From 7c1438a7300dd20c1651ae7faf9c02a39e5ee4e9 Mon Sep 17 00:00:00 2001 From: swpsirt Date: Mon, 1 Apr 2019 19:16:19 -0700 Subject: [PATCH 01/25] Update CVE-2018-9867.json Adding additional affected products to published CVE --- 2018/9xxx/CVE-2018-9867.json | 59 +++++++++++++++++++++++++++++++----- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/2018/9xxx/CVE-2018-9867.json b/2018/9xxx/CVE-2018-9867.json index 9b92ec5e0f0..f778fd3849a 100644 --- a/2018/9xxx/CVE-2018-9867.json +++ b/2018/9xxx/CVE-2018-9867.json @@ -11,15 +11,58 @@ "product": { "product_data": [ { - "product_name": "SonicOS", - "version": { - "version_data": [ - { - "version_value": "5.9.1.10 and earlier" - } - ] + "product_name" : "SonicOS", + "version" : { + "version_data" : [ + { + "version_value" : "5.9.1.10 and earlier" + }, + { + "version_value" : "6.2.7.3" + }, + { + "version_value" : "6.5.1.3" + }, + { + "version_value" : "6.5.2.2" + }, + { + "version_value" : "6.5.3.1" + }, + { + "version_value" : "6.2.7.8" + }, + { + "version_value" : "6.4.0.0" + }, + { + "version_value" : "6.5.1.8" + }, + { + "version_value" : "6.0.5.3-86o" + } + ] } - } + }, + { + "product_name" : "SonicOSv", + "version" : { + "version_data" : [ + { + "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value" : "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value" : "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] + } + } ] }, "vendor_name": "SonicWall" From 64ee0d202046fdc64d851c11441bd7dd666b0ab1 Mon Sep 17 00:00:00 2001 From: swpsirt Date: Mon, 1 Apr 2019 19:17:30 -0700 Subject: [PATCH 02/25] SonicWall SonicOS Multiple CVE Multiple CVE 2019-7474, 5 and 6 in regarding to vulnerbility in SonicWall SonicOS and SonicOSv --- 2019/7xxx/CVE-2019-7474.json | 118 ++++++++++++++++++++++++++++++----- 2019/7xxx/CVE-2019-7475.json | 118 ++++++++++++++++++++++++++++++----- 2019/7xxx/CVE-2019-7477.json | 118 ++++++++++++++++++++++++++++++----- 3 files changed, 309 insertions(+), 45 deletions(-) diff --git a/2019/7xxx/CVE-2019-7474.json b/2019/7xxx/CVE-2019-7474.json index 6d4611fd73f..8e744c44e17 100644 --- a/2019/7xxx/CVE-2019-7474.json +++ b/2019/7xxx/CVE-2019-7474.json @@ -1,18 +1,106 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7474", - "STATE": "RESERVED" + "CVE_data_meta" : { + "ASSIGNER" : "psirt@sonicwall.com", + "ID" : "CVE-2019-7474", + "STATE" : "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "SonicOS", + "version" : { + "version_data" : [ + { + "version_value" : "5.9.1.10 and earlier" + }, + { + "version_value" : "6.2.7.3" + }, + { + "version_value" : "6.5.1.3" + }, + { + "version_value" : "6.5.2.2" + }, + { + "version_value" : "6.5.3.1" + }, + { + "version_value" : "6.2.7.8" + }, + { + "version_value" : "6.4.0.0" + }, + { + "version_value" : "6.5.1.8" + }, + { + "version_value" : "6.0.5.3-86o" + } + ] + } + }, + { + "product_name" : "SonicOSv", + "version" : { + "version_data" : [ + { + "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value" : "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value" : "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] + } + } + ] + }, + "vendor_name" : "SonicWall" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001", + "refsource" : "CONFIRM", + "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001" + } + ] } -} \ No newline at end of file + } + \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7475.json b/2019/7xxx/CVE-2019-7475.json index dbfa6b6885f..c6ebe085e99 100644 --- a/2019/7xxx/CVE-2019-7475.json +++ b/2019/7xxx/CVE-2019-7475.json @@ -1,18 +1,106 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7475", - "STATE": "RESERVED" + "CVE_data_meta" : { + "ASSIGNER" : "psirt@sonicwall.com", + "ID" : "CVE-2019-7475", + "STATE" : "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "SonicOS", + "version" : { + "version_data" : [ + { + "version_value" : "5.9.1.10 and earlier" + }, + { + "version_value" : "6.2.7.3" + }, + { + "version_value" : "6.5.1.3" + }, + { + "version_value" : "6.5.2.2" + }, + { + "version_value" : "6.5.3.1" + }, + { + "version_value" : "6.2.7.8" + }, + { + "version_value" : "6.4.0.0" + }, + { + "version_value" : "6.5.1.8" + }, + { + "version_value" : "6.0.5.3-86o" + } + ] + } + }, + { + "product_name" : "SonicOSv", + "version" : { + "version_data" : [ + { + "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value" : "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value" : "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] + } + } + ] + }, + "vendor_name" : "SonicWall" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002", + "refsource" : "CONFIRM", + "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002" + } + ] } -} \ No newline at end of file + } + \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7477.json b/2019/7xxx/CVE-2019-7477.json index 2fdbe953e43..416de268d18 100644 --- a/2019/7xxx/CVE-2019-7477.json +++ b/2019/7xxx/CVE-2019-7477.json @@ -1,18 +1,106 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7477", - "STATE": "RESERVED" + "CVE_data_meta" : { + "ASSIGNER" : "psirt@sonicwall.com", + "ID" : "CVE-2019-7477", + "STATE" : "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "SonicOS", + "version" : { + "version_data" : [ + { + "version_value" : "5.9.1.10 and earlier" + }, + { + "version_value" : "6.2.7.3" + }, + { + "version_value" : "6.5.1.3" + }, + { + "version_value" : "6.5.2.2" + }, + { + "version_value" : "6.5.3.1" + }, + { + "version_value" : "6.2.7.8" + }, + { + "version_value" : "6.4.0.0" + }, + { + "version_value" : "6.5.1.8" + }, + { + "version_value" : "6.0.5.3-86o" + } + ] + } + }, + { + "product_name" : "SonicOSv", + "version" : { + "version_data" : [ + { + "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value" : "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value" : "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] + } + } + ] + }, + "vendor_name" : "SonicWall" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003", + "refsource" : "CONFIRM", + "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003" + } + ] } -} \ No newline at end of file + } + \ No newline at end of file From 68b35a35ce72f0eeab65154f2b5bcd339941e4eb Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Tue, 2 Apr 2019 09:09:11 -0400 Subject: [PATCH 03/25] IBM20190402-9911 Added CVE-2018-1618, CVE-2018-1917, CVE-2018-1625, CVE-2018-1622, CVE-2018-1623, CVE-2019-4043, CVE-2018-1640, CVE-2018-1680, CVE-2019-4080, CVE-2018-1626, CVE-2018-1874, CVE-2019-4093, CVE-2018-1906 --- 2018/1xxx/CVE-2018-1618.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1622.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1623.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1625.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1626.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1640.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1680.json | 102 +++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1874.json | 105 ++++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1906.json | 108 +++++++++++++++++++++++++++++----- 2018/1xxx/CVE-2018-1917.json | 108 +++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4043.json | 105 ++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4080.json | 111 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4093.json | 102 +++++++++++++++++++++++++++----- 13 files changed, 1158 insertions(+), 195 deletions(-) diff --git a/2018/1xxx/CVE-2018-1618.json b/2018/1xxx/CVE-2018-1618.json index fd4b9d90275..4d71971345d 100644 --- a/2018/1xxx/CVE-2018-1618.json +++ b/2018/1xxx/CVE-2018-1618.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1618", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "I" : "N", + "SCORE" : "7.700", + "PR" : "L", + "AC" : "L", + "S" : "C", + "C" : "H", + "UI" : "N", + "AV" : "N" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1618", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144343", + "name" : "ibm-pim-cve20181618-info-disc (144343)", + "refsource" : "XF" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1622.json b/2018/1xxx/CVE-2018-1622.json index 6cf409a1375..d3414db9e8f 100644 --- a/2018/1xxx/CVE-2018-1622.json +++ b/2018/1xxx/CVE-2018-1622.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1622", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Privileged Identity Manager", + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144348", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-pim-cve20181622-csrf (144348)" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1622", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "L", + "SCORE" : "4.300", + "A" : "N", + "AV" : "N", + "S" : "U", + "AC" : "L", + "PR" : "N", + "UI" : "R", + "C" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_format" : "MITRE" +} diff --git a/2018/1xxx/CVE-2018-1623.json b/2018/1xxx/CVE-2018-1623.json index 421fbc4f581..d51211b6169 100644 --- a/2018/1xxx/CVE-2018-1623.json +++ b/2018/1xxx/CVE-2018-1623.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1623", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "L", + "PR" : "N", + "S" : "U", + "AC" : "L", + "C" : "L", + "UI" : "N", + "I" : "N", + "SCORE" : "4.000", + "A" : "N" + } + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1623", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144408", + "name" : "ibm-pim-cve20181623-info-disc (144408)", + "refsource" : "XF" + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Security Privileged Identity Manager", + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2018/1xxx/CVE-2018-1625.json b/2018/1xxx/CVE-2018-1625.json index e80f7fc8f4e..fb8e4941ff6 100644 --- a/2018/1xxx/CVE-2018-1625.json +++ b/2018/1xxx/CVE-2018-1625.