diff --git a/2014/10xxx/CVE-2014-10396.json b/2014/10xxx/CVE-2014-10396.json new file mode 100644 index 00000000000..130e5b9e575 --- /dev/null +++ b/2014/10xxx/CVE-2014-10396.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/128186/", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/128186/" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10397.json b/2014/10xxx/CVE-2014-10397.json new file mode 100644 index 00000000000..eeabff5aba8 --- /dev/null +++ b/2014/10xxx/CVE-2014-10397.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/128188/", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/128188/" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9406.json b/2015/9xxx/CVE-2015-9406.json new file mode 100644 index 00000000000..e88854e4602 --- /dev/null +++ b/2015/9xxx/CVE-2015-9406.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/133778/", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133778/" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11559.json b/2019/11xxx/CVE-2019-11559.json index 64c7b991632..65c0006c549 100644 --- a/2019/11xxx/CVE-2019-11559.json +++ b/2019/11xxx/CVE-2019-11559.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://twitter.com/gpheheise/status/1173896069769519105?s=21", "url": "https://twitter.com/gpheheise/status/1173896069769519105?s=21" + }, + { + "refsource": "FULLDISC", + "name": "20190920 Reflected XSS - HRworks Login (v1.16.1)", + "url": "http://seclists.org/fulldisclosure/2019/Sep/28" } ] } diff --git a/2019/14xxx/CVE-2019-14814.json b/2019/14xxx/CVE-2019-14814.json index 8bd8cc8137c..6575a88cf8a 100644 --- a/2019/14xxx/CVE-2019-14814.json +++ b/2019/14xxx/CVE-2019-14814.json @@ -44,10 +44,40 @@ }, "references": { "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver", + "url": "http://www.openwall.com/lists/oss-security/2019/08/28/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4c91a2f76e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-97380355ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814", "refsource": "CONFIRM" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/08/28/1", + "url": "https://www.openwall.com/lists/oss-security/2019/08/28/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a", + "url": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2019-14814", + "url": "https://access.redhat.com/security/cve/cve-2019-14814" } ] }, diff --git a/2019/15xxx/CVE-2019-15138.json b/2019/15xxx/CVE-2019-15138.json new file mode 100644 index 00000000000..81379d70af7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15138.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.npmjs.com/advisories/1095", + "url": "https://www.npmjs.com/advisories/1095" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6145.json b/2019/6xxx/CVE-2019-6145.json index 8434ad89fe0..e7d99a32e38 100644 --- a/2019/6xxx/CVE-2019-6145.json +++ b/2019/6xxx/CVE-2019-6145.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6145", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6145", + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Forcepoint", + "product": { + "product_data": [ + { + "product_name": "Forcepoint VPN Client for Windows", + "version": { + "version_data": [ + { + "version_value": "versions earlier than 6.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unquoted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.forcepoint.com/KBArticle?id=000017525", + "url": "https://support.forcepoint.com/KBArticle?id=000017525" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us." } ] } diff --git a/2019/6xxx/CVE-2019-6649.json b/2019/6xxx/CVE-2019-6649.json index bfd0df005c5..f92664dd005 100644 --- a/2019/6xxx/CVE-2019-6649.json +++ b/2019/6xxx/CVE-2019-6649.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6649", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6649", + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5 Networks", + "product": { + "product_data": [ + { + "product_name": "BIG-IP, Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "BIG-IP 15.0.0" + }, + { + "version_value": "14.1.0-14.1.0.6" + }, + { + "version_value": "14.0.0-14.0.0.5" + }, + { + "version_value": "13.0.0-13.1.1.5" + }, + { + "version_value": "12.1.0-12.1.4.1" + }, + { + "version_value": "11.6.0-11.6.4" + }, + { + "version_value": "11.5.1-11.5.9" + }, + { + "version_value": "EM 3.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure and Unauthorized Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K05123525", + "url": "https://support.f5.com/csp/article/K05123525" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings." } ] } diff --git a/2019/6xxx/CVE-2019-6650.json b/2019/6xxx/CVE-2019-6650.json index 28f1c8e1ff5..e2edfe45a3a 100644 --- a/2019/6xxx/CVE-2019-6650.json +++ b/2019/6xxx/CVE-2019-6650.json @@ -1,17 +1,79 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6650", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6650", + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5 Networks", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "15.0.0" + }, + { + "version_value": "14.1.0-14.1.0.6" + }, + { + "version_value": "14.0.0-14.0.0.5" + }, + { + "version_value": "13.0.0-13.1.1.5" + }, + { + "version_value": "12.1.0-12.1.4.1" + }, + { + "version_value": "11.6.0-11.6.4" + }, + { + "version_value": "11.5.1-11.5.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure and Unauthorized Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K04280042", + "url": "https://support.f5.com/csp/article/K04280042" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings." } ] }