602" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-iosxe-pe", + "defect": [ + [ + "CSCvi42203", + "CSCvi42203" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1754.json b/2019/1xxx/CVE-2019-1754.json index e2cea6b44a0..4cf69f105f8 100644 --- a/2019/1xxx/CVE-2019-1754.json +++ b/2019/1xxx/CVE-2019-1754.json @@ -1,8 +1,94 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1754", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Privilege Escalation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + }, + { + "version_affected": "=", + "version_value": "16.9.1b" + }, + { + "version_affected": "=", + "version_value": "16.9.1s" + }, + { + "version_affected": "=", + "version_value": "16.9.1c" + }, + { + "version_affected": "=", + "version_value": "16.9.1d" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +97,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc" + }, + { + "refsource": "BID", + "name": "107590", + "url": "http://www.securityfocus.com/bid/107590" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-iosxe-privesc", + "defect": [ + [ + "CSCvi36813" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1755.json b/2019/1xxx/CVE-2019-1755.json index 15e54b3fd4d..46cda8327e6 100644 --- a/2019/1xxx/CVE-2019-1755.json +++ b/2019/1xxx/CVE-2019-1755.json @@ -1,8 +1,182 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1755", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.6.10E" + }, + { + "version_affected": "=", + "version_value": "16.1.1" + }, + { + "version_affected": "=", + "version_value": "16.1.2" + }, + { + "version_affected": "=", + "version_value": "16.1.3" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.3.7" + }, + { + "version_affected": "=", + "version_value": "16.3.8" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +185,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj" + }, + { + "refsource": "BID", + "name": "107380", + "url": "http://www.securityfocus.com/bid/107380" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-iosxe-cmdinj", + "defect": [ + [ + "CSCvi36824", + "CSCvi36824" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1756.json b/2019/1xxx/CVE-2019-1756.json index 576641c1679..0ce5c19c850 100644 --- a/2019/1xxx/CVE-2019-1756.json +++ b/2019/1xxx/CVE-2019-1756.json @@ -1,8 +1,86 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1756", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.7.3" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +89,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject" + }, + { + "refsource": "BID", + "name": "107598", + "url": "http://www.securityfocus.com/bid/107598" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-iosxe-cmdinject", + "defect": [ + [ + "CSCvi36805" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1757.json b/2019/1xxx/CVE-2019-1757.json index 681735d4e7b..6f4876ffce1 100644 --- a/2019/1xxx/CVE-2019-1757.json +++ b/2019/1xxx/CVE-2019-1757.json @@ -1,8 +1,466 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1757", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.6.4E" + }, + { + "version_affected": "=", + "version_value": "3.6.5E" + }, + { + "version_affected": "=", + "version_value": "3.6.6E" + }, + { + "version_affected": "=", + "version_value": "3.6.5aE" + }, + { + "version_affected": "=", + "version_value": "3.6.5bE" + }, + { + "version_affected": "=", + "version_value": "3.6.7E" + }, + { + "version_affected": "=", + "version_value": "3.6.8E" + }, + { + "version_affected": "=", + "version_value": "3.6.7aE" + }, + { + "version_affected": "=", + "version_value": "3.6.7bE" + }, + { + "version_affected": "=", + "version_value": "3.7.4E" + }, + { + "version_affected": "=", + "version_value": "3.7.5E" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.5bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7S" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7aS" + }, + { + "version_affected": "=", + "version_value": "3.16.7bS" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "3.8.2E" + }, + { + "version_affected": "=", + "version_value": "3.8.3E" + }, + { + "version_affected": "=", + "version_value": "3.8.4E" + }, + { + "version_affected": "=", + "version_value": "3.8.5E" + }, + { + "version_affected": "=", + "version_value": "3.8.5aE" + }, + { + "version_affected": "=", + "version_value": "3.8.6E" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3SP" + }, + { + "version_affected": "=", + "version_value": "3.18.4SP" + }, + { + "version_affected": "=", + "version_value": "3.18.3aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3bSP" + }, + { + "version_affected": "=", + "version_value": "3.9.0E" + }, + { + "version_affected": "=", + "version_value": "3.9.1E" + }, + { + "version_affected": "=", + "version_value": "3.9.2E" + }, + { + "version_affected": "=", + "version_value": "3.9.2bE" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.2" + }, + { + "version_affected": "=", + "version_value": "16.9.1b" + }, + { + "version_affected": "=", + "version_value": "16.9.1s" + }, + { + "version_affected": "=", + "version_value": "16.9.1c" + }, + { + "version_affected": "=", + "version_value": "3.10.0E" + }, + { + "version_affected": "=", + "version_value": "3.10.1E" + }, + { + "version_affected": "=", + "version_value": "3.10.0cE" + }, + { + "version_affected": "=", + "version_value": "3.10.1aE" + }, + { + "version_affected": "=", + "version_value": "3.10.1sE" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +469,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "" + } + ], + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-call-home-cert", + "defect": [ + [ + "CSCvg83741" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1758.json b/2019/1xxx/CVE-2019-1758.json index 3ee54e56eee..b73a480b5a3 100644 --- a/2019/1xxx/CVE-2019-1758.json +++ b/2019/1xxx/CVE-2019-1758.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1758", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.2(60)EZ12" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-c6500", + "defect": [ + [ + "CSCvk25074" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1759.json b/2019/1xxx/CVE-2019-1759.json index 1201702e31b..321dad51d9f 100644 --- a/2019/1xxx/CVE-2019-1759.json +++ b/2019/1xxx/CVE-2019-1759.json @@ -1,8 +1,210 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1759", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.3.7" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.6.4" + }, + { + "version_affected": "=", + "version_value": "16.6.4s" + }, + { + "version_affected": "=", + "version_value": "16.6.4a" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + }, + { + "version_affected": "=", + "version_value": "16.9.1" + }, + { + "version_affected": "=", + "version_value": "16.9.2" + }, + { + "version_affected": "=", + "version_value": "16.9.1a" + }, + { + "version_affected": "=", + "version_value": "16.9.1b" + }, + { + "version_affected": "=", + "version_value": "16.9.1s" + }, + { + "version_affected": "=", + "version_value": "16.9.1c" + }, + { + "version_affected": "=", + "version_value": "16.9.1d" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +213,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-mgmtacl" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-mgmtacl", + "defect": [ + [ + "CSCvk47405", + "CSCvm97704" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1760.json b/2019/1xxx/CVE-2019-1760.json index 0f7c7d2756a..75d97006211 100644 --- a/2019/1xxx/CVE-2019-1760.json +++ b/2019/1xxx/CVE-2019-1760.json @@ -1,8 +1,194 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1760", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.5bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7S" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7aS" + }, + { + "version_affected": "=", + "version_value": "3.16.7bS" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +197,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-pfrv3", + "defect": [ + [ + "CSCvj55896" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1761.json b/2019/1xxx/CVE-2019-1761.json index b2854e444da..34f886d2981 100644 --- a/2019/1xxx/CVE-2019-1761.json +++ b/2019/1xxx/CVE-2019-1761.json @@ -1,8 +1,1118 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1761", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0SG" + }, + { + "version_affected": "=", + "version_value": "3.2.1SG" + }, + { + "version_affected": "=", + "version_value": "3.2.2SG" + }, + { + "version_affected": "=", + "version_value": "3.2.3SG" + }, + { + "version_affected": "=", + "version_value": "3.2.4SG" + }, + { + "version_affected": "=", + "version_value": "3.2.5SG" + }, + { + "version_affected": "=", + "version_value": "3.2.6SG" + }, + { + "version_affected": "=", + "version_value": "3.2.7SG" + }, + { + "version_affected": "=", + "version_value": "3.2.8SG" + }, + { + "version_affected": "=", + "version_value": "3.2.9SG" + }, + { + "version_affected": "=", + "version_value": "3.2.10SG" + }, + { + "version_affected": "=", + "version_value": "3.2.11SG" + }, + { + "version_affected": "=", + "version_value": "3.7.0S" + }, + { + "version_affected": "=", + "version_value": "3.7.1S" + }, + { + "version_affected": "=", + "version_value": "3.7.2S" + }, + { + "version_affected": "=", + "version_value": "3.7.3S" + }, + { + "version_affected": "=", + "version_value": "3.7.4S" + }, + { + "version_affected": "=", + "version_value": "3.7.5S" + }, + { + "version_affected": "=", + "version_value": "3.7.6S" + }, + { + "version_affected": "=", + "version_value": "3.7.7S" + }, + { + "version_affected": "=", + "version_value": "3.7.8S" + }, + { + "version_affected": "=", + "version_value": "3.7.4aS" + }, + { + "version_affected": "=", + "version_value": "3.7.2tS" + }, + { + "version_affected": "=", + "version_value": "3.7.0bS" + }, + { + "version_affected": "=", + "version_value": "3.7.1aS" + }, + { + "version_affected": "=", + "version_value": "3.3.0SG" + }, + { + "version_affected": "=", + "version_value": "3.3.2SG" + }, + { + "version_affected": "=", + "version_value": "3.3.1SG" + }, + { + "version_affected": "=", + "version_value": "3.8.0S" + }, + { + "version_affected": "=", + "version_value": "3.8.1S" + }, + { + "version_affected": "=", + "version_value": "3.8.2S" + }, + { + "version_affected": "=", + "version_value": "3.9.1S" + }, + { + "version_affected": "=", + "version_value": "3.9.0S" + }, + { + "version_affected": "=", + "version_value": "3.9.2S" + }, + { + "version_affected": "=", + "version_value": "3.9.1aS" + }, + { + "version_affected": "=", + "version_value": "3.9.0aS" + }, + { + "version_affected": "=", + "version_value": "3.2.0SE" + }, + { + "version_affected": "=", + "version_value": "3.2.1SE" + }, + { + "version_affected": "=", + "version_value": "3.2.2SE" + }, + { + "version_affected": "=", + "version_value": "3.2.3SE" + }, + { + "version_affected": "=", + "version_value": "3.3.0SE" + }, + { + "version_affected": "=", + "version_value": "3.3.1SE" + }, + { + "version_affected": "=", + "version_value": "3.3.2SE" + }, + { + "version_affected": "=", + "version_value": "3.3.3SE" + }, + { + "version_affected": "=", + "version_value": "3.3.4SE" + }, + { + "version_affected": "=", + "version_value": "3.3.5SE" + }, + { + "version_affected": "=", + "version_value": "3.3.0XO" + }, + { + "version_affected": "=", + "version_value": "3.3.1XO" + }, + { + "version_affected": "=", + "version