From 46f79002e88a6015e747f55cfb6f1532b1230c48 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Nov 2019 19:01:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/7xxx/CVE-2008-7220.json | 10 ++++ 2010/2xxx/CVE-2010-2472.json | 63 ++++++++++++++++++++-- 2010/2xxx/CVE-2010-2473.json | 63 ++++++++++++++++++++-- 2013/4xxx/CVE-2013-4939.json | 10 ++++ 2018/0xxx/CVE-2018-0503.json | 5 ++ 2018/0xxx/CVE-2018-0504.json | 5 ++ 2018/0xxx/CVE-2018-0505.json | 5 ++ 2019/10xxx/CVE-2019-10150.json | 5 ++ 2019/11xxx/CVE-2019-11249.json | 5 ++ 2019/11xxx/CVE-2019-11253.json | 5 ++ 2019/11xxx/CVE-2019-11996.json | 97 ++++++++++++++++++++++++++++++++-- 2019/3xxx/CVE-2019-3764.json | 45 ++++++++-------- 12 files changed, 287 insertions(+), 31 deletions(-) diff --git a/2008/7xxx/CVE-2008-7220.json b/2008/7xxx/CVE-2008-7220.json index 5b045d0e12a..044f4889a0b 100644 --- a/2008/7xxx/CVE-2008-7220.json +++ b/2008/7xxx/CVE-2008-7220.json @@ -131,6 +131,16 @@ "refsource": "MLIST", "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3610) Update lib prototype.js: 1.4.0_pre4 due to security vulnerability", + "url": "https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3610) Update lib prototype.js: 1.4.0_pre4 due to security vulnerability", + "url": "https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366@%3Cissues.zookeeper.apache.org%3E" } ] } diff --git a/2010/2xxx/CVE-2010-2472.json b/2010/2xxx/CVE-2010-2472.json index ad83d2001c4..a0b41e8517f 100644 --- a/2010/2xxx/CVE-2010-2472.json +++ b/2010/2xxx/CVE-2010-2472.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2472", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "drupal6", + "product": { + "product_data": [ + { + "product_name": "drupal6", + "version": { + "version_data": [ + { + "version_value": "6.x before version 6.16" + }, + { + "version_value": "5.x before version 5.22" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "module cross site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-2472", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-2472" + }, + { + "refsource": "CONFIRM", + "name": "https://www.drupal.org/node/731710", + "url": "https://www.drupal.org/node/731710" + }, + { + "refsource": "MLIST", + "name": "MLIST: [oss-security] 20100628 Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001", + "url": "https://www.openwall.com/lists/oss-security/2010/06/28/8" } ] } diff --git a/2010/2xxx/CVE-2010-2473.json b/2010/2xxx/CVE-2010-2473.json index 0fe51c61908..1379f0f86ae 100644 --- a/2010/2xxx/CVE-2010-2473.json +++ b/2010/2xxx/CVE-2010-2473.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2473", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "drupal6", + "product": { + "product_data": [ + { + "product_name": "drupal6", + "version": { + "version_data": [ + { + "version_value": "6.x before version 6.16" + }, + { + "version_value": "5.x before version 5.22" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "user session regeneration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-2473", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-2473" + }, + { + "refsource": "CONFIRM", + "name": "https://www.drupal.org/node/731710", + "url": "https://www.drupal.org/node/731710" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20100628 Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001", + "url": "https://www.openwall.com/lists/oss-security/2010/06/28/8" } ] } diff --git a/2013/4xxx/CVE-2013-4939.json b/2013/4xxx/CVE-2013-4939.json index 4218bc69f46..eeacc4eb5ae 100644 --- a/2013/4xxx/CVE-2013-4939.json +++ b/2013/4xxx/CVE-2013-4939.json @@ -66,6 +66,16 @@ "name": "http://yuilibrary.com/support/20130515-vulnerability/", "refsource": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability", + "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability", + "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E" } ] } diff --git a/2018/0xxx/CVE-2018-0503.json b/2018/0xxx/CVE-2018-0503.json index e45bf3a303f..89ff77d0a95 100644 --- a/2018/0xxx/CVE-2018-0503.json +++ b/2018/0xxx/CVE-2018-0503.json @@ -83,6 +83,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3238", "url": "https://access.redhat.com/errata/RHSA-2019:3238" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3813", + "url": "https://access.redhat.com/errata/RHSA-2019:3813" } ] }, diff --git a/2018/0xxx/CVE-2018-0504.json