From 3abd496d4ea7504e8d8d3e693adfa137acf3b69b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 6 May 2019 16:00:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15631.json | 12 +-- 2019/10xxx/CVE-2019-10300.json | 5 ++ 2019/10xxx/CVE-2019-10309.json | 5 ++ 2019/10xxx/CVE-2019-10310.json | 5 ++ 2019/3xxx/CVE-2019-3552.json | 2 +- 2019/3xxx/CVE-2019-3558.json | 2 +- 2019/3xxx/CVE-2019-3559.json | 2 +- 2019/3xxx/CVE-2019-3564.json | 2 +- 2019/3xxx/CVE-2019-3565.json | 2 +- 2019/3xxx/CVE-2019-3797.json | 96 +++++++++++++++++++++- 2019/3xxx/CVE-2019-3799.json | 144 ++++++++++++++++----------------- 11 files changed, 193 insertions(+), 84 deletions(-) diff --git a/2018/15xxx/CVE-2018-15631.json b/2018/15xxx/CVE-2018-15631.json index da613249fa0..6b1090e478c 100644 --- a/2018/15xxx/CVE-2018-15631.json +++ b/2018/15xxx/CVE-2018-15631.json @@ -80,15 +80,15 @@ }, "references": { "reference_data": [ - { - "refsource": "MISC", - "url": "https://github.com/odoo/odoo/issues/32516", - "name": "https://github.com/odoo/odoo/issues/32516" - }, { "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-15631/", "refsource": "MISC", "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-15631/" + }, + { + "refsource": "MISC", + "url": "https://github.com/odoo/odoo/issues/32516", + "name": "https://github.com/odoo/odoo/issues/32516" } ] }, @@ -96,4 +96,4 @@ "advisory": "ODOO-SA-2018-11-28-3", "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10300.json b/2019/10xxx/CVE-2019-10300.json index ae5398a119e..eb60013c96f 100644 --- a/2019/10xxx/CVE-2019-10300.json +++ b/2019/10xxx/CVE-2019-10300.json @@ -61,6 +61,11 @@ "refsource": "BID", "name": "108045", "url": "http://www.securityfocus.com/bid/108045" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0788", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0788" } ] } diff --git a/2019/10xxx/CVE-2019-10309.json b/2019/10xxx/CVE-2019-10309.json index 0caad967d3b..3208b559c4d 100644 --- a/2019/10xxx/CVE-2019-10309.json +++ b/2019/10xxx/CVE-2019-10309.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "108159", "url": "http://www.securityfocus.com/bid/108159" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783" } ] } diff --git a/2019/10xxx/CVE-2019-10310.json b/2019/10xxx/CVE-2019-10310.json index 3633cc4e098..9f4f771ae69 100644 --- a/2019/10xxx/CVE-2019-10310.json +++ b/2019/10xxx/CVE-2019-10310.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "108159", "url": "http://www.securityfocus.com/bid/108159" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0786", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0786" } ] } diff --git a/2019/3xxx/CVE-2019-3552.json b/2019/3xxx/CVE-2019-3552.json index 9e0943e0eff..c9bde8ffa82 100644 --- a/2019/3xxx/CVE-2019-3552.json +++ b/2019/3xxx/CVE-2019-3552.json @@ -65,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3558.json b/2019/3xxx/CVE-2019-3558.json index c086f21c8df..57c4583803b 100644 --- a/2019/3xxx/CVE-2019-3558.json +++ b/2019/3xxx/CVE-2019-3558.json @@ -70,4 +70,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3559.json b/2019/3xxx/CVE-2019-3559.json index 7c674e06e22..237fbf61ec3 100644 --- a/2019/3xxx/CVE-2019-3559.json +++ b/2019/3xxx/CVE-2019-3559.json @@ -70,4 +70,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3564.json b/2019/3xxx/CVE-2019-3564.json index b3c3b135064..3b23508eeee 100644 --- a/2019/3xxx/CVE-2019-3564.json +++ b/2019/3xxx/CVE-2019-3564.json @@ -70,4 +70,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3565.json b/2019/3xxx/CVE-2019-3565.json index 3a21fcc7372..c4fe61b3d7f 100644 --- a/2019/3xxx/CVE-2019-3565.json +++ b/2019/3xxx/CVE-2019-3565.json @@ -70,4 +70,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3797.json b/2019/3xxx/CVE-2019-3797.json index eca09b733b6..f8f42f43af5 100644 --- a/2019/3xxx/CVE-2019-3797.json +++ b/2019/3xxx/CVE-2019-3797.json @@ -1 +1,95 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-04-08T00:00:00.000Z","ID":"CVE-2019-3797","STATE":"PUBLIC","TITLE":"Additional information exposure with Spring Data JPA derived queries"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Boot","version":{"version_data":[{"affected":"<","version_name":"2.0","version_value":"v2.0.9.RELEASE"},{"affected":"<","version_name":"1.5","version_value":"v1.5.20.RELEASE"},{"affected":"<","version_name":"2.1","version_value":"v2.1.4.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89: SQL Injection"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3797","name":"https://pivotal.io/security/cve-2019-3797"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.5,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","version":"3.0"}}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-08T00:00:00.000Z", + "ID": "CVE-2019-3797", + "STATE": "PUBLIC", + "TITLE": "Additional information exposure with Spring Data JPA derived queries" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Boot", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.0", + "version_value": "v2.0.9.RELEASE" + }, + { + "affected": "<", + "version_name": "1.5", + "version_value": "v1.5.20.RELEASE" + }, + { + "affected": "<", + "version_name": "2.1", + "version_value": "v2.1.4.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates \u2018startingWith\u2019, \u2018endingWith\u2019 or \u2018containing\u2019 could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3797", + "name": "https://pivotal.io/security/cve-2019-3797" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3799.json b/2019/3xxx/CVE-2019-3799.json index f647f645227..535938e3dfa 100644 --- a/2019/3xxx/CVE-2019-3799.json +++ b/2019/3xxx/CVE-2019-3799.json @@ -1,79 +1,79 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-04-17T00:00:00.000Z", - "ID": "CVE-2019-3799", - "STATE": "PUBLIC", - "TITLE": "Directory Traversal with spring-cloud-config-server" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Spring Cloud Config", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "2.0", - "version_value": "v2.0.4.RELEASE" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-17T00:00:00.000Z", + "ID": "CVE-2019-3799", + "STATE": "PUBLIC", + "TITLE": "Directory Traversal with spring-cloud-config-server" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Cloud Config", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.0", + "version_value": "v2.0.4.RELEASE" + }, + { + "affected": "<", + "version_name": "1.4", + "version_value": "v1.4.6.RELEASE" + }, + { + "affected": "<", + "version_name": "2.1", + "version_value": "v2.1.2.RELEASE" + } + ] + } + } + ] }, - { - "affected": "<", - "version_name": "1.4", - "version_value": "v1.4.6.RELEASE" - }, - { - "affected": "<", - "version_name": "2.1", - "version_value": "v2.1.2.RELEASE" - } - ] + "vendor_name": "Spring" } - } ] - }, - "vendor_name": "Spring" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Path Traversal" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2019-3799", - "name": "https://pivotal.io/security/cve-2019-3799" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3799", + "name": "https://pivotal.io/security/cve-2019-3799" + } + ] + } } \ No newline at end of file