_value": "3.3.2XO" + }, + { + "version_affected": "=", + "version_value": "3.4.0SG" + }, + { + "version_affected": "=", + "version_value": "3.4.2SG" + }, + { + "version_affected": "=", + "version_value": "3.4.1SG" + }, + { + "version_affected": "=", + "version_value": "3.4.3SG" + }, + { + "version_affected": "=", + "version_value": "3.4.4SG" + }, + { + "version_affected": "=", + "version_value": "3.4.5SG" + }, + { + "version_affected": "=", + "version_value": "3.4.6SG" + }, + { + "version_affected": "=", + "version_value": "3.4.7SG" + }, + { + "version_affected": "=", + "version_value": "3.4.8SG" + }, + { + "version_affected": "=", + "version_value": "3.5.0E" + }, + { + "version_affected": "=", + "version_value": "3.5.1E" + }, + { + "version_affected": "=", + "version_value": "3.5.2E" + }, + { + "version_affected": "=", + "version_value": "3.5.3E" + }, + { + "version_affected": "=", + "version_value": "3.10.0S" + }, + { + "version_affected": "=", + "version_value": "3.10.1S" + }, + { + "version_affected": "=", + "version_value": "3.10.2S" + }, + { + "version_affected": "=", + "version_value": "3.10.3S" + }, + { + "version_affected": "=", + "version_value": "3.10.4S" + }, + { + "version_affected": "=", + "version_value": "3.10.5S" + }, + { + "version_affected": "=", + "version_value": "3.10.6S" + }, + { + "version_affected": "=", + "version_value": "3.10.2aS" + }, + { + "version_affected": "=", + "version_value": "3.10.2tS" + }, + { + "version_affected": "=", + "version_value": "3.10.7S" + }, + { + "version_affected": "=", + "version_value": "3.10.8S" + }, + { + "version_affected": "=", + "version_value": "3.10.8aS" + }, + { + "version_affected": "=", + "version_value": "3.10.9S" + }, + { + "version_affected": "=", + "version_value": "3.10.10S" + }, + { + "version_affected": "=", + "version_value": "3.11.1S" + }, + { + "version_affected": "=", + "version_value": "3.11.2S" + }, + { + "version_affected": "=", + "version_value": "3.11.0S" + }, + { + "version_affected": "=", + "version_value": "3.11.3S" + }, + { + "version_affected": "=", + "version_value": "3.11.4S" + }, + { + "version_affected": "=", + "version_value": "3.12.0S" + }, + { + "version_affected": "=", + "version_value": "3.12.1S" + }, + { + "version_affected": "=", + "version_value": "3.12.2S" + }, + { + "version_affected": "=", + "version_value": "3.12.3S" + }, + { + "version_affected": "=", + "version_value": "3.12.0aS" + }, + { + "version_affected": "=", + "version_value": "3.12.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.0S" + }, + { + "version_affected": "=", + "version_value": "3.13.1S" + }, + { + "version_affected": "=", + "version_value": "3.13.2S" + }, + { + "version_affected": "=", + "version_value": "3.13.3S" + }, + { + "version_affected": "=", + "version_value": "3.13.4S" + }, + { + "version_affected": "=", + "version_value": "3.13.5S" + }, + { + "version_affected": "=", + "version_value": "3.13.2aS" + }, + { + "version_affected": "=", + "version_value": "3.13.0aS" + }, + { + "version_affected": "=", + "version_value": "3.13.5aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6S" + }, + { + "version_affected": "=", + "version_value": "3.13.7S" + }, + { + "version_affected": "=", + "version_value": "3.13.6aS" + }, + { + "version_affected": "=", + "version_value": "3.13.6bS" + }, + { + "version_affected": "=", + "version_value": "3.13.7aS" + }, + { + "version_affected": "=", + "version_value": "3.13.8S" + }, + { + "version_affected": "=", + "version_value": "3.13.9S" + }, + { + "version_affected": "=", + "version_value": "3.13.10S" + }, + { + "version_affected": "=", + "version_value": "3.6.0E" + }, + { + "version_affected": "=", + "version_value": "3.6.1E" + }, + { + "version_affected": "=", + "version_value": "3.6.0aE" + }, + { + "version_affected": "=", + "version_value": "3.6.0bE" + }, + { + "version_affected": "=", + "version_value": "3.6.2aE" + }, + { + "version_affected": "=", + "version_value": "3.6.2E" + }, + { + "version_affected": "=", + "version_value": "3.6.3E" + }, + { + "version_affected": "=", + "version_value": "3.6.4E" + }, + { + "version_affected": "=", + "version_value": "3.6.5E" + }, + { + "version_affected": "=", + "version_value": "3.6.6E" + }, + { + "version_affected": "=", + "version_value": "3.6.5aE" + }, + { + "version_affected": "=", + "version_value": "3.6.5bE" + }, + { + "version_affected": "=", + "version_value": "3.6.7E" + }, + { + "version_affected": "=", + "version_value": "3.6.8E" + }, + { + "version_affected": "=", + "version_value": "3.6.7aE" + }, + { + "version_affected": "=", + "version_value": "3.6.7bE" + }, + { + "version_affected": "=", + "version_value": "3.6.9E" + }, + { + "version_affected": "=", + "version_value": "3.6.9aE" + }, + { + "version_affected": "=", + "version_value": "3.14.0S" + }, + { + "version_affected": "=", + "version_value": "3.14.1S" + }, + { + "version_affected": "=", + "version_value": "3.14.2S" + }, + { + "version_affected": "=", + "version_value": "3.14.3S" + }, + { + "version_affected": "=", + "version_value": "3.14.4S" + }, + { + "version_affected": "=", + "version_value": "3.15.0S" + }, + { + "version_affected": "=", + "version_value": "3.15.1S" + }, + { + "version_affected": "=", + "version_value": "3.15.2S" + }, + { + "version_affected": "=", + "version_value": "3.15.1cS" + }, + { + "version_affected": "=", + "version_value": "3.15.3S" + }, + { + "version_affected": "=", + "version_value": "3.15.4S" + }, + { + "version_affected": "=", + "version_value": "3.3.0SQ" + }, + { + "version_affected": "=", + "version_value": "3.3.1SQ" + }, + { + "version_affected": "=", + "version_value": "3.4.0SQ" + }, + { + "version_affected": "=", + "version_value": "3.4.1SQ" + }, + { + "version_affected": "=", + "version_value": "3.7.0E" + }, + { + "version_affected": "=", + "version_value": "3.7.1E" + }, + { + "version_affected": "=", + "version_value": "3.7.2E" + }, + { + "version_affected": "=", + "version_value": "3.7.3E" + }, + { + "version_affected": "=", + "version_value": "3.7.4E" + }, + { + "version_affected": "=", + "version_value": "3.7.5E" + }, + { + "version_affected": "=", + "version_value": "3.5.0SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.1SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.2SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.3SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.4SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.5SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.6SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.7SQ" + }, + { + "version_affected": "=", + "version_value": "3.5.8SQ" + }, + { + "version_affected": "=", + "version_value": "3.16.0S" + }, + { + "version_affected": "=", + "version_value": "3.16.1S" + }, + { + "version_affected": "=", + "version_value": "3.16.0aS" + }, + { + "version_affected": "=", + "version_value": "3.16.1aS" + }, + { + "version_affected": "=", + "version_value": "3.16.2S" + }, + { + "version_affected": "=", + "version_value": "3.16.2aS" + }, + { + "version_affected": "=", + "version_value": "3.16.0bS" + }, + { + "version_affected": "=", + "version_value": "3.16.0cS" + }, + { + "version_affected": "=", + "version_value": "3.16.3S" + }, + { + "version_affected": "=", + "version_value": "3.16.2bS" + }, + { + "version_affected": "=", + "version_value": "3.16.3aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4S" + }, + { + "version_affected": "=", + "version_value": "3.16.4aS" + }, + { + "version_affected": "=", + "version_value": "3.16.4bS" + }, + { + "version_affected": "=", + "version_value": "3.16.4gS" + }, + { + "version_affected": "=", + "version_value": "3.16.5S" + }, + { + "version_affected": "=", + "version_value": "3.16.4cS" + }, + { + "version_affected": "=", + "version_value": "3.16.4dS" + }, + { + "version_affected": "=", + "version_value": "3.16.4eS" + }, + { + "version_affected": "=", + "version_value": "3.16.6S" + }, + { + "version_affected": "=", + "version_value": "3.16.5aS" + }, + { + "version_affected": "=", + "version_value": "3.16.5bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7S" + }, + { + "version_affected": "=", + "version_value": "3.16.6bS" + }, + { + "version_affected": "=", + "version_value": "3.16.7aS" + }, + { + "version_affected": "=", + "version_value": "3.16.7bS" + }, + { + "version_affected": "=", + "version_value": "3.16.8S" + }, + { + "version_affected": "=", + "version_value": "3.17.0S" + }, + { + "version_affected": "=", + "version_value": "3.17.1S" + }, + { + "version_affected": "=", + "version_value": "3.17.2S" + }, + { + "version_affected": "=", + "version_value": "3.17.1aS" + }, + { + "version_affected": "=", + "version_value": "3.17.3S" + }, + { + "version_affected": "=", + "version_value": "3.17.4S" + }, + { + "version_affected": "=", + "version_value": "16.1.1" + }, + { + "version_affected": "=", + "version_value": "16.1.2" + }, + { + "version_affected": "=", + "version_value": "16.1.3" + }, + { + "version_affected": "=", + "version_value": "3.2.0JA" + }, + { + "version_affected": "=", + "version_value": "16.2.1" + }, + { + "version_affected": "=", + "version_value": "16.2.2" + }, + { + "version_affected": "=", + "version_value": "3.8.0E" + }, + { + "version_affected": "=", + "version_value": "3.8.1E" + }, + { + "version_affected": "=", + "version_value": "3.8.2E" + }, + { + "version_affected": "=", + "version_value": "3.8.3E" + }, + { + "version_affected": "=", + "version_value": "3.8.4E" + }, + { + "version_affected": "=", + "version_value": "3.8.5E" + }, + { + "version_affected": "=", + "version_value": "3.8.5aE" + }, + { + "version_affected": "=", + "version_value": "3.8.6E" + }, + { + "version_affected": "=", + "version_value": "3.8.7E" + }, + { + "version_affected": "=", + "version_value": "16.3.1" + }, + { + "version_affected": "=", + "version_value": "16.3.2" + }, + { + "version_affected": "=", + "version_value": "16.3.3" + }, + { + "version_affected": "=", + "version_value": "16.3.1a" + }, + { + "version_affected": "=", + "version_value": "16.3.4" + }, + { + "version_affected": "=", + "version_value": "16.3.5" + }, + { + "version_affected": "=", + "version_value": "16.3.5b" + }, + { + "version_affected": "=", + "version_value": "16.3.6" + }, + { + "version_affected": "=", + "version_value": "16.3.7" + }, + { + "version_affected": "=", + "version_value": "16.4.1" + }, + { + "version_affected": "=", + "version_value": "16.4.2" + }, + { + "version_affected": "=", + "version_value": "16.4.3" + }, + { + "version_affected": "=", + "version_value": "16.5.1" + }, + { + "version_affected": "=", + "version_value": "16.5.1a" + }, + { + "version_affected": "=", + "version_value": "16.5.1b" + }, + { + "version_affected": "=", + "version_value": "16.5.2" + }, + { + "version_affected": "=", + "version_value": "16.5.3" + }, + { + "version_affected": "=", + "version_value": "3.18.0aS" + }, + { + "version_affected": "=", + "version_value": "3.18.0S" + }, + { + "version_affected": "=", + "version_value": "3.18.1S" + }, + { + "version_affected": "=", + "version_value": "3.18.2S" + }, + { + "version_affected": "=", + "version_value": "3.18.3S" + }, + { + "version_affected": "=", + "version_value": "3.18.4S" + }, + { + "version_affected": "=", + "version_value": "3.18.0SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1gSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1cSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2SP" + }, + { + "version_affected": "=", + "version_value": "3.18.1hSP" + }, + { + "version_affected": "=", + "version_value": "3.18.2aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.1iSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3SP" + }, + { + "version_affected": "=", + "version_value": "3.18.4SP" + }, + { + "version_affected": "=", + "version_value": "3.18.3aSP" + }, + { + "version_affected": "=", + "version_value": "3.18.3bSP" + }, + { + "version_affected": "=", + "version_value": "3.18.5SP" + }, + { + "version_affected": "=", + "version_value": "3.9.0E" + }, + { + "version_affected": "=", + "version_value": "3.9.1E" + }, + { + "version_affected": "=", + "version_value": "3.9.2E" + }, + { + "version_affected": "=", + "version_value": "3.9.2bE" + }, + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.6.4" + }, + { + "version_affected": "=", + "version_value": "16.6.4s" + }, + { + "version_affected": "=", + "version_value": "16.6.4a" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + }, + { + "version_affected": "=", + "version_value": "16.9.1" + }, + { + "version_affected": "=", + "version_value": "16.9.1a" + }, + { + "version_affected": "=", + "version_value": "16.9.1b" + }, + { + "version_affected": "=", + "version_value": "16.9.1s" + }, + { + "version_affected": "=", + "version_value": "16.9.1c" + }, + { + "version_affected": "=", + "version_value": "16.9.1d" + }, + { + "version_affected": "=", + "version_value": "3.10.0E" + }, + { + "version_affected": "=", + "version_value": "3.10.1E" + }, + { + "version_affected": "=", + "version_value": "3.10.0cE" + }, + { + "version_affected": "=", + "version_value": "3.10.2E" + }, + { + "version_affected": "=", + "version_value": "3.10.1aE" + }, + { + "version_affected": "=", + "version_value": "3.10.1sE" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +1121,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-665" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-ios-infoleak", + "defect": [ + [ + "CSCvj98575" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1762.json b/2019/1xxx/CVE-2019-1762.json index 338c7f4e9f9..f5a3af57660 100644 --- a/2019/1xxx/CVE-2019-1762.json +++ b/2019/1xxx/CVE-2019-1762.json @@ -1,8 +1,142 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1762", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.6.1" + }, + { + "version_affected": "=", + "version_value": "16.6.2" + }, + { + "version_affected": "=", + "version_value": "16.6.3" + }, + { + "version_affected": "=", + "version_value": "16.6.4" + }, + { + "version_affected": "=", + "version_value": "16.6.4s" + }, + { + "version_affected": "=", + "version_value": "16.6.4a" + }, + { + "version_affected": "=", + "version_value": "16.7.1" + }, + { + "version_affected": "=", + "version_value": "16.7.1a" + }, + { + "version_affected": "=", + "version_value": "16.7.1b" + }, + { + "version_affected": "=", + "version_value": "16.7.2" + }, + { + "version_affected": "=", + "version_value": "16.7.3" + }, + { + "version_affected": "=", + "version_value": "16.7.4" + }, + { + "version_affected": "=", + "version_value": "16.8.1" + }, + { + "version_affected": "=", + "version_value": "16.8.1a" + }, + { + "version_affected": "=", + "version_value": "16.8.1b" + }, + { + "version_affected": "=", + "version_value": "16.8.1s" + }, + { + "version_affected": "=", + "version_value": "16.8.1c" + }, + { + "version_affected": "=", + "version_value": "16.8.1d" + }, + { + "version_affected": "=", + "version_value": "16.8.2" + }, + { + "version_affected": "=", + "version_value": "16.8.1e" + }, + { + "version_affected": "=", + "version_value": "16.9.1" + }, + { + "version_affected": "=", + "version_value": "16.9.2" + }, + { + "version_affected": "=", + "version_value": "16.9.1a" + }, + { + "version_affected": "=", + "version_value": "16.9.1b" + }, + { + "version_affected": "=", + "version_value": "16.9.1s" + }, + { + "version_affected": "=", + "version_value": "16.9.1c" + }, + { + "version_affected": "=", + "version_value": "16.9.1d" + }, + { + "version_affected": "=", + "version_value": "16.9.2a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +145,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.4", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190327 Cisco IOS and IOS XE Software Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info" + }, + { + "refsource": "BID", + "name": "107594", + "url": "http://www.securityfocus.com/bid/107594" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190327-info", + "defect": [ + [ + "CSCvg97571", + "CSCvi66418" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2422.json b/2019/2xxx/CVE-2019-2422.json index 52d5a1aa77f..d4235985e31 100644 --- a/2019/2xxx/CVE-2019-2422.json +++ b/2019/2xxx/CVE-2019-2422.json @@ -141,6 +141,16 @@ "refsource": "DEBIAN", "name": "DSA-4410", "url": "https://www.debian.org/security/2019/dsa-4410" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0640", + "url": "https://access.redhat.com/errata/RHSA-2019:0640" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1732-1] openjdk-7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00033.html" } ] } diff --git a/2019/2xxx/CVE-2019-2449.json b/2019/2xxx/CVE-2019-2449.json index eacfcf1cb95..84c16465ac9 100644 --- a/2019/2xxx/CVE-2019-2449.json +++ b/2019/2xxx/CVE-2019-2449.json @@ -77,6 +77,11 @@ "name": "RHSA-2019:0472", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0472" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0640", + "url": "https://access.redhat.com/errata/RHSA-2019:0640" } ] } diff --git a/2019/3xxx/CVE-2019-3395.json b/2019/3xxx/CVE-2019-3395.json index 0c88ac1bf28..5b8f14f48a1 100644 --- a/2019/3xxx/CVE-2019-3395.json +++ b/2019/3xxx/CVE-2019-3395.json @@ -1,8 +1,57 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-03-20T10:00:00", "ID": "CVE-2019-3395", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "6.6.7", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<=" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.5", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.3", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +60,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-57971", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CONFSERVER-57971" } ] } diff --git a/2019/3xxx/CVE-2019-3396.json b/2019/3xxx/CVE-2019-3396.json index d2949d4a455..767786d08c4 100644 --- a/2019/3xxx/CVE-2019-3396.json +++ b/2019/3xxx/CVE-2019-3396.json @@ -1,8 +1,57 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-03-20T10:00:00", "ID": "CVE-2019-3396", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "6.6.12", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.12.3", + "version_affected": "<" + }, + { + "version_value": "6.13.0", + "version_affected": ">" + }, + { + "version_value": "6.13.3", + "version_affected": "<" + }, + { + "version_value": "6.14.0", + "version_affected": ">" + }, + { + "version_value": "6.14.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +60,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Template Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-57974", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CONFSERVER-57974" } ] } diff --git a/2019/3xxx/CVE-2019-3476.json b/2019/3xxx/CVE-2019-3476.json index 1b0ffa880e9..929a506a87a 100644 --- a/2019/3xxx/CVE-2019-3476.json +++ b/2019/3xxx/CVE-2019-3476.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3476", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3476", + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Micro Focus Data Protector", + "version": { + "version_data": [ + { + "version_value": "10.03" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03337614", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03337614" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution." } ] } diff --git a/2019/3xxx/CVE-2019-3479.json b/2019/3xxx/CVE-2019-3479.json index 78263e28b71..18997ee303c 100644 --- a/2019/3xxx/CVE-2019-3479.json +++ b/2019/3xxx/CVE-2019-3479.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3479", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3479", + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ArcSight Logger", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03355866", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03355866" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7." } ] } diff --git a/2019/3xxx/CVE-2019-3480.json b/2019/3xxx/CVE-2019-3480.json index cd13ec353da..23dd3770309 100644 --- a/2019/3xxx/CVE-2019-3480.json +++ b/2019/3xxx/CVE-2019-3480.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3480", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3480", + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ArcSight Logger", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stored/reflected XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03355866", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03355866" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7." } ] } diff --git a/2019/3xxx/CVE-2019-3481.json b/2019/3xxx/CVE-2019-3481.json index 2cadbe6c645..0d42b83a7a3 100644 --- a/2019/3xxx/CVE-2019-3481.json +++ b/2019/3xxx/CVE-2019-3481.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3481", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3481", + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ArcSight Logger", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity Parsing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03355866", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03355866" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7." } ] } diff --git a/2019/3xxx/CVE-2019-3482.json b/2019/3xxx/CVE-2019-3482.json index 93ff67f7930..a24fc460d14 100644 --- a/2019/3xxx/CVE-2019-3482.json +++ b/2019/3xxx/CVE-2019-3482.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3482", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3482", + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ArcSight Logger", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03355866", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03355866" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7." } ] } diff --git a/2019/3xxx/CVE-2019-3483.json b/2019/3xxx/CVE-2019-3483.json index bd5053d140e..c0ad2c155b8 100644 --- a/2019/3xxx/CVE-2019-3483.json +++ b/2019/3xxx/CVE-2019-3483.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3483", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3483", + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ArcSight Logger", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03355866", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03355866" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7." } ] } diff --git a/2019/3xxx/CVE-2019-3484.json b/2019/3xxx/CVE-2019-3484.json index f010eb115e2..31a44ce3ce4 100644 --- a/2019/3xxx/CVE-2019-3484.json +++ b/2019/3xxx/CVE-2019-3484.