From 3ce8b85afe0a2ae32cc7a40b7c13d0d3d5d83691 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 28 Mar 2019 19:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/4xxx/CVE-2015-4852.json | 5 +++ 2017/15xxx/CVE-2017-15709.json | 5 +++ 2018/11xxx/CVE-2018-11775.json | 5 +++ 2018/18xxx/CVE-2018-18506.json | 10 ++++++ 2018/8xxx/CVE-2018-8006.json | 5 +++ 2019/1003xxx/CVE-2019-1003040.json | 3 +- 2019/1003xxx/CVE-2019-1003041.json | 3 +- 2019/1003xxx/CVE-2019-1003042.json | 3 +- 2019/1003xxx/CVE-2019-1003043.json | 3 +- 2019/1003xxx/CVE-2019-1003044.json | 3 +- 2019/1003xxx/CVE-2019-1003045.json | 3 +- 2019/1003xxx/CVE-2019-1003046.json | 3 +- 2019/1003xxx/CVE-2019-1003047.json | 3 +- 2019/1003xxx/CVE-2019-1003048.json | 3 +- 2019/3xxx/CVE-2019-3855.json | 5 +++ 2019/3xxx/CVE-2019-3856.json | 5 +++ 2019/3xxx/CVE-2019-3857.json | 5 +++ 2019/3xxx/CVE-2019-3863.json | 5 +++ 2019/9xxx/CVE-2019-9164.json | 7 +++- 2019/9xxx/CVE-2019-9165.json | 53 ++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9202.json | 48 +++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9203.json | 48 +++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9204.json | 48 +++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9692.json | 5 +++ 24 files changed, 268 insertions(+), 18 deletions(-) diff --git a/2015/4xxx/CVE-2015-4852.json b/2015/4xxx/CVE-2015-4852.json index 836067eff21..774bcc60b18 100644 --- a/2015/4xxx/CVE-2015-4852.json +++ b/2015/4xxx/CVE-2015-4852.json @@ -121,6 +121,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46628", + "url": "https://www.exploit-db.com/exploits/46628/" } ] } diff --git a/2017/15xxx/CVE-2017-15709.json b/2017/15xxx/CVE-2017-15709.json index 5727d3a3f19..a4e14bc89a5 100644 --- a/2017/15xxx/CVE-2017-15709.json +++ b/2017/15xxx/CVE-2017-15709.json @@ -72,6 +72,11 @@ "refsource": "MLIST", "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-dev] 20190328 Re: Website", + "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E" } ] } diff --git a/2018/11xxx/CVE-2018-11775.json b/2018/11xxx/CVE-2018-11775.json index 658b743299e..035305cbcc7 100644 --- a/2018/11xxx/CVE-2018-11775.json +++ b/2018/11xxx/CVE-2018-11775.json @@ -87,6 +87,11 @@ "refsource": "MLIST", "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-dev] 20190328 Re: Website", + "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E" } ] } diff --git a/2018/18xxx/CVE-2018-18506.json b/2018/18xxx/CVE-2018-18506.json index c7d9c09edda..d27e9129101 100644 --- a/2018/18xxx/CVE-2018-18506.json +++ b/2018/18xxx/CVE-2018-18506.json @@ -97,6 +97,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1056", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0680", + "url": "https://access.redhat.com/errata/RHSA-2019:0680" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0681", + "url": "https://access.redhat.com/errata/RHSA-2019:0681" } ] } diff --git a/2018/8xxx/CVE-2018-8006.json b/2018/8xxx/CVE-2018-8006.json index 99e99176de2..ced37ab888a 100644 --- a/2018/8xxx/CVE-2018-8006.json +++ b/2018/8xxx/CVE-2018-8006.json @@ -77,6 +77,11 @@ "refsource": "MLIST", "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-dev] 20190328 Re: Website", + "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E" } ] } diff --git a/2019/1003xxx/CVE-2019-1003040.json b/2019/1003xxx/CVE-2019-1003040.json index a2c1e74a448..211f18408fc 100644 --- a/2019/1003xxx/CVE-2019-1003040.json +++ b/2019/1003xxx/CVE-2019-1003040.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003040", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003041.json b/2019/1003xxx/CVE-2019-1003041.json index 597a907b008..596ca75c9bd 100644 --- a/2019/1003xxx/CVE-2019-1003041.json +++ b/2019/1003xxx/CVE-2019-1003041.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003041", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003042.json b/2019/1003xxx/CVE-2019-1003042.json index e2fcfaec2c0..21ffd310398 100644 --- a/2019/1003xxx/CVE-2019-1003042.json +++ b/2019/1003xxx/CVE-2019-1003042.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003042", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003043.json b/2019/1003xxx/CVE-2019-1003043.json index fcc40b62883..8fb97fc09c0 100644 --- a/2019/1003xxx/CVE-2019-1003043.json +++ b/2019/1003xxx/CVE-2019-1003043.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003043", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003044.json b/2019/1003xxx/CVE-2019-1003044.json index ce82cbd43fc..223e46ee445 100644 --- a/2019/1003xxx/CVE-2019-1003044.json +++ b/2019/1003xxx/CVE-2019-1003044.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003044", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003045.json b/2019/1003xxx/CVE-2019-1003045.json index d82095a733f..f64f7178638 100644 --- a/2019/1003xxx/CVE-2019-1003045.json +++ b/2019/1003xxx/CVE-2019-1003045.