From 45b9f7397ed07801bfa44fa45088344809270e78 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 4 Dec 2019 20:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11216.json | 61 +++++++++++++++++++++++++++++---- 2019/12xxx/CVE-2019-12523.json | 5 +++ 2019/12xxx/CVE-2019-12526.json | 5 +++ 2019/12xxx/CVE-2019-12854.json | 5 +++ 2019/16xxx/CVE-2019-16752.json | 62 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16753.json | 62 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18676.json | 5 +++ 2019/18xxx/CVE-2019-18677.json | 5 +++ 2019/18xxx/CVE-2019-18678.json | 5 +++ 2019/18xxx/CVE-2019-18679.json | 5 +++ 10 files changed, 214 insertions(+), 6 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16752.json create mode 100644 2019/16xxx/CVE-2019-16753.json diff --git a/2019/11xxx/CVE-2019-11216.json b/2019/11xxx/CVE-2019-11216.json index 00dbce14d10..ede92e87ab8 100644 --- a/2019/11xxx/CVE-2019-11216.json +++ b/2019/11xxx/CVE-2019-11216.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11216", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11216", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.bmc.com/docs/itsm90/export-and-import-repository-509983929.html", + "refsource": "MISC", + "name": "https://docs.bmc.com/docs/itsm90/export-and-import-repository-509983929.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Dec/7", + "url": "http://seclists.org/fulldisclosure/2019/Dec/7" } ] } diff --git a/2019/12xxx/CVE-2019-12523.json b/2019/12xxx/CVE-2019-12523.json index e48920e457e..d075299d053 100644 --- a/2019/12xxx/CVE-2019-12523.json +++ b/2019/12xxx/CVE-2019-12523.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1156329", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329" + }, + { + "refsource": "UBUNTU", + "name": "USN-4213-1", + "url": "https://usn.ubuntu.com/4213-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12526.json b/2019/12xxx/CVE-2019-12526.json index 3a02c3cc113..7a10b7254e7 100644 --- a/2019/12xxx/CVE-2019-12526.json +++ b/2019/12xxx/CVE-2019-12526.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt" + }, + { + "refsource": "UBUNTU", + "name": "USN-4213-1", + "url": "https://usn.ubuntu.com/4213-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12854.json b/2019/12xxx/CVE-2019-12854.json index 8aa981edc5f..7113a6c4a7f 100644 --- a/2019/12xxx/CVE-2019-12854.json +++ b/2019/12xxx/CVE-2019-12854.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2541", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4213-1", + "url": "https://usn.ubuntu.com/4213-1/" } ] } diff --git a/2019/16xxx/CVE-2019-16752.json b/2019/16xxx/CVE-2019-16752.json new file mode 100644 index 00000000000..bd302f9a93e --- /dev/null +++ b/2019/16xxx/CVE-2019-16752.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf", + "refsource": "MISC", + "name": "https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16753.json b/2019/16xxx/CVE-2019-16753.json new file mode 100644 index 00000000000..e84209a9b75 --- /dev/null +++ b/2019/16xxx/CVE-2019-16753.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf", + "refsource": "MISC", + "name": "https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18676.json b/2019/18xxx/CVE-2019-18676.json index 87f063bab46..e2b0d86ef39 100644 --- a/2019/18xxx/CVE-2019-18676.json +++ b/2019/18xxx/CVE-2019-18676.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch" + }, + { + "refsource": "UBUNTU", + "name": "USN-4213-1", + "url": "https://usn.ubuntu.com/4213-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18677.json b/2019/18xxx/CVE-2019-18677.json index 07d2eb4e053..951aaa2f8d2 100644 --- a/2019/18xxx/CVE-2019-18677.json +++ b/2019/18xxx/CVE-2019-18677.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch" + }, + { + "refsource": "UBUNTU", + "name": "USN-4213-1", + "url": "https://usn.ubuntu.com/4213-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18678.json b/2019/18xxx/CVE-2019-18678.json index 225103596f6..a7bba95645d 100644 --- a/2019/18xxx/CVE-2019-18678.json +++ b/2019/18xxx/CVE-2019-18678.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt" + }, + { + "refsource": "UBUNTU", + "name": "USN-4213-1", + "url": "https://usn.ubuntu.com/4213-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18679.json b/2019/18xxx/CVE-2019-18679.json index 789da431d56..b25544385e6 100644 --- a/2019/18xxx/CVE-2019-18679.json +++ b/2019/18xxx/CVE-2019-18679.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch" + }, + { + "refsource": "UBUNTU", + "name": "USN-4213-1", + "url": "https://usn.ubuntu.com/4213-1/" } ] }