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3484", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3484", + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ArcSight Logger", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03355866", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03355866" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7." } ] } diff --git a/2019/3xxx/CVE-2019-3597.json b/2019/3xxx/CVE-2019-3597.json index d7006df1e1c..a7cf3b5e1b5 100644 --- a/2019/3xxx/CVE-2019-3597.json +++ b/2019/3xxx/CVE-2019-3597.json @@ -1,8 +1,39 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2019-3597", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Authentication bypass in McAfee Network Security Manager 9.x" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Network Security Manager (NSM)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.7.75.2" + }, + { + "version_affected": "<", + "version_name": "9.2", + "version_value": "9.2.7.31 (9.2 Update 2)" + } + ] + } + } + ] + }, + "vendor_name": "McAfee LLC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +42,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10275", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10275" + }, + { + "refsource": "BID", + "name": "107609", + "url": "http://www.securityfocus.com/bid/107609" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3606.json b/2019/3xxx/CVE-2019-3606.json index d0ec134209e..b0fa0c4cc79 100644 --- a/2019/3xxx/CVE-2019-3606.json +++ b/2019/3xxx/CVE-2019-3606.json @@ -1,8 +1,39 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2019-3606", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Network Security Manager (NSM)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.7.75 (91.update 4)" + }, + { + "version_affected": "<", + "version_name": "9.2", + "version_value": "9.2.7.31 (9.2 Update 2)" + } + ] + } + } + ] + }, + "vendor_name": "McAfee LLC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +42,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Leakage Attacks vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10274", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10274" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3701.json b/2019/3xxx/CVE-2019-3701.json index 81b6004cc43..7091b4cf567 100644 --- a/2019/3xxx/CVE-2019-3701.json +++ b/2019/3xxx/CVE-2019-3701.json @@ -66,6 +66,11 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1120386", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1120386" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2019/3xxx/CVE-2019-3710.json b/2019/3xxx/CVE-2019-3710.json index d55d843f2a8..83a885704aa 100644 --- a/2019/3xxx/CVE-2019-3710.json +++ b/2019/3xxx/CVE-2019-3710.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3710", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-03-18T05:00:00.000Z", + "ID": "CVE-2019-3710", + "STATE": "PUBLIC", + "TITLE": "DSA-2019-034: Dell Networking OS10 Key Management Error Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Dell Networking OS10", + "version": { + "version_data": [ + { + "version_value": "10.4.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Dell" } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell Networking OS10 has been updated to address a vulnerability which may be potentially exploited to compromise the system." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Dell Networking OS10 versions prior to 10.4.3 contain a vulnerability caused by improper key management. As a result of this vulnerability, authentication and encryption can be bypassed, and an attacker can run arbitrary code with escalated user privileges." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/article/SLN316558/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3804.json b/2019/3xxx/CVE-2019-3804.json index 7d90cd7a5b3..99e540c4edf 100644 --- a/2019/3xxx/CVE-2019-3804.json +++ b/2019/3xxx/CVE-2019-3804.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3804", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3804", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "cockpit", + "version": { + "version_data": [ + { + "version_value": "184" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cockpit-project/cockpit/pull/10819", + "name": "https://github.com/cockpit-project/cockpit/pull/10819", + "refsource": "CONFIRM" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12", + "name": "https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3808.json b/2019/3xxx/CVE-2019-3808.json index a47f2eea0ec..3b9ad382259 100644 --- a/2019/3xxx/CVE-2019-3808.json +++ b/2019/3xxx/CVE-2019-3808.json @@ -1,18 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3808", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3808", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.2" + }, + { + "version_value": "3.5.4" + }, + { + "version_value": "3.4.7" + }, + { + "version_value": "3.1.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765", + "name": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765", + "refsource": "CONFIRM" + }, + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395", + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3809.json b/2019/3xxx/CVE-2019-3809.json index 5df21275e17..7c064d82296 100644 --- a/2019/3xxx/CVE-2019-3809.json +++ b/2019/3xxx/CVE-2019-3809.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3809", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3809", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.1.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=381229#p1536766", + "name": "https://moodle.org/mod/forum/discuss.php?d=381229#p1536766", + "refsource": "CONFIRM" + }, + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222", + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3810.json b/2019/3xxx/CVE-2019-3810.json index f2d543d06c5..e8d2940503b 100644 --- a/2019/3xxx/CVE-2019-3810.json +++ b/2019/3xxx/CVE-2019-3810.json @@ -1,18 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3810", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3810", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.2" + }, + { + "version_value": "3.5.4" + }, + { + "version_value": "3.4.7" + }, + { + "version_value": "3.1.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", + "name": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", + "refsource": "CONFIRM" + }, + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3812.json b/2019/3xxx/CVE-2019-3812.json index fca611c5011..30a8a27552b 100644 --- a/2019/3xxx/CVE-2019-3812.json +++ b/2019/3xxx/CVE-2019-3812.json @@ -71,6 +71,16 @@ "name": "107059", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107059" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-88a98ce795", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2019/3xxx/CVE-2019-3814.json b/2019/3xxx/CVE-2019-3814.json index 096e992e5db..f37718d6482 100644 --- a/2019/3xxx/CVE-2019-3814.json +++ b/2019/3xxx/CVE-2019-3814.json @@ -1,18 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3814", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3814", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dovecot", + "product": { + "product_data": [ + { + "product_name": "dovecot", + "version": { + "version_data": [ + { + "version_value": "2.2.36.1" + }, + { + "version_value": "2.3.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dovecot.org/list/dovecot/2019-February/114575.html", + "refsource": "MISC", + "name": "https://www.dovecot.org/list/dovecot/2019-February/114575.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.7/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3816.json b/2019/3xxx/CVE-2019-3816.json index 533eef849e3..bde9fe8a543 100644 --- a/2019/3xxx/CVE-2019-3816.json +++ b/2019/3xxx/CVE-2019-3816.json @@ -81,6 +81,11 @@ "refsource": "BID", "name": "107409", "url": "http://www.securityfocus.com/bid/107409" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0638", + "url": "https://access.redhat.com/errata/RHSA-2019:0638" } ] } diff --git a/2019/3xxx/CVE-2019-3817.json b/2019/3xxx/CVE-2019-3817.json index a7cdd46393a..82f4d57cf78 100644 --- a/2019/3xxx/CVE-2019-3817.json +++ b/2019/3xxx/CVE-2019-3817.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3817", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3817", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libcomps", + "product": { + "product_data": [ + { + "product_name": "libcomps", + "version": { + "version_data": [ + { + "version_value": "0.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/rpm-software-management/libcomps/issues/41", + "name": "https://github.com/rpm-software-management/libcomps/issues/41", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", + "name": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3819.json b/2019/3xxx/CVE-2019-3819.json index da16f8fb461..c31f6169d96 100644 --- a/2019/3xxx/CVE-2019-3819.json +++ b/2019/3xxx/CVE-2019-3819.json @@ -71,6 +71,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" } ] } diff --git a/2019/3xxx/CVE-2019-3821.json b/2019/3xxx/CVE-2019-3821.json index 21da70fe9dd..b64a233b8f7 100644 --- a/2019/3xxx/CVE-2019-3821.json +++ b/2019/3xxx/CVE-2019-3821.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3821", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3821", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "ceph", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ceph/civetweb/pull/33", + "refsource": "MISC", + "name": "https://github.com/ceph/civetweb/pull/33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3826.json b/2019/3xxx/CVE-2019-3826.json index b641564ccf1..5006ac299db 100644 --- a/2019/3xxx/CVE-2019-3826.json +++ b/2019/3xxx/CVE-2019-3826.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3826", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3826", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "prometheus", + "version": { + "version_data": [ + { + "version_value": "2.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/prometheus/prometheus/pull/5163", + "name": "https://github.com/prometheus/prometheus/pull/5163", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/prometheus/prometheus/commit/62e591f9", + "name": "https://github.com/prometheus/prometheus/commit/62e591f9", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3827.json b/2019/3xxx/CVE-2019-3827.json index 3422e0cd79b..95ec83c1b8c 100644 --- a/2019/3xxx/CVE-2019-3827.json +++ b/2019/3xxx/CVE-2019-3827.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3827", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3827", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "gvfs", + "version": { + "version_data": [ + { + "version_value": "1.39.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827", + "refsource": "CONFIRM" + }, + { + "url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31", + "name": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3828.json b/2019/3xxx/CVE-2019-3828.json index a59a9a53c5c..b69e04693d0 100644 --- a/2019/3xxx/CVE-2019-3828.json +++ b/2019/3xxx/CVE-2019-3828.json @@ -1,18 +1,83 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3828", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3828", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Ansible", + "version": { + "version_data": [ + { + "version_value": "2.5.15" + }, + { + "version_value": "2.6.14" + }, + { + "version_value": "2.7.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ansible/ansible/pull/52133", + "refsource": "MISC", + "name": "https://github.com/ansible/ansible/pull/52133" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.2/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3829.json b/2019/3xxx/CVE-2019-3829.json index 3442c105de3..806949e15e5 100644 --- a/2019/3xxx/CVE-2019-3829.json +++ b/2019/3xxx/CVE-2019-3829.