From 3c7be265f25d5d5534e81594ec57e06e5270c0ec Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Aug 2019 20:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/19xxx/CVE-2018-19386.json | 53 ++++++++++++++++++++- 2019/12xxx/CVE-2019-12262.json | 56 +++++++++++++++++++--- 2019/15xxx/CVE-2019-15052.json | 86 ++++++++++++++++++++++++++++++++++ 2019/9xxx/CVE-2019-9582.json | 53 ++++++++++++++++++++- 2019/9xxx/CVE-2019-9583.json | 53 ++++++++++++++++++++- 5 files changed, 289 insertions(+), 12 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15052.json diff --git a/2018/19xxx/CVE-2018-19386.json b/2018/19xxx/CVE-2018-19386.json index 2309ca7869d..2b66c6c36d0 100644 --- a/2018/19xxx/CVE-2018-19386.json +++ b/2018/19xxx/CVE-2018-19386.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19386", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://i.imgur.com/Y7t2AD6.png", + "refsource": "MISC", + "name": "https://i.imgur.com/Y7t2AD6.png" + }, + { + "url": "https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5", + "refsource": "MISC", + "name": "https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5" } ] } diff --git a/2019/12xxx/CVE-2019-12262.json b/2019/12xxx/CVE-2019-12262.json index 392fdf2cc21..8bf20f352c4 100644 --- a/2019/12xxx/CVE-2019-12262.json +++ b/2019/12xxx/CVE-2019-12262.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12262", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12262", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262", + "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262" } ] } diff --git a/2019/15xxx/CVE-2019-15052.json b/2019/15xxx/CVE-2019-15052.json new file mode 100644 index 00000000000..ff8fcc53e19 --- /dev/null +++ b/2019/15xxx/CVE-2019-15052.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP client in the Build tool in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/pull/10176", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/pull/10176" + }, + { + "url": "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95" + }, + { + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/issues/10278", + "url": "https://github.com/gradle/gradle/issues/10278" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9582.json b/2019/9xxx/CVE-2019-9582.json index 2a8a09b7596..ccf0987ac0a 100644 --- a/2019/9xxx/CVE-2019-9582.json +++ b/2019/9xxx/CVE-2019-9582.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9582", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9582.md", + "url": "https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9582.md" + }, + { + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2019-9582/", + "url": "https://psytester.github.io/CVE-2019-9582/" } ] } diff --git a/2019/9xxx/CVE-2019-9583.json b/2019/9xxx/CVE-2019-9583.json index 2605155d008..5211489321b 100644 --- a/2019/9xxx/CVE-2019-9583.json +++ b/2019/9xxx/CVE-2019-9583.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9583", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9583.md", + "url": "https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9583.md" + }, + { + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2019-9583/", + "url": "https://psytester.github.io/CVE-2019-9583/" } ] }