"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2019-05-06 16:00:52 +00:00 · 2019-05-06 16:00:52 +00:00 · 3abd496d4e
commit 3abd496d4e
parent 71778d6a75
11 changed files with 193 additions and 84 deletions
--- a/2018/15xxx/CVE-2018-15631.json
+++ b/2018/15xxx/CVE-2018-15631.json
@ -80,15 +80,15 @@
    },
    "references": {
        "reference_data": [
-            {
-                "refsource": "MISC",
-                "url": "https://github.com/odoo/odoo/issues/32516",
-                "name": "https://github.com/odoo/odoo/issues/32516"
-            },
            {
                "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-15631/",
                "refsource": "MISC",
                "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-15631/"
+            },
+            {
+                "refsource": "MISC",
+                "url": "https://github.com/odoo/odoo/issues/32516",
+                "name": "https://github.com/odoo/odoo/issues/32516"
            }
        ]
    },
@ -96,4 +96,4 @@
        "advisory": "ODOO-SA-2018-11-28-3",
        "discovery": "EXTERNAL"
    }
-}
+}
--- a/2019/10xxx/CVE-2019-10300.json
+++ b/2019/10xxx/CVE-2019-10300.json
@ -61,6 +61,11 @@
                "refsource": "BID",
                "name": "108045",
                "url": "http://www.securityfocus.com/bid/108045"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0788",
+                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0788"
            }
        ]
    }
--- a/2019/10xxx/CVE-2019-10309.json
+++ b/2019/10xxx/CVE-2019-10309.json
@ -66,6 +66,11 @@
                "refsource": "BID",
                "name": "108159",
                "url": "http://www.securityfocus.com/bid/108159"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783",
+                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783"
            }
        ]
    }
--- a/2019/10xxx/CVE-2019-10310.json
+++ b/2019/10xxx/CVE-2019-10310.json
@ -66,6 +66,11 @@
                "refsource": "BID",
                "name": "108159",
                "url": "http://www.securityfocus.com/bid/108159"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0786",
+                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0786"
            }
        ]
    }
--- a/2019/3xxx/CVE-2019-3552.json
+++ b/2019/3xxx/CVE-2019-3552.json
@ -65,4 +65,4 @@
            }
        ]
    }
-}
+}
--- a/2019/3xxx/CVE-2019-3558.json
+++ b/2019/3xxx/CVE-2019-3558.json
@ -70,4 +70,4 @@
            }
        ]
    }
-}
+}
--- a/2019/3xxx/CVE-2019-3559.json
+++ b/2019/3xxx/CVE-2019-3559.json
@ -70,4 +70,4 @@
            }
        ]
    }
-}
+}
--- a/2019/3xxx/CVE-2019-3564.json
+++ b/2019/3xxx/CVE-2019-3564.json
@ -70,4 +70,4 @@
            }
        ]
    }
-}
+}
--- a/2019/3xxx/CVE-2019-3565.json
+++ b/2019/3xxx/CVE-2019-3565.json
@ -70,4 +70,4 @@
            }
        ]
    }
-}
+}
--- a/2019/3xxx/CVE-2019-3797.json
+++ b/2019/3xxx/CVE-2019-3797.json
@ -1 +1,95 @@
-{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-04-08T00:00:00.000Z","ID":"CVE-2019-3797","STATE":"PUBLIC","TITLE":"Additional information exposure with Spring Data JPA derived queries"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Boot","version":{"version_data":[{"affected":"<","version_name":"2.0","version_value":"v2.0.9.RELEASE"},{"affected":"<","version_name":"1.5","version_value":"v1.5.20.RELEASE"},{"affected":"<","version_name":"2.1","version_value":"v2.1.4.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89: SQL Injection"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3797","name":"https://pivotal.io/security/cve-2019-3797"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.5,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","version":"3.0"}}}
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ASSIGNER": "security_alert@emc.com",
+        "DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
+        "ID": "CVE-2019-3797",
+        "STATE": "PUBLIC",
+        "TITLE": "Additional information exposure with Spring Data JPA derived queries"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Spring Boot",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_name": "2.0",
+                                            "version_value": "v2.0.9.RELEASE"
+                                        },
+                                        {
+                                            "affected": "<",
+                                            "version_name": "1.5",
+                                            "version_value": "v1.5.20.RELEASE"