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3829", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3829", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gnutls", + "product": { + "product_data": [ + { + "product_name": "gnutls", + "version": { + "version_data": [ + { + "version_value": "fixed in 3.6.7" + }, + { + "version_value": "affected from 3.5.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27", + "refsource": "MISC", + "name": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829", + "refsource": "CONFIRM" + }, + { + "url": "https://gitlab.com/gnutls/gnutls/issues/694", + "name": "https://gitlab.com/gnutls/gnutls/issues/694", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3830.json b/2019/3xxx/CVE-2019-3830.json index 00a2eebff2e..098e8352b13 100644 --- a/2019/3xxx/CVE-2019-3830.json +++ b/2019/3xxx/CVE-2019-3830.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3830", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3830", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "openstack-ceilometer", + "version": { + "version_data": [ + { + "version_value": "fixed in 12.0.0.0rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3830", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3830", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3831.json b/2019/3xxx/CVE-2019-3831.json index 7b595158aa8..b41ac626a51 100644 --- a/2019/3xxx/CVE-2019-3831.json +++ b/2019/3xxx/CVE-2019-3831.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3831", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3831", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "vdsm", + "version": { + "version_data": [ + { + "version_value": "4.30.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3835.json b/2019/3xxx/CVE-2019-3835.json index 9517a5b8623..7898a312f6e 100644 --- a/2019/3xxx/CVE-2019-3835.json +++ b/2019/3xxx/CVE-2019-3835.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3835", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3835", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The ghostscript Project", + "product": { + "product_data": [ + { + "product_name": "ghostscript", + "version": { + "version_data": [ + { + "version_value": "9.27" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-648" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835", + "refsource": "CONFIRM" + }, + { + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700585", + "refsource": "MISC", + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=700585" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0652", + "url": "https://access.redhat.com/errata/RHSA-2019:0652" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3838.json b/2019/3xxx/CVE-2019-3838.json index 2daef16fb21..5536497183c 100644 --- a/2019/3xxx/CVE-2019-3838.json +++ b/2019/3xxx/CVE-2019-3838.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3838", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3838", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The ghostscript Project", + "product": { + "product_data": [ + { + "product_name": "ghostscript", + "version": { + "version_data": [ + { + "version_value": "9.27" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-648" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838", + "refsource": "CONFIRM" + }, + { + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700576", + "refsource": "MISC", + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=700576" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0652", + "url": "https://access.redhat.com/errata/RHSA-2019:0652" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3840.json b/2019/3xxx/CVE-2019-3840.json index 9afcc8782e2..eba4606214a 100644 --- a/2019/3xxx/CVE-2019-3840.json +++ b/2019/3xxx/CVE-2019-3840.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3840", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3840", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The libvirt Project", + "product": { + "product_data": [ + { + "product_name": "libvirt", + "version": { + "version_data": [ + { + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840", + "refsource": "CONFIRM" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051", + "refsource": "CONFIRM" + }, + { + "url": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html", + "name": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.8/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3841.json b/2019/3xxx/CVE-2019-3841.json index 367dd3c32b6..fb2cd94717b 100644 --- a/2019/3xxx/CVE-2019-3841.json +++ b/2019/3xxx/CVE-2019-3841.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3841", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3841", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Kubevirt project", + "product": { + "product_data": [ + { + "product_name": "kubevirt/virt-cdi-importer", + "version": { + "version_data": [ + { + "version_value": "from 1.4.0 to 1.5.3 inclusive" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kubevirt/containerized-data-importer/issues/678", + "refsource": "MISC", + "name": "https://github.com/kubevirt/containerized-data-importer/issues/678" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3847.json b/2019/3xxx/CVE-2019-3847.json index 79306bc03ae..a0df013017e 100644 --- a/2019/3xxx/CVE-2019-3847.json +++ b/2019/3xxx/CVE-2019-3847.json @@ -1,18 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3847", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3847", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.3" + }, + { + "version_value": "3.5.5" + }, + { + "version_value": "3.4.8" + }, + { + "version_value": "3.1.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the \"login as other users\" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3848.json b/2019/3xxx/CVE-2019-3848.json index 0348d7f7eb1..904be30986d 100644 --- a/2019/3xxx/CVE-2019-3848.json +++ b/2019/3xxx/CVE-2019-3848.json @@ -1,18 +1,83 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3848", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3848", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.3" + }, + { + "version_value": "3.5.5" + }, + { + "version_value": "3.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://moodle.org/mod/forum/discuss.php?d=384011#p1547743", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=384011#p1547743" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)" } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3849.json b/2019/3xxx/CVE-2019-3849.json index 657fe0a8fef..46e9d640851 100644 --- a/2019/3xxx/CVE-2019-3849.json +++ b/2019/3xxx/CVE-2019-3849.json @@ -1,18 +1,83 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3849", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3849", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.3" + }, + { + "version_value": "3.5.5" + }, + { + "version_value": "3.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=384012#p1547744", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=384012#p1547744" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3850.json b/2019/3xxx/CVE-2019-3850.json index 930e06cf471..32aee435dfc 100644 --- a/2019/3xxx/CVE-2019-3850.json +++ b/2019/3xxx/CVE-2019-3850.json @@ -1,18 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3850", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.3" + }, + { + "version_value": "3.5.5" + }, + { + "version_value": "3.4.8" + }, + { + "version_value": "3.1.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3851.json b/2019/3xxx/CVE-2019-3851.json index 83baa4a933d..6e29545fb25 100644 --- a/2019/3xxx/CVE-2019-3851.json +++ b/2019/3xxx/CVE-2019-3851.json @@ -1,18 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3851", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3851", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.3" + }, + { + "version_value": "3.5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=384014#p1547746", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=384014#p1547746" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3852.json b/2019/3xxx/CVE-2019-3852.json index aedb8fb0f0b..a5e037fd303 100644 --- a/2019/3xxx/CVE-2019-3852.json +++ b/2019/3xxx/CVE-2019-3852.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3852", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3852", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://moodle.org/mod/forum/discuss.php?d=384015#p1547748", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=384015#p1547748" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities" } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3855.json b/2019/3xxx/CVE-2019-3855.json index e362ed56d40..b84d2049f38 100644 --- a/2019/3xxx/CVE-2019-3855.json +++ b/2019/3xxx/CVE-2019-3855.json @@ -86,6 +86,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" } ] }, diff --git a/2019/3xxx/CVE-2019-3856.json b/2019/3xxx/CVE-2019-3856.json index 4c79f4ee4ef..e93122c84f8 100644 --- a/2019/3xxx/CVE-2019-3856.json +++ b/2019/3xxx/CVE-2019-3856.json @@ -1,18 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3856", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3856", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The libssh2 Project", + "product": { + "product_data": [ + { + "product_name": "libssh2", + "version": { + "version_data": [ + { + "version_value": "1.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.libssh2.org/CVE-2019-3856.html", + "refsource": "MISC", + "name": "https://www.libssh2.org/CVE-2019-3856.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3857.json b/2019/3xxx/CVE-2019-3857.json index 48158a6b8d1..f3c27846733 100644 --- a/2019/3xxx/CVE-2019-3857.json +++ b/2019/3xxx/CVE-2019-3857.json @@ -1,18 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3857", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3857", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The libssh2 Project", + "product": { + "product_data": [ + { + "product_name": "libssh2", + "version": { + "version_data": [ + { + "version_value": "1.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", + "refsource": "CONFIRM" + }, + { + "url": "https://www.libssh2.org/CVE-2019-3857.html", + "refsource": "MISC", + "name": "https://www.libssh2.org/CVE-2019-3857.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3858.json b/2019/3xxx/CVE-2019-3858.json index 1be833fa439..363605b665c 100644 --- a/2019/3xxx/CVE-2019-3858.json +++ b/2019/3xxx/CVE-2019-3858.json @@ -78,6 +78,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" } ] }, diff --git a/2019/3xxx/CVE-2019-3859.json b/2019/3xxx/CVE-2019-3859.json index 3f3d2526855..d3aa1bdcf4b 100644 --- a/2019/3xxx/CVE-2019-3859.json +++ b/2019/3xxx/CVE-2019-3859.json @@ -78,6 +78,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" } ] }, diff --git a/2019/3xxx/CVE-2019-3860.json b/2019/3xxx/CVE-2019-3860.json index ae25897b581..8060f8eec2c 100644 --- a/2019/3xxx/CVE-2019-3860.json +++ b/2019/3xxx/CVE-2019-3860.json @@ -1,18 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3860", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3860", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The libssh2 Project", + "product": { + "product_data": [ + { + "product_name": "libssh2", + "version": { + "version_data": [ + { + "version_value": "1.