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1625", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "SCORE" : "4.300", + "I" : "N", + "UI" : "N", + "C" : "L", + "AC" : "L", + "S" : "U", + "PR" : "L", + "AV" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" + }, + { + "refsource" : "XF", + "name" : "ibm-pim-cve20181625-info-disc (144410)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144410", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1625", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410." + } + ] + }, + "data_type" : "CVE" +} diff --git a/2018/1xxx/CVE-2018-1626.json b/2018/1xxx/CVE-2018-1626.json index 04a56d292d5..114a08f1430 100644 --- a/2018/1xxx/CVE-2018-1626.json +++ b/2018/1xxx/CVE-2018-1626.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1626", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411." + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "refsource" : "XF", + "name" : "ibm-pim-cve20181626-info-disc (144411)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144411", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1626", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "I" : "N", + "SCORE" : "3.100", + "AC" : "H", + "S" : "U", + "PR" : "L", + "UI" : "N", + "C" : "L", + "AV" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + } +} diff --git a/2018/1xxx/CVE-2018-1640.json b/2018/1xxx/CVE-2018-1640.json index 604d0a74eb5..4dbea809925 100644 --- a/2018/1xxx/CVE-2018-1640.json +++ b/2018/1xxx/CVE-2018-1640.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1640", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "C" : "H", + "S" : "U", + "AC" : "L", + "PR" : "L", + "AV" : "N", + "A" : "H", + "SCORE" : "8.800", + "I" : "H" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + }, + "product_name" : "Security Privileged Identity Manager" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource" : "CONFIRM", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144580", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-pim-cve20181640-command-exec (144580)" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1640", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE" +} diff --git a/2018/1xxx/CVE-2018-1680.json b/2018/1xxx/CVE-2018-1680.json index 7f78e69b7b6..0850149b20f 100644 --- a/2018/1xxx/CVE-2018-1680.json +++ b/2018/1xxx/CVE-2018-1680.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1680", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "H", + "UI" : "N", + "PR" : "N", + "S" : "U", + "AC" : "H", + "AV" : "N", + "A" : "N", + "SCORE" : "5.900", + "I" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1680", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145236", + "name" : "ibm-sim-cve20181680-info-disc (145236)", + "refsource" : "XF" + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Privileged Identity Manager", + "version" : { + "version_data" : [ + { + "version_value" : "2.1.1" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.", + "lang" : "eng" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1874.json b/2018/1xxx/CVE-2018-1874.json index 5b7a3734133..f201dca5206 100644 --- a/2018/1xxx/CVE-2018-1874.json +++ b/2018/1xxx/CVE-2018-1874.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1874", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0.0" + }, + { + "version_value" : "5.0.8.5" + } + ] + }, + "product_name" : "API Connect" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-03-27T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1874" + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10876994", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10876994", + "title" : "IBM Security Bulletin 876994 (API Connect)" + }, + { + "name" : "ibm-api-cve20181874-info-disc (151636)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151636" + } + ] + }, + "description" : { + "description_data" : [ + { + "value" : "IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "C" : "H", + "AC" : "L", + "S" : "U", + "PR" : "N", + "AV" : "P", + "A" : "N", + "SCORE" : "4.600", + "I" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_format" : "MITRE" +} diff --git a/2018/1xxx/CVE-2018-1906.json b/2018/1xxx/CVE-2018-1906.json index 59c9788af0c..402bea8746c 100644 --- a/2018/1xxx/CVE-2018-1906.json +++ b/2018/1xxx/CVE-2018-1906.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1906", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2018-1906", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872320", + "title" : "IBM Security Bulletin 872320 (InfoSphere Information Server)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872320" + }, + { + "refsource" : "XF", + "name" : "ibm-infosphere-cve20181906-info-disc (152663)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152663", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + }, + "product_name" : "InfoSphere Information Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "AV" : "N", + "UI" : "N", + "C" : "L", + "AC" : "L", + "S" : "U", + "PR" : "L", + "SCORE" : "4.300", + "I" : "N", + "A" : "N" + } + } + } +} diff --git a/2018/1xxx/CVE-2018-1917.json b/2018/1xxx/CVE-2018-1917.json index 73ffb176cff..f565ebf0304 100644 --- a/2018/1xxx/CVE-2018-1917.json +++ b/2018/1xxx/CVE-2018-1917.