b/2018/0xxx/CVE-2018-0504.json index 8c58ac28614..201bd4e06a5 100644 --- a/2018/0xxx/CVE-2018-0504.json +++ b/2018/0xxx/CVE-2018-0504.json @@ -78,6 +78,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3238", "url": "https://access.redhat.com/errata/RHSA-2019:3238" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3813", + "url": "https://access.redhat.com/errata/RHSA-2019:3813" } ] }, diff --git a/2018/0xxx/CVE-2018-0505.json b/2018/0xxx/CVE-2018-0505.json index d7746998f69..3145eee64be 100644 --- a/2018/0xxx/CVE-2018-0505.json +++ b/2018/0xxx/CVE-2018-0505.json @@ -83,6 +83,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3238", "url": "https://access.redhat.com/errata/RHSA-2019:3238" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3813", + "url": "https://access.redhat.com/errata/RHSA-2019:3813" } ] }, diff --git a/2019/10xxx/CVE-2019-10150.json b/2019/10xxx/CVE-2019-10150.json index aab018a85df..437576c1c29 100644 --- a/2019/10xxx/CVE-2019-10150.json +++ b/2019/10xxx/CVE-2019-10150.json @@ -68,6 +68,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3143", "url": "https://access.redhat.com/errata/RHSA-2019:3143" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3811", + "url": "https://access.redhat.com/errata/RHSA-2019:3811" } ] }, diff --git a/2019/11xxx/CVE-2019-11249.json b/2019/11xxx/CVE-2019-11249.json index 8016e7e439b..47f2be6cfd5 100644 --- a/2019/11xxx/CVE-2019-11249.json +++ b/2019/11xxx/CVE-2019-11249.json @@ -158,6 +158,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3239", "url": "https://access.redhat.com/errata/RHSA-2019:3239" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3811", + "url": "https://access.redhat.com/errata/RHSA-2019:3811" } ] }, diff --git a/2019/11xxx/CVE-2019-11253.json b/2019/11xxx/CVE-2019-11253.json index 021ca7b6f6b..1954c68569b 100644 --- a/2019/11xxx/CVE-2019-11253.json +++ b/2019/11xxx/CVE-2019-11253.json @@ -194,6 +194,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191031-0006/", "url": "https://security.netapp.com/advisory/ntap-20191031-0006/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3811", + "url": "https://access.redhat.com/errata/RHSA-2019:3811" } ] }, diff --git a/2019/11xxx/CVE-2019-11996.json b/2019/11xxx/CVE-2019-11996.json index a4d35113fc2..757039b95f3 100644 --- a/2019/11xxx/CVE-2019-11996.json +++ b/2019/11xxx/CVE-2019-11996.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HPE", + "product": { + "product_data": [ + { + "product_name": "Nimble Storage Hybrid Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "5.1.2.0 and older" + }, + { + "version_value": "5.0.7.0 and older" + }, + { + "version_value": "4.5.4.0 and older" + }, + { + "version_value": "3.9.1.0 and older" + } + ] + } + }, + { + "product_name": "Nimble Storage All Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "5.1.2.0 and older" + }, + { + "version_value": "5.0.7.0 and older" + }, + { + "version_value": "4.5.4.0 and older" + }, + { + "version_value": "3.9.1.0 and older" + } + ] + } + }, + { + "product_name": "Nimble Storage Secondary Flash Arrays", + "version": { + "version_data": [ + { + "version_value": "5.1.2.0 and older" + }, + { + "version_value": "5.0.7.0 and older" + }, + { + "version_value": "4.5.4.0 and older" + }, + { + "version_value": "3.9.1.0 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote gain elevated privileges and disclose information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older" } ] } diff --git a/2019/3xxx/CVE-2019-3764.json b/2019/3xxx/CVE-2019-3764.json index 8ecb04b7087..09ce9bde5ab 100644 --- a/2019/3xxx/CVE-2019-3764.json +++ b/2019/3xxx/CVE-2019-3764.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-11-04", - "ID": "CVE-2019-3764", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-11-04", + "ID": "CVE-2019-3764", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Integrated Dell Remote Access Controller (iDRAC)", + "product_name": "Integrated Dell Remote Access Controller (iDRAC)", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." + "lang": "eng", + "value": "Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." } ] - }, + }, "impact": { "cvss": { - "baseScore": 5.0, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en" + "refsource": "MISC", + "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en", + "name": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en" } ] }