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.libssh2.org/CVE-2019-3860.html", + "refsource": "MISC", + "name": "https://www.libssh2.org/CVE-2019-3860.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3861.json b/2019/3xxx/CVE-2019-3861.json index 3ed649b47c5..6285b982e2d 100644 --- a/2019/3xxx/CVE-2019-3861.json +++ b/2019/3xxx/CVE-2019-3861.json @@ -1,18 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3861", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3861", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The libssh2 Project", + "product": { + "product_data": [ + { + "product_name": "libssh2", + "version": { + "version_data": [ + { + "version_value": "1.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.libssh2.org/CVE-2019-3861.html", + "refsource": "MISC", + "name": "https://www.libssh2.org/CVE-2019-3861.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index fd4ffcd625d..14f78f166c6 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -78,6 +78,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" } ] }, diff --git a/2019/3xxx/CVE-2019-3863.json b/2019/3xxx/CVE-2019-3863.json index 29237dd059c..28955c10dc8 100644 --- a/2019/3xxx/CVE-2019-3863.json +++ b/2019/3xxx/CVE-2019-3863.json @@ -1,18 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3863", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3863", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The libssh2 Project", + "product": { + "product_data": [ + { + "product_name": "libssh2", + "version": { + "version_data": [ + { + "version_value": "1.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", + "refsource": "CONFIRM" + }, + { + "url": "https://www.libssh2.org/CVE-2019-3863.html", + "refsource": "MISC", + "name": "https://www.libssh2.org/CVE-2019-3863.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3869.json b/2019/3xxx/CVE-2019-3869.json index afeec03c5e4..18c888e4bf3 100644 --- a/2019/3xxx/CVE-2019-3869.json +++ b/2019/3xxx/CVE-2019-3869.json @@ -1,18 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3869", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3869", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Tower", + "version": { + "version_data": [ + { + "version_value": "3.3.5" + }, + { + "version_value": "3.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-214" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ansible/awx/pull/3505", + "refsource": "MISC", + "name": "https://github.com/ansible/awx/pull/3505" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.2/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3871.json b/2019/3xxx/CVE-2019-3871.json index 4df862a4455..3764969ee3e 100644 --- a/2019/3xxx/CVE-2019-3871.json +++ b/2019/3xxx/CVE-2019-3871.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107491", "url": "http://www.securityfocus.com/bid/107491" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-b85d4171d4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-9993d32c48", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/" } ] }, diff --git a/2019/3xxx/CVE-2019-3874.json b/2019/3xxx/CVE-2019-3874.json index b81c8acd006..59709f4e452 100644 --- a/2019/3xxx/CVE-2019-3874.json +++ b/2019/3xxx/CVE-2019-3874.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3874", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3874", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Linux Foundation", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "3.10.x and 4.18.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3877.json b/2019/3xxx/CVE-2019-3877.json index 46398a84317..e4948f23559 100644 --- a/2019/3xxx/CVE-2019-3877.json +++ b/2019/3xxx/CVE-2019-3877.json @@ -1,18 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3877", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3877", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "uninett", + "product": { + "product_data": [ + { + "product_name": "mod_auth_mellon", + "version": { + "version_data": [ + { + "version_value": "v0.14.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/Uninett/mod_auth_mellon/issues/35", + "name": "https://github.com/Uninett/mod_auth_mellon/issues/35", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8", + "name": "https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3878.json b/2019/3xxx/CVE-2019-3878.json index 4664dbca63a..ff40a460faa 100644 --- a/2019/3xxx/CVE-2019-3878.json +++ b/2019/3xxx/CVE-2019-3878.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3878", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3878", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "uninett", + "product": { + "product_data": [ + { + "product_name": "mod_auth_mellon", + "version": { + "version_data": [ + { + "version_value": "before v0.14.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-305" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/Uninett/mod_auth_mellon/pull/196", + "name": "https://github.com/Uninett/mod_auth_mellon/pull/196", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3879.json b/2019/3xxx/CVE-2019-3879.json index f43282be274..634a40e5adb 100644 --- a/2019/3xxx/CVE-2019-3879.json +++ b/2019/3xxx/CVE-2019-3879.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3879", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3879", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "ovirt-engine", + "version": { + "version_data": [ + { + "version_value": "4.3.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3879", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3879", + "refsource": "CONFIRM" + }, + { + "refsource": "BID", + "name": "107561", + "url": "http://www.securityfocus.com/bid/107561" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4035.json b/2019/4xxx/CVE-2019-4035.json index 54a4946b474..77ae2cdcf31 100644 --- a/2019/4xxx/CVE-2019-4035.json +++ b/2019/4xxx/CVE-2019-4035.json @@ -24,6 +24,11 @@ "title": "X-Force Vulnerability Report", "name": "ibm-content-cve20194035-spoofing (156001)", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156001" + }, + { + "refsource": "BID", + "name": "107557", + "url": "http://www.securityfocus.com/bid/107557" } ] }, diff --git a/2019/4xxx/CVE-2019-4046.json b/2019/4xxx/CVE-2019-4046.json index 32ed064b1cf..6fae1cdff07 100644 --- a/2019/4xxx/CVE-2019-4046.json +++ b/2019/4xxx/CVE-2019-4046.json @@ -1,17 +1,101 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4046", - "STATE": "RESERVED" - }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "AC": "H", + "PR": "N", + "A": "H", + "I": "N", + "C": "N", + "UI": "N", + "SCORE": "5.900", + "S": "U", + "AV": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + }, + { + "version_value": "Liberty" + } + ] + }, + "product_name": "WebSphere Application Server" + } + ] + } + } + ] + } + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4046", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-21T00:00:00" + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 869570 (WebSphere Application Server)", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10869570", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10869570", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156242", + "name": "ibm-websphere-cve20194046-dos (156242)", + "title": "X-Force Vulnerability Report" } ] } diff --git a/2019/4xxx/CVE-2019-4052.json b/2019/4xxx/CVE-2019-4052.json index fbb9f42d357..c35bd84df07 100644 --- a/2019/4xxx/CVE-2019-4052.json +++ b/2019/4xxx/CVE-2019-4052.json @@ -67,6 +67,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156544", "refsource": "XF", "title": "X-Force Vulnerability Report" + }, + { + "refsource": "BID", + "name": "107559", + "url": "http://www.securityfocus.com/bid/107559" } ] }, diff --git a/2019/5xxx/CVE-2019-5025.json b/2019/5xxx/CVE-2019-5025.json index 6c20ca37670..20b80043c11 100644 --- a/2019/5xxx/CVE-2019-5025.json +++ b/2019/5xxx/CVE-2019-5025.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5025", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5025", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5026.json b/2019/5xxx/CVE-2019-5026.json index 0156f408a55..87e2d1209bb 100644 --- a/2019/5xxx/CVE-2019-5026.json +++ b/2019/5xxx/CVE-2019-5026.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5026", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5026", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5027.json b/2019/5xxx/CVE-2019-5027.json index ca5c97440a7..5f1fec285a7 100644 --- a/2019/5xxx/CVE-2019-5027.json +++ b/2019/5xxx/CVE-2019-5027.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5027", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5027", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5028.json b/2019/5xxx/CVE-2019-5028.json index 3fee4d541b6..c9fc39e0db3 100644 --- a/2019/5xxx/CVE-2019-5028.json +++ b/2019/5xxx/CVE-2019-5028.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5028", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5028", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5418.json b/2019/5xxx/CVE-2019-5418.json index 03f54f33b73..fcbafc197a3 100644 --- a/2019/5xxx/CVE-2019-5418.json +++ b/2019/5xxx/CVE-2019-5418.json @@ -1,17 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5418", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5418", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rails", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.1.6.2" + }, + { + "version_value": "5.0.7.2" + }, + { + "version_value": "4.2.11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "46585", + "url": "https://www.exploit-db.com/exploits/46585/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", + "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View", + "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" + }, + { + "refsource": "CONFIRM", + "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", + "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q", + "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed." } ] } diff --git a/2019/5xxx/CVE-2019-5419.json b/2019/5xxx/CVE-2019-5419.json index 98c664e3c9f..a5fb3875c16 100644 --- a/2019/5xxx/CVE-2019-5419.json +++ b/2019/5xxx/CVE-2019-5419.json @@ -1,17 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5419", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5419", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rails", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.1.6.2" + }, + { + "version_value": "5.0.7.2" + }, + { + "version_value": "4.2.11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View", + "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" + }, + { + "refsource": "CONFIRM", + "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", + "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI", + "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive." } ] } diff --git a/2019/5xxx/CVE-2019-5420.json b/2019/5xxx/CVE-2019-5420.json index 68d24391be4..80ab7b55ba7 100644 --- a/2019/5xxx/CVE-2019-5420.json +++ b/2019/5xxx/CVE-2019-5420.json @@ -1,17 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5420", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5420", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rails", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "5.2.2.1" + }, + { + "version_value": "6.0.0.beta3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", + "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw", + "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit." } ] } diff --git a/2019/5xxx/CVE-2019-5674.json b/2019/5xxx/CVE-2019-5674.json index 36d9b2f73da..f3ee7f93d06 100644 --- a/2019/5xxx/CVE-2019-5674.json +++ b/2019/5xxx/CVE-2019-5674.