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1917", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + }, + "product_name" : "InfoSphere Information Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "ID" : "CVE-2018-1917", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872274", + "title" : "IBM Security Bulletin 872274 (InfoSphere Information Server)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872274" + }, + { + "refsource" : "XF", + "name" : "ibm-infosphere-cve20181917-info-disc (152784)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152784", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "AV" : "A", + "PR" : "L", + "AC" : "L", + "S" : "U", + "C" : "L", + "UI" : "N", + "I" : "N", + "SCORE" : "3.500", + "A" : "N" + } + } + }, + "data_format" : "MITRE" +} diff --git a/2019/4xxx/CVE-2019-4043.json b/2019/4xxx/CVE-2019-4043.json index e81fcc7d1d5..4d36fc48b9e 100644 --- a/2019/4xxx/CVE-2019-4043.json +++ b/2019/4xxx/CVE-2019-4043.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4043", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "PR" : "L", + "AC" : "L", + "S" : "U", + "C" : "H", + "UI" : "N", + "I" : "N", + "SCORE" : "7.100", + "A" : "L" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.2.0" + }, + { + "version_value" : "6.0.0.0" + } + ] + }, + "product_name" : "Sterling B2B Integrator" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874238", + "title" : "IBM Security Bulletin 874238 (Sterling B2B Integrator)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874238" + }, + { + "name" : "ibm-sterling-cve20194043-xxe (156239)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156239" + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4043", + "DATE_PUBLIC" : "2019-03-29T00:00:00", + "STATE" : "PUBLIC" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4080.json b/2019/4xxx/CVE-2019-4080.json index 333557d0f92..52862d34bc9 100644 --- a/2019/4xxx/CVE-2019-4080.json +++ b/2019/4xxx/CVE-2019-4080.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4080", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "C" : "N", + "UI" : "N", + "PR" : "L", + "AC" : "L", + "S" : "U", + "SCORE" : "6.500", + "I" : "N", + "A" : "H" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4080", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-26T00:00:00" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10875692", + "title" : "IBM Security Bulletin 875692 (WebSphere Application Server)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10875692" + }, + { + "refsource" : "XF", + "name" : "ibm-websphere-cve20194080-dos (157380)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157380", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Denial of Service", + "lang" : "eng" + } + ] + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "WebSphere Application Server", + "version" : { + "version_data" : [ + { + "version_value" : "7.0" + }, + { + "version_value" : "8.0" + }, + { + "version_value" : "8.5" + }, + { + "version_value" : "9.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.", + "lang" : "eng" + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4093.json b/2019/4xxx/CVE-2019-4093.json index 2caf6b2b14c..1b16b550cd9 100644 --- a/2019/4xxx/CVE-2019-4093.json +++ b/2019/4xxx/CVE-2019-4093.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4093", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "8.1.7" + } + ] + }, + "product_name" : "Spectrum Protect" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875518", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 0875518 (Spectrum Protect)", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875518" + }, + { + "name" : "ibm-tsm-cve20194093-info-disc (157981)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157981" + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-03-14T00:00:00", + "ID" : "CVE-2019-4093", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981." + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "L", + "PR" : "N", + "AC" : "L", + "S" : "U", + "C" : "L", + "UI" : "N", + "I" : "L", + "SCORE" : "5.100", + "A" : "N" + } + } + }, + "data_format" : "MITRE" +} From d487fd58e352b8d766ff869cff95a1a09223a97b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 14:00:50 +0000 Subject: [PATCH 04/25] "-Synchronized-Data." --- 2018/1xxx/CVE-2018-1618.json | 176 +++++++++++++++--------------- 2018/1xxx/CVE-2018-1622.json | 174 ++++++++++++++--------------- 2018/1xxx/CVE-2018-1623.json | 176 +++++++++++++++--------------- 2018/1xxx/CVE-2018-1625.json | 174 ++++++++++++++--------------- 2018/1xxx/CVE-2018-1626.json | 172 ++++++++++++++--------------- 2018/1xxx/CVE-2018-1640.json | 176 +++++++++++++++--------------- 2018/1xxx/CVE-2018-1680.json | 176 +++++++++++++++--------------- 2018/1xxx/CVE-2018-1874.json | 182 +++++++++++++++---------------- 2018/1xxx/CVE-2018-1906.json | 184 +++++++++++++++---------------- 2018/1xxx/CVE-2018-1917.json | 184 +++++++++++++++---------------- 2018/8xxx/CVE-2018-8786.json | 5 + 2018/8xxx/CVE-2018-8787.json | 5 + 2018/8xxx/CVE-2018-8788.json | 5 + 2019/10xxx/CVE-2019-10691.json | 18 +++ 2019/3xxx/CVE-2019-3876.json | 5 + 2019/4xxx/CVE-2019-4043.json | 180 +++++++++++++++--------------- 2019/4xxx/CVE-2019-4080.json | 194 ++++++++++++++++----------------- 2019/4xxx/CVE-2019-4093.json | 176 +++++++++++++++--------------- 2019/9xxx/CVE-2019-9759.json | 48 +++++++- 19 files changed, 1246 insertions(+), 1164 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10691.json diff --git a/2018/1xxx/CVE-2018-1618.json b/2018/1xxx/CVE-2018-1618.json index 4d71971345d..24cd54a60e9 100644 --- a/2018/1xxx/CVE-2018-1618.json +++ b/2018/1xxx/CVE-2018-1618.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "I" : "N", - "SCORE" : "7.700", - "PR" : "L", - "AC" : "L", - "S" : "C", - "C" : "H", - "UI" : "N", - "AV" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - } - ] - }, - "product_name" : "Security Privileged Identity Manager" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "I": "N", + "SCORE": "7.700", + "PR": "L", + "AC": "L", + "S": "C", + "C": "H", + "UI": "N", + "AV": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1618", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144343", - "name" : "ibm-pim-cve20181618-info-disc (144343)", - "refsource" : "XF" - } - ] - } -} + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.1.1" + } + ] + }, + "product_name": "Security Privileged Identity Manager" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2018-1618", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title": "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144343", + "name": "ibm-pim-cve20181618-info-disc (144343)", + "refsource": "XF" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1622.json b/2018/1xxx/CVE-2018-1622.json index d3414db9e8f..ea45f25f19c 100644 --- a/2018/1xxx/CVE-2018-1622.json +++ b/2018/1xxx/CVE-2018-1622.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Privileged Identity Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144348", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-pim-cve20181622-csrf (144348)" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00", - "ID" : "CVE-2018-1622", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "L", - "SCORE" : "4.300", - "A" : "N", - "AV" : "N", - "S" : "U", - "AC" : "L", - "PR" : "N", - "UI" : "R", - "C" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE" -} + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Privileged Identity Manager", + "version": { + "version_data": [ + { + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title": "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144348", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-pim-cve20181622-csrf (144348)" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00", + "ID": "CVE-2018-1622", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ + { + "value": "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "SCORE": "4.300", + "A": "N", + "AV": "N", + "S": "U", + "AC": "L", + "PR": "N", + "UI": "R", + "C": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1623.json b/2018/1xxx/CVE-2018-1623.json index d51211b6169..bf2ca38722f 100644 --- a/2018/1xxx/CVE-2018-1623.json +++ b/2018/1xxx/CVE-2018-1623.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "L", - "PR" : "N", - "S" : "U", - "AC" : "L", - "C" : "L", - "UI" : "N", - "I" : "N", - "SCORE" : "4.000", - "A" : "N" - } - } - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1623", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144408", - "name" : "ibm-pim-cve20181623-info-disc (144408)", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Privileged Identity Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AV": "L", + "PR": "N", + "S": "U", + "AC": "L", + "C": "L", + "UI": "N", + "I": "N", + "SCORE": "4.000", + "A": "N" } - ] - } - } -} + } + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2018-1623", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00" + }, + "references": { + "reference_data": [ + { + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title": "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144408", + "name": "ibm-pim-cve20181623-info-disc (144408)", + "refsource": "XF" + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Privileged Identity Manager", + "version": { + "version_data": [ + { + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1625.json b/2018/1xxx/CVE-2018-1625.json index fb8e4941ff6..b08c1a99e46 100644 --- a/2018/1xxx/CVE-2018-1625.json +++ b/2018/1xxx/CVE-2018-1625.