From 3bcee1a3575066fa440a2c3cf9e5e447d3fd5228 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 31 Oct 2019 20:01:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1930.json | 85 ++++++++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1931.json | 80 ++++++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1932.json | 70 ++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1934.json | 70 ++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1945.json | 50 +++++++++++++++++-- 2013/1xxx/CVE-2013-1951.json | 90 ++++++++++++++++++++++++++++++++-- 2013/2xxx/CVE-2013-2012.json | 75 ++++++++++++++++++++++++++-- 2013/2xxx/CVE-2013-2024.json | 80 ++++++++++++++++++++++++++++-- 2019/15xxx/CVE-2019-15710.json | 62 +++++++++++++++++++++++ 2019/18xxx/CVE-2019-18396.json | 67 +++++++++++++++++++++++++ 2019/5xxx/CVE-2019-5049.json | 58 +++++++++++++++++++--- 2019/5xxx/CVE-2019-5095.json | 58 +++++++++++++++++++--- 2019/5xxx/CVE-2019-5150.json | 58 +++++++++++++++++++--- 2019/5xxx/CVE-2019-5151.json | 58 +++++++++++++++++++--- 14 files changed, 909 insertions(+), 52 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15710.json create mode 100644 2019/18xxx/CVE-2019-18396.json diff --git a/2013/1xxx/CVE-2013-1930.json b/2013/1xxx/CVE-2013-1930.json index e052d88bbf5..64532ed039d 100644 --- a/2013/1xxx/CVE-2013-1930.json +++ b/2013/1xxx/CVE-2013-1930.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1930", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mantisBT", + "product": { + "product_data": [ + { + "product_name": "mantisBT", + "version": { + "version_data": [ + { + "version_value": "1.2.12 before 1.2.15" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,63 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-1930", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-1930" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1930", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1930" + }, + { + "url": "http://www.securityfocus.com/bid/58890", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58890" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/06/4", + "url": "http://www.openwall.com/lists/oss-security/2013/04/06/4" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83796", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83796" + }, + { + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=15453", + "url": "https://mantisbt.org/bugs/view.php?id=15453" } ] } diff --git a/2013/1xxx/CVE-2013-1931.json b/2013/1xxx/CVE-2013-1931.json index bcc5c784138..989ac92be2a 100644 --- a/2013/1xxx/CVE-2013-1931.json +++ b/2013/1xxx/CVE-2013-1931.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1931", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mantisBT", + "product": { + "product_data": [ + { + "product_name": "mantisBT", + "version": { + "version_data": [ + { + "version_value": "1.2.14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-1931", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-1931" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1931", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1931" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/06/4", + "url": "http://www.openwall.com/lists/oss-security/2013/04/06/4" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58889", + "url": "http://www.securityfocus.com/bid/58889" + }, + { + "refsource": "CONFIRM", + "name": "https://mantisbt.org/bugs/view.php?id=15511", + "url": "https://mantisbt.org/bugs/view.php?id=15511" } ] } diff --git a/2013/1xxx/CVE-2013-1932.json b/2013/1xxx/CVE-2013-1932.json index c1a5c379fe7..ed70c1e78d5 100644 --- a/2013/1xxx/CVE-2013-1932.json +++ b/2013/1xxx/CVE-2013-1932.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1932", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mantisBT", + "product": { + "product_data": [ + { + "product_name": "mantisBT", + "version": { + "version_data": [ + { + "version_value": "1.2.13" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-1932", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-1932" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1932", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1932" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/06/4", + "url": "http://www.openwall.com/lists/oss-security/2013/04/06/4" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58893", + "url": "http://www.securityfocus.com/bid/58893" + }, + { + "refsource": "CONFIRM", + "name": "https://mantisbt.org/bugs/view.php?id=15415", + "url": "https://mantisbt.org/bugs/view.php?id=15415" } ] } diff --git a/2013/1xxx/CVE-2013-1934.json b/2013/1xxx/CVE-2013-1934.json index 3b39b64319a..733a6b3716c 100644 --- a/2013/1xxx/CVE-2013-1934.json +++ b/2013/1xxx/CVE-2013-1934.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1934", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mantisBT", + "product": { + "product_data": [ + { + "product_name": "mantisBT", + "version": { + "version_data": [ + { + "version_value": "1.2.0rc1 before 1.2.14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3120", + "url": "http://www.debian.org/security/2015/dsa-3120" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-1934", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-1934" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1934", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1934" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/09/1", + "url": "http://www.openwall.com/lists/oss-security/2013/04/09/1" + }, + { + "refsource": "CONFIRM", + "name": "https://mantisbt.org/bugs/view.php?id=15416", + "url": "https://mantisbt.org/bugs/view.php?id=15416" } ] } diff --git a/2013/1xxx/CVE-2013-1945.json b/2013/1xxx/CVE-2013-1945.json index 3bb3921384e..4d2fdd12639 100644 --- a/2013/1xxx/CVE-2013-1945.json +++ b/2013/1xxx/CVE-2013-1945.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ruby193", + "product": { + "product_data": [ + { + "product_name": "ruby193", + "version": { + "version_data": [ + { + "version_value": "ruby193-runtime-1-6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ruby193 uses an insecure LD_LIBRARY_PATH setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unknown" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1945", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1945" } ] } diff --git a/2013/1xxx/CVE-2013-1951.json b/2013/1xxx/CVE-2013-1951.json index 8d974a5be2e..bc9ac3ecc1f 100644 --- a/2013/1xxx/CVE-2013-1951.json +++ b/2013/1xxx/CVE-2013-1951.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1951", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ikimedia Foundation", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "before 1.19.5 and 1.20.x before 1.20.