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5674", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5674", + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA Corporation", + "product": { + "product_data": [ + { + "product_name": "GeForce Experience", + "version": { + "version_data": [ + { + "version_value": "before 3.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution, denial of service, or escalation of privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges." } ] } diff --git a/2019/5xxx/CVE-2019-5716.json b/2019/5xxx/CVE-2019-5716.json index 04c5d5e7778..5138f22927c 100644 --- a/2019/5xxx/CVE-2019-5716.json +++ b/2019/5xxx/CVE-2019-5716.json @@ -76,6 +76,16 @@ "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217", "refsource": "MISC", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4416", + "url": "https://www.debian.org/security/2019/dsa-4416" + }, + { + "refsource": "BUGTRAQ", + "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url": "https://seclists.org/bugtraq/2019/Mar/35" } ] } diff --git a/2019/5xxx/CVE-2019-5717.json b/2019/5xxx/CVE-2019-5717.json index b51d2aa3155..015e7da8387 100644 --- a/2019/5xxx/CVE-2019-5717.json +++ b/2019/5xxx/CVE-2019-5717.json @@ -76,6 +76,16 @@ "name": "106482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106482" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4416", + "url": "https://www.debian.org/security/2019/dsa-4416" + }, + { + "refsource": "BUGTRAQ", + "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url": "https://seclists.org/bugtraq/2019/Mar/35" } ] } diff --git a/2019/5xxx/CVE-2019-5718.json b/2019/5xxx/CVE-2019-5718.json index fe711fe6acb..d5ba943ea30 100644 --- a/2019/5xxx/CVE-2019-5718.json +++ b/2019/5xxx/CVE-2019-5718.json @@ -71,6 +71,16 @@ "name": "https://www.wireshark.org/security/wnpa-sec-2019-03.html", "refsource": "MISC", "url": "https://www.wireshark.org/security/wnpa-sec-2019-03.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4416", + "url": "https://www.debian.org/security/2019/dsa-4416" + }, + { + "refsource": "BUGTRAQ", + "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url": "https://seclists.org/bugtraq/2019/Mar/35" } ] } diff --git a/2019/5xxx/CVE-2019-5719.json b/2019/5xxx/CVE-2019-5719.json index 07e6e41260c..09d63008f4e 100644 --- a/2019/5xxx/CVE-2019-5719.json +++ b/2019/5xxx/CVE-2019-5719.json @@ -71,6 +71,16 @@ "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5b02f2a9b8772d8814096f86c60a32889d61f2c", "refsource": "MISC", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5b02f2a9b8772d8814096f86c60a32889d61f2c" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4416", + "url": "https://www.debian.org/security/2019/dsa-4416" + }, + { + "refsource": "BUGTRAQ", + "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", + "url": "https://seclists.org/bugtraq/2019/Mar/35" } ] } diff --git a/2019/5xxx/CVE-2019-5736.json b/2019/5xxx/CVE-2019-5736.json index 45b87446617..d6f2385da30 100644 --- a/2019/5xxx/CVE-2019-5736.json +++ b/2019/5xxx/CVE-2019-5736.json @@ -177,6 +177,16 @@ "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/runcescape" }, + { + "refsource": "MISC", + "name": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", + "url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1121967", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967" + }, { "refsource": "CISCO", "name": "", @@ -196,6 +206,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1" + }, + { + "refsource": "CONFIRM", + "name": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", + "url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003" } ] } diff --git a/2019/5xxx/CVE-2019-5737.json b/2019/5xxx/CVE-2019-5737.json index 10bd36abe9d..9a2ffcd2d37 100644 --- a/2019/5xxx/CVE-2019-5737.json +++ b/2019/5xxx/CVE-2019-5737.json @@ -1,17 +1,70 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5737", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5737", + "ASSIGNER": "cve-request@iojs.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Node.js", + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 6.17.0" + }, + { + "version_value": "All versions prior to 8.15.1" + }, + { + "version_value": "All versions prior to 10.15.2" + }, + { + "version_value": "All versions prior to 11.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption / Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11." } ] } diff --git a/2019/5xxx/CVE-2019-5739.json b/2019/5xxx/CVE-2019-5739.json index 77adffafe04..7a4df6df9eb 100644 --- a/2019/5xxx/CVE-2019-5739.json +++ b/2019/5xxx/CVE-2019-5739.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5739", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5739", + "ASSIGNER": "cve-request@iojs.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Node.js", + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 6.17.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption / Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default." } ] } diff --git a/2019/5xxx/CVE-2019-5754.json b/2019/5xxx/CVE-2019-5754.json index da3f1dd2013..678fc50cf61 100644 --- a/2019/5xxx/CVE-2019-5754.json +++ b/2019/5xxx/CVE-2019-5754.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/914497", "refsource": "MISC", "url": "https://crbug.com/914497" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5755.json b/2019/5xxx/CVE-2019-5755.json index ae1c45e1fcc..44a2d30dd87 100644 --- a/2019/5xxx/CVE-2019-5755.json +++ b/2019/5xxx/CVE-2019-5755.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/913296", "refsource": "MISC", "url": "https://crbug.com/913296" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5756.json b/2019/5xxx/CVE-2019-5756.json index e387e7d3d46..69942e01dcb 100644 --- a/2019/5xxx/CVE-2019-5756.json +++ b/2019/5xxx/CVE-2019-5756.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/895152", "refsource": "MISC", "url": "https://crbug.com/895152" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5757.json b/2019/5xxx/CVE-2019-5757.json index 22c0509119d..072a377a9a1 100644 --- a/2019/5xxx/CVE-2019-5757.json +++ b/2019/5xxx/CVE-2019-5757.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5758.json b/2019/5xxx/CVE-2019-5758.json index 6083b6a5d32..754bf8429b1 100644 --- a/2019/5xxx/CVE-2019-5758.json +++ b/2019/5xxx/CVE-2019-5758.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/913970", "refsource": "MISC", "url": "https://crbug.com/913970" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5759.json b/2019/5xxx/CVE-2019-5759.json index 513eac6001b..06e1121047d 100644 --- a/2019/5xxx/CVE-2019-5759.json +++ b/2019/5xxx/CVE-2019-5759.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/912211", "refsource": "MISC", "url": "https://crbug.com/912211" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5760.json b/2019/5xxx/CVE-2019-5760.json index 5343f39a958..d9903fe691a 100644 --- a/2019/5xxx/CVE-2019-5760.json +++ b/2019/5xxx/CVE-2019-5760.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/912074", "refsource": "MISC", "url": "https://crbug.com/912074" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5761.json b/2019/5xxx/CVE-2019-5761.json index 75ee1f14030..8aa90566660 100644 --- a/2019/5xxx/CVE-2019-5761.json +++ b/2019/5xxx/CVE-2019-5761.json @@ -72,6 +72,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5762.json b/2019/5xxx/CVE-2019-5762.json index 4956c92d071..0166892358d 100644 --- a/2019/5xxx/CVE-2019-5762.json +++ b/2019/5xxx/CVE-2019-5762.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5763.json b/2019/5xxx/CVE-2019-5763.json index 190e1b07e1f..cd63da51700 100644 --- a/2019/5xxx/CVE-2019-5763.json +++ b/2019/5xxx/CVE-2019-5763.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5764.json b/2019/5xxx/CVE-2019-5764.json index 956e23e7262..87b7e7bf1e1 100644 --- a/2019/5xxx/CVE-2019-5764.json +++ b/2019/5xxx/CVE-2019-5764.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/913246", "refsource": "MISC", "url": "https://crbug.com/913246" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5765.json b/2019/5xxx/CVE-2019-5765.json index 318308d1ade..eccc0194c06 100644 --- a/2019/5xxx/CVE-2019-5765.json +++ b/2019/5xxx/CVE-2019-5765.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5766.json b/2019/5xxx/CVE-2019-5766.json index 510637e74f1..c511a33d34e 100644 --- a/2019/5xxx/CVE-2019-5766.json +++ b/2019/5xxx/CVE-2019-5766.json @@ -72,6 +72,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5767.json b/2019/5xxx/CVE-2019-5767.json index aa7c5d696cc..24f9454f90d 100644 --- a/2019/5xxx/CVE-2019-5767.json +++ b/2019/5xxx/CVE-2019-5767.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5768.json b/2019/5xxx/CVE-2019-5768.json index a6986c93dc4..0929dbd4763 100644 --- a/2019/5xxx/CVE-2019-5768.json +++ b/2019/5xxx/CVE-2019-5768.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/805557", "refsource": "MISC", "url": "https://crbug.com/805557" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5769.json b/2019/5xxx/CVE-2019-5769.json index 25410156f69..73771b357dc 100644 --- a/2019/5xxx/CVE-2019-5769.json +++ b/2019/5xxx/CVE-2019-5769.json @@ -72,6 +72,11 @@ "name": "https://crbug.com/913975", "refsource": "MISC", "url": "https://crbug.com/913975" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5770.json b/2019/5xxx/CVE-2019-5770.json index 28dbf89beef..d530ab79f05 100644 --- a/2019/5xxx/CVE-2019-5770.json +++ b/2019/5xxx/CVE-2019-5770.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5771.json b/2019/5xxx/CVE-2019-5771.json index d8e978e439e..977effa8e94 100644 --- a/2019/5xxx/CVE-2019-5771.json +++ b/2019/5xxx/CVE-2019-5771.json @@ -72,6 +72,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5772.json b/2019/5xxx/CVE-2019-5772.json index eb316187b86..c106ae52271 100644 --- a/2019/5xxx/CVE-2019-5772.json +++ b/2019/5xxx/CVE-2019-5772.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5773.json b/2019/5xxx/CVE-2019-5773.json index 2a5127cade9..51574c32550 100644 --- a/2019/5xxx/CVE-2019-5773.json +++ b/2019/5xxx/CVE-2019-5773.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5774.json b/2019/5xxx/CVE-2019-5774.json index dc244821503..06b9e4707a7 100644 --- a/2019/5xxx/CVE-2019-5774.json +++ b/2019/5xxx/CVE-2019-5774.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5775.json b/2019/5xxx/CVE-2019-5775.json index aed2ffc6b0c..65746599b1a 100644 --- a/2019/5xxx/CVE-2019-5775.json +++ b/2019/5xxx/CVE-2019-5775.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5776.json b/2019/5xxx/CVE-2019-5776.json index adf4819aaa1..d4673205fa5 100644 --- a/2019/5xxx/CVE-2019-5776.json +++ b/2019/5xxx/CVE-2019-5776.json @@ -77,6 +77,11 @@ "name": "https://crbug.com/863663", "refsource": "MISC", "url": "https://crbug.com/863663" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5777.json b/2019/5xxx/CVE-2019-5777.json index 137cb42a802..209bdb811f3 100644 --- a/2019/5xxx/CVE-2019-5777.json +++ b/2019/5xxx/CVE-2019-5777.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5778.json b/2019/5xxx/CVE-2019-5778.json index 457d0a03d7e..83835656840 100644 --- a/2019/5xxx/CVE-2019-5778.json +++ b/2019/5xxx/CVE-2019-5778.