From 4824889e77e831b2788d46cdf208b706c24f3204 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Nov 2019 19:01:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20687.json | 48 ++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11755.json | 5 +++ 2019/12xxx/CVE-2019-12271.json | 61 ++++++++++++++++++++++++++++++---- 2019/12xxx/CVE-2019-12299.json | 61 ++++++++++++++++++++++++++++++---- 2019/12xxx/CVE-2019-12311.json | 61 ++++++++++++++++++++++++++++++---- 2019/12xxx/CVE-2019-12384.json | 5 +++ 2019/14xxx/CVE-2019-14379.json | 5 +++ 2019/15xxx/CVE-2019-15903.json | 5 +++ 2019/16xxx/CVE-2019-16869.json | 5 +++ 2019/16xxx/CVE-2019-16942.json | 5 +++ 2019/3xxx/CVE-2019-3423.json | 58 ++++++++++++++++++++++++++++---- 2019/3xxx/CVE-2019-3424.json | 58 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5694.json | 5 +++ 2019/5xxx/CVE-2019-5695.json | 5 +++ 14 files changed, 353 insertions(+), 34 deletions(-) diff --git a/2018/20xxx/CVE-2018-20687.json b/2018/20xxx/CVE-2018-20687.json index 49e394885e1..2a052241e3d 100644 --- a/2018/20xxx/CVE-2018-20687.json +++ b/2018/20xxx/CVE-2018-20687.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20687", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway 5.4.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155359/Raritan-CommandCenter-Secure-Gateway-XML-Injection.html", + "url": "http://packetstormsecurity.com/files/155359/Raritan-CommandCenter-Secure-Gateway-XML-Injection.html" } ] } diff --git a/2019/11xxx/CVE-2019-11755.json b/2019/11xxx/CVE-2019-11755.json index 611e2c5e087..34764074e7a 100644 --- a/2019/11xxx/CVE-2019-11755.json +++ b/2019/11xxx/CVE-2019-11755.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4571", "url": "https://www.debian.org/security/2019/dsa-4571" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html" } ] }, diff --git a/2019/12xxx/CVE-2019-12271.json b/2019/12xxx/CVE-2019-12271.json index 363b456dba2..aec8f4d64aa 100644 --- a/2019/12xxx/CVE-2019-12271.json +++ b/2019/12xxx/CVE-2019-12271.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12271", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12271", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding \".jpg\" to any uploaded filename is not enforced on the server side." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155355/Centraleyezer-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/155355/Centraleyezer-Shell-Upload.html" + }, + { + "refsource": "MISC", + "name": "https://link.medium.com/Y2S4ZJbMy1", + "url": "https://link.medium.com/Y2S4ZJbMy1" } ] } diff --git a/2019/12xxx/CVE-2019-12299.json b/2019/12xxx/CVE-2019-12299.json index c8244d912c2..9eb75aed5be 100644 --- a/2019/12xxx/CVE-2019-12299.json +++ b/2019/12xxx/CVE-2019-12299.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12299", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12299", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Nov/8", + "url": "http://seclists.org/fulldisclosure/2019/Nov/8" + }, + { + "refsource": "MISC", + "name": "https://medium.com/insidersec0x42/centraleyezer-stored-xss-using-html-entities-cve-2019-12299-5c295ae54ef", + "url": "https://medium.com/insidersec0x42/centraleyezer-stored-xss-using-html-entities-cve-2019-12299-5c295ae54ef" } ] } diff --git a/2019/12xxx/CVE-2019-12311.json b/2019/12xxx/CVE-2019-12311.json index 5b0f815b70b..e3fc8ce8976 100644 --- a/2019/12xxx/CVE-2019-12311.json +++ b/2019/12xxx/CVE-2019-12311.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12311", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12311", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Nov/9", + "url": "http://seclists.org/fulldisclosure/2019/Nov/9" + }, + { + "refsource": "MISC", + "name": "https://medium.com/insidersec0x42/centraleyezer-unrestricted-file-upload-cve-2019-12311-7cad12e95165", + "url": "https://medium.com/insidersec0x42/centraleyezer-unrestricted-file-upload-cve-2019-12311-7cad12e95165" } ] } diff --git a/2019/12xxx/CVE-2019-12384.json b/2019/12xxx/CVE-2019-12384.json index 5fd60aed7dd..f7a6fa4de65 100644 --- a/2019/12xxx/CVE-2019-12384.json +++ b/2019/12xxx/CVE-2019-12384.json @@ -246,6 +246,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3901", + "url": "https://access.redhat.com/errata/RHSA-2019:3901" } ] } diff --git a/2019/14xxx/CVE-2019-14379.json b/2019/14xxx/CVE-2019-14379.json index 5f23980e97b..45c83e7656f 100644 --- a/2019/14xxx/CVE-2019-14379.json +++ b/2019/14xxx/CVE-2019-14379.json @@ -291,6 +291,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3297", "url": "https://access.redhat.com/errata/RHSA-2019:3297" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3901", + "url": "https://access.redhat.com/errata/RHSA-2019:3901" } ] } diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index 20a69983e1f..cc74f0bd494 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -231,6 +231,11 @@ "refsource": "DEBIAN", "name": "DSA-4571", "url": "https://www.debian.org/security/2019/dsa-4571" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html" } ] } diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index 88a75b01825..cba3fa28276 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -181,6 +181,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3901", + "url": "https://access.redhat.com/errata/RHSA-2019:3901" } ] } diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index 4e286bc7996..ad783145dfe 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -121,6 +121,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cf87377f5f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3901", + "url": "https://access.redhat.com/errata/RHSA-2019:3901" } ] } diff --git a/2019/3xxx/CVE-2019-3423.json b/2019/3xxx/CVE-2019-3423.json index af93ba87027..86a97714294 100644 --- a/2019/3xxx/CVE-2019-3423.json +++ b/2019/3xxx/CVE-2019-3423.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3423", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3423", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE Corporation", + "product": { + "product_data": [ + { + "product_name": "C520V21", + "version": { + "version_data": [ + { + "version_value": "All versions up to V2.1.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission and Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources." } ] } diff --git a/2019/3xxx/CVE-2019-3424.json b/2019/3xxx/CVE-2019-3424.json index 1d5e0d35610..caec59de36c 100644 --- a/2019/3xxx/CVE-2019-3424.json +++ b/2019/3xxx/CVE-2019-3424.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3424", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3424", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE Corporation", + "product": { + "product_data": [ + { + "product_name": "C520V21", + "version": { + "version_data": [ + { + "version_value": "All versions up to V2.1.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Issues" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations." } ] } diff --git a/2019/5xxx/CVE-2019-5694.json b/2019/5xxx/CVE-2019-5694.json index b514698ec83..e468d65fe93 100644 --- a/2019/5xxx/CVE-2019-5694.json +++ b/2019/5xxx/CVE-2019-5694.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907" + }, + { + "refsource": "MISC", + "name": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", + "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695" } ] }, diff --git a/2019/5xxx/CVE-2019-5695.json b/2019/5xxx/CVE-2019-5695.json index e8141330c79..3011c3f1bb2 100644 --- a/2019/5xxx/CVE-2019-5695.json +++ b/2019/5xxx/CVE-2019-5695.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860" + }, + { + "refsource": "MISC", + "name": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695", + "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695" } ] },