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,68 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-1951", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-1951" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951" + }, + { + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201310-21.xml", + "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/16/12", + "url": "http://www.openwall.com/lists/oss-security/2013/04/16/12" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59077", + "url": "http://www.securityfocus.com/bid/59077" + }, + { + "refsource": "CONFIRM", + "name": "https://phabricator.wikimedia.org/T48084", + "url": "https://phabricator.wikimedia.org/T48084" } ] } diff --git a/2013/2xxx/CVE-2013-2012.json b/2013/2xxx/CVE-2013-2012.json index 56a7275baa6..22576243468 100644 --- a/2013/2xxx/CVE-2013-2012.json +++ b/2013/2xxx/CVE-2013-2012.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2012", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "autojump", + "product": { + "product_data": [ + { + "product_name": "autojump", + "version": { + "version_data": [ + { + "version_value": "before 21.5.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Search Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2012", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2012" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2012", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2012" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/25/14", + "url": "http://www.openwall.com/lists/oss-security/2013/04/25/14" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83827", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83827" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec", + "url": "https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wting/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a", + "url": "https://github.com/wting/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a" } ] } diff --git a/2013/2xxx/CVE-2013-2024.json b/2013/2xxx/CVE-2013-2024.json index b6280e8f7f5..4b9dc12ad84 100644 --- a/2013/2xxx/CVE-2013-2024.json +++ b/2013/2xxx/CVE-2013-2024.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2024", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "chicken", + "product": { + "product_data": [ + { + "product_name": "chicken", + "version": { + "version_data": [ + { + "version_value": "before 4.9.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in the \"qs\" procedure from the \"utils\" module in Chicken before 4.9.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Metacharacters" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2024", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2024" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-2024", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-2024" + }, + { + "url": "http://www.securityfocus.com/bid/59320", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59320" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/29/13", + "url": "http://www.openwall.com/lists/oss-security/2013/04/29/13" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064" + }, + { + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-54", + "url": "https://security.gentoo.org/glsa/201612-54" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html", + "url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html" } ] } diff --git a/2019/15xxx/CVE-2019-15710.json b/2019/15xxx/CVE-2019-15710.json new file mode 100644 index 00000000000..84cefc3e51a --- /dev/null +++ b/2019/15xxx/CVE-2019-15710.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15710", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiExtender", + "version": { + "version_data": [ + { + "version_value": "FortiExtender 4.1.1 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-273", + "url": "https://fortiguard.com/psirt/FG-IR-19-273" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An OS command injection vulnerability in FortiExtender 4.1.1 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18396.json b/2019/18xxx/CVE-2019-18396.json new file mode 100644 index 00000000000..37aca4def27 --- /dev/null +++ b/2019/18xxx/CVE-2019-18396.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017\u201314127." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.twitter.com/c4pt41nnn", + "refsource": "MISC", + "name": "https://www.twitter.com/c4pt41nnn" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052", + "url": "https://medium.com/@c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5049.json b/2019/5xxx/CVE-2019-5049.json index 770f221f6f6..b7a1534d9cd 100644 --- a/2019/5xxx/CVE-2019-5049.json +++ b/2019/5xxx/CVE-2019-5049.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5049", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5049", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD ATI", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (25.20.15031.5004 / 25.20.15031.9002) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.0.4 build-12990004) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds-write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5095.json b/2019/5xxx/CVE-2019-5095.json index e70eddad9f7..8a64c8c7a5e 100644 --- a/2019/5xxx/CVE-2019-5095.json +++ b/2019/5xxx/CVE-2019-5095.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5095", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5095", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Atlassian", + "version": { + "version_data": [ + { + "version_value": "Atlassian Jira 7.6.4 Atlassian Jira Tempo Core system plugin 4.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "missing authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin." } ] } diff --git a/2019/5xxx/CVE-2019-5150.json b/2019/5xxx/CVE-2019-5150.json index 515d2c9f7f6..9a965fad60b 100644 --- a/2019/5xxx/CVE-2019-5150.json +++ b/2019/5xxx/CVE-2019-5150.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5150", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5150", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 7.7 commit b22e81d25b2a570f4867ea5dce5153ba4c76cc2d (Oct 15th 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0940", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0940" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the \"VideoTags\" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5151.json b/2019/5xxx/CVE-2019-5151.json index baf58340f5e..dc5915d3fbe 100644 --- a/2019/5xxx/CVE-2019-5151.json +++ b/2019/5xxx/CVE-2019-5151.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5151", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5151", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 7.7 commit b22e81d25b2a570f4867ea5dce5153ba4c76cc2d (Oct 15th 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability." } ] }