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5779.json b/2019/5xxx/CVE-2019-5779.json index 842a16016e3..20af2e07db3 100644 --- a/2019/5xxx/CVE-2019-5779.json +++ b/2019/5xxx/CVE-2019-5779.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5780.json b/2019/5xxx/CVE-2019-5780.json index 340e76abc04..ace5eab177e 100644 --- a/2019/5xxx/CVE-2019-5780.json +++ b/2019/5xxx/CVE-2019-5780.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5781.json b/2019/5xxx/CVE-2019-5781.json index 3d574dad61e..38510303883 100644 --- a/2019/5xxx/CVE-2019-5781.json +++ b/2019/5xxx/CVE-2019-5781.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5782.json b/2019/5xxx/CVE-2019-5782.json index faf6f9030d1..07222bc814e 100644 --- a/2019/5xxx/CVE-2019-5782.json +++ b/2019/5xxx/CVE-2019-5782.json @@ -77,6 +77,11 @@ "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-561eae4626", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/" } ] } diff --git a/2019/5xxx/CVE-2019-5926.json b/2019/5xxx/CVE-2019-5926.json index 2eb36e36b00..de53e0b01ca 100644 --- a/2019/5xxx/CVE-2019-5926.json +++ b/2019/5xxx/CVE-2019-5926.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5926", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://xn--5rwx17a.xn--v8jtdudb.com/", + "refsource": "MISC", + "name": "https://xn--5rwx17a.xn--v8jtdudb.com/" + }, + { + "url": "https://github.com/KinagaCMS/KinagaCMS", + "refsource": "MISC", + "name": "https://github.com/KinagaCMS/KinagaCMS" + }, + { + "url": "https://jvn.jp/en/jp/JVN06527859/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN06527859/index.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "versions prior to 6.5" + } + ] + }, + "product_name": "KinagaCMS" + } + ] + }, + "vendor_name": "Project Kinaga" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-5926", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] } ] } diff --git a/2019/5xxx/CVE-2019-5927.json b/2019/5xxx/CVE-2019-5927.json index fcb74132d5f..1ff58f56932 100644 --- a/2019/5xxx/CVE-2019-5927.json +++ b/2019/5xxx/CVE-2019-5927.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5927", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://weban.jp/contents/c/smartphone_apri/", + "refsource": "MISC", + "name": "https://weban.jp/contents/c/smartphone_apri/" + }, + { + "url": "https://jvn.jp/en/jp/JVN60497148/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN60497148/index.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "Version 3.2.0 and earlier" + } + ] + }, + "product_name": "'an' App for iOS" + } + ] + }, + "vendor_name": "PERSOL CAREER CO., LTD." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-5927", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] } ] } diff --git a/2019/6xxx/CVE-2019-6109.json b/2019/6xxx/CVE-2019-6109.json index 28b57084f68..30ac86e0558 100644 --- a/2019/6xxx/CVE-2019-6109.json +++ b/2019/6xxx/CVE-2019-6109.json @@ -86,6 +86,11 @@ "refsource": "GENTOO", "name": "GLSA-201903-16", "url": "https://security.gentoo.org/glsa/201903-16" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" } ] } diff --git a/2019/6xxx/CVE-2019-6111.json b/2019/6xxx/CVE-2019-6111.json index 0bac84b86bd..8a65da4b6bc 100644 --- a/2019/6xxx/CVE-2019-6111.json +++ b/2019/6xxx/CVE-2019-6111.json @@ -101,6 +101,11 @@ "refsource": "GENTOO", "name": "GLSA-201903-16", "url": "https://security.gentoo.org/glsa/201903-16" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" } ] } diff --git a/2019/6xxx/CVE-2019-6240.json b/2019/6xxx/CVE-2019-6240.json index f30cc3dbd17..a780e1677b7 100644 --- a/2019/6xxx/CVE-2019-6240.json +++ b/2019/6xxx/CVE-2019-6240.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6240", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/" } ] } diff --git a/2019/6xxx/CVE-2019-6250.json b/2019/6xxx/CVE-2019-6250.json index d41cc59830b..18775748f04 100644 --- a/2019/6xxx/CVE-2019-6250.json +++ b/2019/6xxx/CVE-2019-6250.json @@ -66,6 +66,11 @@ "name": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1", "refsource": "CONFIRM", "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-22", + "url": "https://security.gentoo.org/glsa/201903-22" } ] } diff --git a/2019/6xxx/CVE-2019-6341.json b/2019/6xxx/CVE-2019-6341.json index 83333b39c25..98ae4ca773a 100644 --- a/2019/6xxx/CVE-2019-6341.json +++ b/2019/6xxx/CVE-2019-6341.json @@ -1,8 +1,44 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@drupal.org", "ID": "CVE-2019-6341", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drupal core", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Drupal 7 ", + "version_value": "7.65" + }, + { + "version_affected": "<", + "version_name": "Drupal 8.6", + "version_value": "8.6.13" + }, + { + "version_affected": "<", + "version_name": "Drupal 8.5", + "version_value": "8.5.14" + } + ] + } + } + ] + }, + "vendor_name": "Drupal" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +47,36 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/sa-core-2019-004", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/sa-core-2019-004" + } + ] + }, + "source": { + "advisory": "SA-CORE-2019-004", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6454.json b/2019/6xxx/CVE-2019-6454.json index fdcd8097f83..59d75e9d104 100644 --- a/2019/6xxx/CVE-2019-6454.json +++ b/2019/6xxx/CVE-2019-6454.json @@ -101,6 +101,11 @@ "refsource": "DEBIAN", "name": "DSA-4393-1", "url": "https://www.debian.org/security/2019/dsa-4393" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190327-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190327-0004/" } ] } diff --git a/2019/6xxx/CVE-2019-6536.json b/2019/6xxx/CVE-2019-6536.json index 73931094970..a8ba41898c9 100644 --- a/2019/6xxx/CVE-2019-6536.json +++ b/2019/6xxx/CVE-2019-6536.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6536", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6536", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas Ltda ME", + "product": { + "product_data": [ + { + "product_name": "LAquis SCADA", + "version": { + "version_data": [ + { + "version_value": "< 4.3.1.71" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process." } ] } diff --git a/2019/6xxx/CVE-2019-6538.json b/2019/6xxx/CVE-2019-6538.json index 079959804da..3647cace3df 100644 --- a/2019/6xxx/CVE-2019-6538.json +++ b/2019/6xxx/CVE-2019-6538.json @@ -1,17 +1,123 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6538", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6538", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "MyCareLink Monitor versions 24950 and 24952" + }, + { + "version_value": "CareLink Monitor version 2490C" + }, + { + "version_value": "CareLink 2090 Programmer" + }, + { + "version_value": "Amplia CRT-D" + }, + { + "version_value": "Claria CRT-D" + }, + { + "version_value": "Compia CRT-D" + }, + { + "version_value": "Concerto CRT-D" + }, + { + "version_value": "Concerto II CRT-D" + }, + { + "version_value": "Consulta CRT-D" + }, + { + "version_value": "Evera ICD" + }, + { + "version_value": "Maximo II CRT-D and ICD" + }, + { + "version_value": "Mirro ICD" + }, + { + "version_value": "Nayamed ND ICD" + }, + { + "version_value": "Primo ICD" + }, + { + "version_value": "Protecta ICD and CRT-D" + }, + { + "version_value": "Secura ICD" + }, + { + "version_value": "Virtuoso ICD" + }, + { + "version_value": "Virtuoso II ICD" + }, + { + "version_value": "Visia AF ICD" + }, + { + "version_value": "Viva CRT-D" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "107544", + "url": "http://www.securityfocus.com/bid/107544" + }, + { + "refsource": "CONFIRM", + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product\u2019s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device." } ] } diff --git a/2019/6xxx/CVE-2019-6540.json b/2019/6xxx/CVE-2019-6540.json index c9102066ab9..c82802c2ed5 100644 --- a/2019/6xxx/CVE-2019-6540.json +++ b/2019/6xxx/CVE-2019-6540.json @@ -1,17 +1,279 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6540", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6540", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "MyCareLink Monitor", + "version": { + "version_data": [ + { + "version_value": "24950" + }, + { + "version_value": "24952" + } + ] + } + }, + { + "product_name": "CareLink Monitor", + "version": { + "version_data": [ + { + "version_value": "2490C" + } + ] + } + }, + { + "product_name": "CareLink 2090 Programmer", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Amplia CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Claria CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Compia CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Concerto CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Concerto II CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Consulta CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Evera ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Maximo II CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Maximo II ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Mirro ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Nayamed ND ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Primo ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Protecta ICD, Protecta CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Secura ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Virtuoso ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Virtuoso II ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Visia AF ICD", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + }, + { + "product_name": "Viva CRT-D", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext transmission of sensitive information CWE-319" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01" + }, + { + "refsource": "BID", + "name": "107544", + "url": "http://www.securityfocus.com/bid/107544" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data." } ] } diff --git a/2019/6xxx/CVE-2019-6542.json b/2019/6xxx/CVE-2019-6542.json index 2b198a537a0..57a5f8b5434 100644 --- a/2019/6xxx/CVE-2019-6542.json +++ b/2019/6xxx/CVE-2019-6542.json @@ -1,17 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6542", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6542", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ENTTEC", + "product": { + "product_data": [ + { + "product_name": "Datagate MK2", + "version": { + "version_data": [ + { + "version_value": "< 70044_update_05032019-482" + } + ] + } + }, + { + "product_name": "Storm 24", + "version": { + "version_data": [ + { + "version_value": "< 70050_update_05032019-482" + } + ] + } + }, + { + "product_name": "Pixelator", + "version": { + "version_data": [ + { + "version_value": "< 70060_update_05032019-482" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition." } ] } diff --git a/2019/6xxx/CVE-2019-6569.json b/2019/6xxx/CVE-2019-6569.json index 65722a7ef69..7bdb7c6f23d 100644 --- a/2019/6xxx/CVE-2019-6569.json +++ b/2019/6xxx/CVE-2019-6569.json @@ -1,17 +1,75 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6569", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6569", + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Scalance", + "product": { + "product_data": [ + { + "product_name": "Scalance X-200, Scalance X-300, Scalance XP/XC/XF-200", + "version": { + "version_data": [ + { + "version_value": "Scalance X-200 : All versions" + }, + { + "version_value": "Scalance X-300 : All versions" + }, + { + "version_value": "Scalance XP/XC/XF-200 : All versions