diff --git a/2019/12xxx/CVE-2019-12494.json b/2019/12xxx/CVE-2019-12494.json index 38f60da7930..258fadf0b88 100644 --- a/2019/12xxx/CVE-2019-12494.json +++ b/2019/12xxx/CVE-2019-12494.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12494", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12494", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gardener/vpn/issues/40", + "refsource": "MISC", + "name": "https://github.com/gardener/vpn/issues/40" + }, + { + "url": "https://github.com/gardener/gardener/pull/874", + "refsource": "MISC", + "name": "https://github.com/gardener/gardener/pull/874" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/forum/#!topic/gardener/pH6dNIEhv-A", + "url": "https://groups.google.com/forum/#!topic/gardener/pH6dNIEhv-A" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6800.json b/2019/6xxx/CVE-2019-6800.json index 3064afd0616..2c52a52575a 100644 --- a/2019/6xxx/CVE-2019-6800.json +++ b/2019/6xxx/CVE-2019-6800.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6800", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.spamtitan.com/category/spamtitan-news/", + "url": "https://www.spamtitan.com/category/spamtitan-news/" + }, + { + "refsource": "MISC", + "name": "https://write-up.github.io/CVE-2019-6800/", + "url": "https://write-up.github.io/CVE-2019-6800/" } ] } diff --git a/2019/7xxx/CVE-2019-7671.json b/2019/7xxx/CVE-2019-7671.json index 0bff7e6bc79..13342dffdf4 100644 --- a/2019/7xxx/CVE-2019-7671.json +++ b/2019/7xxx/CVE-2019-7671.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7671", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prima Systems FlexAir devices allow Authenticated Stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/index.php/download_file/view/199/165", + "url": "https://applied-risk.com/index.php/download_file/view/199/165" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/resources/ar-2019-007", + "url": "https://applied-risk.com/resources/ar-2019-007" } ] } diff --git a/2019/7xxx/CVE-2019-7672.json b/2019/7xxx/CVE-2019-7672.json index a22f6c927b0..df1805e0753 100644 --- a/2019/7xxx/CVE-2019-7672.json +++ b/2019/7xxx/CVE-2019-7672.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7672", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prima Systems FlexAir devices have Hard-coded Credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/index.php/download_file/view/199/165", + "url": "https://applied-risk.com/index.php/download_file/view/199/165" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/resources/ar-2019-007", + "url": "https://applied-risk.com/resources/ar-2019-007" } ] } diff --git a/2019/8xxx/CVE-2019-8385.json b/2019/8xxx/CVE-2019-8385.json index dd09eb566c3..8e77a64ea01 100644 --- a/2019/8xxx/CVE-2019-8385.json +++ b/2019/8xxx/CVE-2019-8385.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8385", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \\.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152298/Thomson-Reuters-Concourse-And-Firm-Central-Local-File-Inclusion-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/152298/Thomson-Reuters-Concourse-And-Firm-Central-Local-File-Inclusion-Directory-Traversal.html" + }, + { + "url": "https://www.thomsonreuters.com/en/products-services.html", + "refsource": "MISC", + "name": "https://www.thomsonreuters.com/en/products-services.html" } ] } diff --git a/2019/9xxx/CVE-2019-9156.json b/2019/9xxx/CVE-2019-9156.json index 0feec89bd5f..714da0df398 100644 --- a/2019/9xxx/CVE-2019-9156.json +++ b/2019/9xxx/CVE-2019-9156.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9156", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/May/6", + "url": "http://seclists.org/fulldisclosure/2019/May/6" } ] } diff --git a/2019/9xxx/CVE-2019-9157.json b/2019/9xxx/CVE-2019-9157.json index f6d16b8d041..8c17e18aa80 100644 --- a/2019/9xxx/CVE-2019-9157.json +++ b/2019/9xxx/CVE-2019-9157.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9157", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/May/6", + "url": "http://seclists.org/fulldisclosure/2019/May/6" } ] } diff --git a/2019/9xxx/CVE-2019-9158.json b/2019/9xxx/CVE-2019-9158.json index 8c5eb249898..2ae0a64beed 100644 --- a/2019/9xxx/CVE-2019-9158.json +++ b/2019/9xxx/CVE-2019-9158.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9158", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/May/6", + "url": "http://seclists.org/fulldisclosure/2019/May/6" } ] }