+                                        },
+                                        {
+                                            "affected": "<",
+                                            "version_name": "2.1",
+                                            "version_value": "v2.1.4.RELEASE"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Spring"
+                }
+            ]
+        }
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates \u2018startingWith\u2019, \u2018endingWith\u2019 or \u2018containing\u2019 could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-89: SQL Injection"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://pivotal.io/security/cve-2019-3797",
+                "name": "https://pivotal.io/security/cve-2019-3797"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 3.5,
+            "baseSeverity": "LOW",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
+            "version": "3.0"
+        }
+    }
+}
--- a/2019/3xxx/CVE-2019-3799.json
+++ b/2019/3xxx/CVE-2019-3799.json
@ -1,79 +1,79 @@
 {
-  "data_type": "CVE",
-  "data_format": "MITRE",
-  "data_version": "4.0",
-  "CVE_data_meta": {
-    "ASSIGNER": "secure@dell.com",
-    "DATE_PUBLIC": "2019-04-17T00:00:00.000Z",
-    "ID": "CVE-2019-3799",
-    "STATE": "PUBLIC",
-    "TITLE": "Directory Traversal with spring-cloud-config-server"
-  },
-  "source": {
-    "discovery": "UNKNOWN"
-  },
-  "affects": {
-    "vendor": {
-      "vendor_data": [
-        {
-          "product": {
-            "product_data": [
-              {
-                "product_name": "Spring Cloud Config",
-                "version": {
-                  "version_data": [
-                    {
-                      "affected": "<",
-                      "version_name": "2.0",
-                      "version_value": "v2.0.4.RELEASE"
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ASSIGNER": "security_alert@emc.com",
+        "DATE_PUBLIC": "2019-04-17T00:00:00.000Z",
+        "ID": "CVE-2019-3799",
+        "STATE": "PUBLIC",
+        "TITLE": "Directory Traversal with spring-cloud-config-server"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Spring Cloud Config",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_name": "2.0",
+                                            "version_value": "v2.0.4.RELEASE"
+                                        },
+                                        {
+                                            "affected": "<",
+                                            "version_name": "1.4",
+                                            "version_value": "v1.4.6.RELEASE"
+                                        },
+                                        {
+                                            "affected": "<",
+                                            "version_name": "2.1",
+                                            "version_value": "v2.1.2.RELEASE"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
                    },
-                    {
-                      "affected": "<",
-                      "version_name": "1.4",
-                      "version_value": "v1.4.6.RELEASE"
-                    },
-                    {
-                      "affected": "<",
-                      "version_name": "2.1",
-                      "version_value": "v2.1.2.RELEASE"
-                    }
-                  ]
+                    "vendor_name": "Spring"
                }
-              }
            ]
-          },
-          "vendor_name": "Spring"
        }
-      ]
-    }
-  },
-  "description": {
-    "description_data": [
-      {
-        "lang": "eng",
-        "value": "Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack."
-      }
-    ]
-  },
-  "problemtype": {
-    "problemtype_data": [
-      {
-        "description": [
-          {
-            "lang": "eng",
-            "value": "CWE-22: Path Traversal"
-          }
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack."
+            }
        ]
-      }
-    ]
-  },
-  "references": {
-    "reference_data": [
-      {
-        "refsource": "CONFIRM",
-        "url": "https://pivotal.io/security/cve-2019-3799",
-        "name": "https://pivotal.io/security/cve-2019-3799"
-      }
-    ]
-  }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-22: Path Traversal"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://pivotal.io/security/cve-2019-3799",
+                "name": "https://pivotal.io/security/cve-2019-3799"
+            }
+        ]
+    }
 }