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003045", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003046.json b/2019/1003xxx/CVE-2019-1003046.json index cc8eb70a996..29c028e1f09 100644 --- a/2019/1003xxx/CVE-2019-1003046.json +++ b/2019/1003xxx/CVE-2019-1003046.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003046", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003047.json b/2019/1003xxx/CVE-2019-1003047.json index 231b0bce626..15624eba80c 100644 --- a/2019/1003xxx/CVE-2019-1003047.json +++ b/2019/1003xxx/CVE-2019-1003047.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003047", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/1003xxx/CVE-2019-1003048.json b/2019/1003xxx/CVE-2019-1003048.json index 1661a3ee228..fa631962d47 100644 --- a/2019/1003xxx/CVE-2019-1003048.json +++ b/2019/1003xxx/CVE-2019-1003048.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2019-1003048", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/3xxx/CVE-2019-3855.json b/2019/3xxx/CVE-2019-3855.json index b84d2049f38..9900106ce85 100644 --- a/2019/3xxx/CVE-2019-3855.json +++ b/2019/3xxx/CVE-2019-3855.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0679", + "url": "https://access.redhat.com/errata/RHSA-2019:0679" } ] }, diff --git a/2019/3xxx/CVE-2019-3856.json b/2019/3xxx/CVE-2019-3856.json index e93122c84f8..fd139c23a93 100644 --- a/2019/3xxx/CVE-2019-3856.json +++ b/2019/3xxx/CVE-2019-3856.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0679", + "url": "https://access.redhat.com/errata/RHSA-2019:0679" } ] }, diff --git a/2019/3xxx/CVE-2019-3857.json b/2019/3xxx/CVE-2019-3857.json index f3c27846733..4aaab2ce4cd 100644 --- a/2019/3xxx/CVE-2019-3857.json +++ b/2019/3xxx/CVE-2019-3857.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0679", + "url": "https://access.redhat.com/errata/RHSA-2019:0679" } ] }, diff --git a/2019/3xxx/CVE-2019-3863.json b/2019/3xxx/CVE-2019-3863.json index 28955c10dc8..3b529cac83b 100644 --- a/2019/3xxx/CVE-2019-3863.json +++ b/2019/3xxx/CVE-2019-3863.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190327-0005/", "url": "https://security.netapp.com/advisory/ntap-20190327-0005/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0679", + "url": "https://access.redhat.com/errata/RHSA-2019:0679" } ] }, diff --git a/2019/9xxx/CVE-2019-9164.json b/2019/9xxx/CVE-2019-9164.json index 78dd4160201..88a7a8077e7 100644 --- a/2019/9xxx/CVE-2019-9164.json +++ b/2019/9xxx/CVE-2019-9164.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Command injection in Nagios XI before 5.5.11 allows an authenticated attacker to execute arbitrary remote commands via a new autodiscovery job." + "value": "Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job." } ] }, @@ -44,6 +44,11 @@ "refsource": "CONFIRM", "name": "https://www.nagios.com/products/security/", "url": "https://www.nagios.com/products/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" } ] }, diff --git a/2019/9xxx/CVE-2019-9165.json b/2019/9xxx/CVE-2019-9165.json index 9a892dc8302..db0f3e10539 100644 --- a/2019/9xxx/CVE-2019-9165.json +++ b/2019/9xxx/CVE-2019-9165.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9165", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/products/security/", + "url": "https://www.nagios.com/products/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2019/9xxx/CVE-2019-9202.json b/2019/9xxx/CVE-2019-9202.json index ccfd56cce90..1ef1534a224 100644 --- a/2019/9xxx/CVE-2019-9202.json +++ b/2019/9xxx/CVE-2019-9202.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9202", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/products/security/", + "url": "https://www.nagios.com/products/security/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2019/9xxx/CVE-2019-9203.json b/2019/9xxx/CVE-2019-9203.json index 250dfbb758b..d94921077a9 100644 --- a/2019/9xxx/CVE-2019-9203.json +++ b/2019/9xxx/CVE-2019-9203.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9203", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/products/security/", + "url": "https://www.nagios.com/products/security/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2019/9xxx/CVE-2019-9204.json b/2019/9xxx/CVE-2019-9204.json index 5888824308d..4ff2e89f856 100644 --- a/2019/9xxx/CVE-2019-9204.json +++ b/2019/9xxx/CVE-2019-9204.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9204", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/products/security/", + "url": "https://www.nagios.com/products/security/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2019/9xxx/CVE-2019-9692.json b/2019/9xxx/CVE-2019-9692.json index 490c1c7af86..ac981982eec 100644 --- a/2019/9xxx/CVE-2019-9692.json +++ b/2019/9xxx/CVE-2019-9692.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "http://www.rapid7.com/db/modules/exploit/multi/http/cmsms_showtime2_rce", "url": "http://www.rapid7.com/db/modules/exploit/multi/http/cmsms_showtime2_rce" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46627", + "url": "https://www.exploit-db.com/exploits/46627/" } ] }