diff --git a/2016/6xxx/CVE-2016-6352.json b/2016/6xxx/CVE-2016-6352.json index 5dc663c4fd4..b0400f490e8 100644 --- a/2016/6xxx/CVE-2016-6352.json +++ b/2016/6xxx/CVE-2016-6352.json @@ -86,6 +86,11 @@ "name": "https://bugzilla.gnome.org/show_bug.cgi?id=769170", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" } ] } diff --git a/2017/2xxx/CVE-2017-2870.json b/2017/2xxx/CVE-2017-2870.json index 96d598e8340..8fb3bc733a3 100644 --- a/2017/2xxx/CVE-2017-2870.json +++ b/2017/2xxx/CVE-2017-2870.json @@ -62,6 +62,11 @@ "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" } ] } diff --git a/2017/6xxx/CVE-2017-6312.json b/2017/6xxx/CVE-2017-6312.json index dab56a6365e..16a2f6ee7c2 100644 --- a/2017/6xxx/CVE-2017-6312.json +++ b/2017/6xxx/CVE-2017-6312.json @@ -81,6 +81,11 @@ "name": "GLSA-201709-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-08" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" } ] } diff --git a/2017/6xxx/CVE-2017-6313.json b/2017/6xxx/CVE-2017-6313.json index 9a70a99c515..c9614c2c6ed 100644 --- a/2017/6xxx/CVE-2017-6313.json +++ b/2017/6xxx/CVE-2017-6313.json @@ -81,6 +81,11 @@ "name": "GLSA-201709-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-08" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" } ] } diff --git a/2017/6xxx/CVE-2017-6314.json b/2017/6xxx/CVE-2017-6314.json index 81f9f2a391c..0226cb55f9b 100644 --- a/2017/6xxx/CVE-2017-6314.json +++ b/2017/6xxx/CVE-2017-6314.json @@ -81,6 +81,11 @@ "name": "GLSA-201709-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-08" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" } ] } diff --git a/2019/16xxx/CVE-2019-16871.json b/2019/16xxx/CVE-2019-16871.json new file mode 100644 index 00000000000..9836ed6ed99 --- /dev/null +++ b/2019/16xxx/CVE-2019-16871.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648", + "url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648" + }, + { + "refsource": "CONFIRM", + "name": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf", + "url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17527.json b/2019/17xxx/CVE-2019-17527.json new file mode 100644 index 00000000000..1c196bd721c --- /dev/null +++ b/2019/17xxx/CVE-2019-17527.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/blackcon/c61771eb8c9f0aeef6f6797f945efa13", + "url": "https://gist.github.com/blackcon/c61771eb8c9f0aeef6f6797f945efa13" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19232.json b/2019/19xxx/CVE-2019-19232.json index e9baf5a104a..35a0886c18d 100644 --- a/2019/19xxx/CVE-2019-19232.json +++ b/2019/19xxx/CVE-2019-19232.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19232", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19232", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sudo.ws/stable.html", + "refsource": "MISC", + "name": "https://www.sudo.ws/stable.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.sudo.ws/devel.html#1.8.30b2", + "url": "https://www.sudo.ws/devel.html#1.8.30b2" } ] } diff --git a/2019/19xxx/CVE-2019-19234.json b/2019/19xxx/CVE-2019-19234.json index ca02c9af51d..3da932fff50 100644 --- a/2019/19xxx/CVE-2019-19234.json +++ b/2019/19xxx/CVE-2019-19234.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19234", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19234", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sudo.ws/stable.html", + "refsource": "MISC", + "name": "https://www.sudo.ws/stable.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.sudo.ws/devel.html#1.8.30b2", + "url": "https://www.sudo.ws/devel.html#1.8.30b2" } ] } diff --git a/2019/19xxx/CVE-2019-19340.json b/2019/19xxx/CVE-2019-19340.json index 0bf994200ee..7b7844b526d 100644 --- a/2019/19xxx/CVE-2019-19340.json +++ b/2019/19xxx/CVE-2019-19340.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19340", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -57,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.z before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system." + "value": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system." } ] }, @@ -71,4 +72,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19341.json b/2019/19xxx/CVE-2019-19341.json index 96a8ae224a4..46663ecb3a3 100644 --- a/2019/19xxx/CVE-2019-19341.json +++ b/2019/19xxx/CVE-2019-19341.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19341", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19342.json b/2019/19xxx/CVE-2019-19342.json index ecbdc9ab32c..96a7db8a09a 100644 --- a/2019/19xxx/CVE-2019-19342.json +++ b/2019/19xxx/CVE-2019-19342.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19342", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -71,4 +72,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19914.json b/2019/19xxx/CVE-2019-19914.json new file mode 100644 index 00000000000..6c3e0976c3b --- /dev/null +++ b/2019/19xxx/CVE-2019-19914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file