diff --git a/2019/11xxx/CVE-2019-11674.json b/2019/11xxx/CVE-2019-11674.json index 2c1ff7eab57..6c918b6ecf7 100644 --- a/2019/11xxx/CVE-2019-11674.json +++ b/2019/11xxx/CVE-2019-11674.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Self Service Password Reset (SSPR) versions prior to 4.4.0.4", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 4.4.0.4." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid certificate validation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html", + "url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack." } ] } diff --git a/2019/12xxx/CVE-2019-12967.json b/2019/12xxx/CVE-2019-12967.json index b7a3f356dd7..9d15b9f4024 100644 --- a/2019/12xxx/CVE-2019-12967.json +++ b/2019/12xxx/CVE-2019-12967.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12967", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12967", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mooltipass/moolticute/commits/master", + "refsource": "MISC", + "name": "https://github.com/mooltipass/moolticute/commits/master" + }, + { + "refsource": "MISC", + "name": "https://securiteam.io/2019/10/20/cve-2019-12967-moolticute-improper-access-control/", + "url": "https://securiteam.io/2019/10/20/cve-2019-12967-moolticute-improper-access-control/" } ] } diff --git a/2019/17xxx/CVE-2019-17189.json b/2019/17xxx/CVE-2019-17189.json new file mode 100644 index 00000000000..ae05f1ebda1 --- /dev/null +++ b/2019/17xxx/CVE-2019-17189.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "totemodata 3.0.0_b936 has XSS via a folder name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.totemo.com/en/solutions/secure-file-transfer", + "refsource": "MISC", + "name": "https://www.totemo.com/en/solutions/secure-file-transfer" + }, + { + "url": "https://www.compass-security.com/en/research/advisories/", + "refsource": "MISC", + "name": "https://www.compass-security.com/en/research/advisories/" + }, + { + "refsource": "MISC", + "name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-021_totemodata_Cross-Site_Scripting_XSS.txt", + "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-021_totemodata_Cross-Site_Scripting_XSS.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4523.json b/2019/4xxx/CVE-2019-4523.json index 444762acd79..f63c1917c8b 100644 --- a/2019/4xxx/CVE-2019-4523.json +++ b/2019/4xxx/CVE-2019-4523.json @@ -1,100 +1,100 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.5" - } - ] - }, - "product_name" : "Db2 High Performance Unload load for LUW" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - } - ] - }, - "product_name" : "DB2 High Performance Unload load for LUW" - } - ] - } + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-16T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4523" - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "AV" : "L", - "SCORE" : "8.400", - "UI" : "N", - "C" : "H", - "I" : "H", - "A" : "H", - "S" : "U", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://supportcontent.ibm.com/support/pages/node/1073236", - "name" : "https://supportcontent.ibm.com/support/pages/node/1073236", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1073236 (Db2 High Performance Unload load for LUW)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-db2-cve20194523-bo (165481)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165481" - } - ] - } -} + ] + }, + "description": { + "description_data": [ + { + "value": "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5" + } + ] + }, + "product_name": "Db2 High Performance Unload load for LUW" + }, + { + "version": { + "version_data": [ + { + "version_value": "6.1" + } + ] + }, + "product_name": "DB2 High Performance Unload load for LUW" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-16T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4523" + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "AV": "L", + "SCORE": "8.400", + "UI": "N", + "C": "H", + "I": "H", + "A": "H", + "S": "U", + "AC": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://supportcontent.ibm.com/support/pages/node/1073236", + "name": "https://supportcontent.ibm.com/support/pages/node/1073236", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1073236 (Db2 High Performance Unload load for LUW)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-db2-cve20194523-bo (165481)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165481" + } + ] + } +} \ No newline at end of file