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "SCORE" : "4.300", - "I" : "N", - "UI" : "N", - "C" : "L", - "AC" : "L", - "S" : "U", - "PR" : "L", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - } - ] - }, - "product_name" : "Security Privileged Identity Manager" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "SCORE": "4.300", + "I": "N", + "UI": "N", + "C": "L", + "AC": "L", + "S": "U", + "PR": "L", + "AV": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.1.1" + } + ] + }, + "product_name": "Security Privileged Identity Manager" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" - }, - { - "refsource" : "XF", - "name" : "ibm-pim-cve20181625-info-disc (144410)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144410", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00", - "ID" : "CVE-2018-1625", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410." - } - ] - }, - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title": "IBM Security Bulletin 879093 (Security Privileged Identity Manager)" + }, + { + "refsource": "XF", + "name": "ibm-pim-cve20181625-info-disc (144410)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144410", + "title": "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00", + "ID": "CVE-2018-1625", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410." + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1626.json b/2018/1xxx/CVE-2018-1626.json index 114a08f1430..c287fbecb41 100644 --- a/2018/1xxx/CVE-2018-1626.json +++ b/2018/1xxx/CVE-2018-1626.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" - }, - { - "refsource" : "XF", - "name" : "ibm-pim-cve20181626-info-disc (144411)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144411", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00", - "ID" : "CVE-2018-1626", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - } - ] - }, - "product_name" : "Security Privileged Identity Manager" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411." } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title": "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "refsource": "XF", + "name": "ibm-pim-cve20181626-info-disc (144411)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144411", + "title": "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00", + "ID": "CVE-2018-1626", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.1.1" + } + ] + }, + "product_name": "Security Privileged Identity Manager" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "I" : "N", - "SCORE" : "3.100", - "AC" : "H", - "S" : "U", - "PR" : "L", - "UI" : "N", - "C" : "L", - "AV" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "I": "N", + "SCORE": "3.100", + "AC": "H", + "S": "U", + "PR": "L", + "UI": "N", + "C": "L", + "AV": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1640.json b/2018/1xxx/CVE-2018-1640.json index 4dbea809925..f38688c99d7 100644 --- a/2018/1xxx/CVE-2018-1640.json +++ b/2018/1xxx/CVE-2018-1640.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "C" : "H", - "S" : "U", - "AC" : "L", - "PR" : "L", - "AV" : "N", - "A" : "H", - "SCORE" : "8.800", - "I" : "H" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - } - ] - }, - "product_name" : "Security Privileged Identity Manager" - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "C": "H", + "S": "U", + "AC": "L", + "PR": "L", + "AV": "N", + "A": "H", + "SCORE": "8.800", + "I": "H" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144580", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-pim-cve20181640-command-exec (144580)" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1640", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE" -} + } + }, + "data_format": "MITRE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.1.1" + } + ] + }, + "product_name": "Security Privileged Identity Manager" + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "title": "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879093" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144580", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-pim-cve20181640-command-exec (144580)" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2018-1640", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00" + }, + "description": { + "description_data": [ + { + "value": "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.", + "lang": "eng" + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1680.json b/2018/1xxx/CVE-2018-1680.json index 0850149b20f..35f99f5db66 100644 --- a/2018/1xxx/CVE-2018-1680.json +++ b/2018/1xxx/CVE-2018-1680.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "UI" : "N", - "PR" : "N", - "S" : "U", - "AC" : "H", - "AV" : "N", - "A" : "N", - "SCORE" : "5.900", - "I" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00", - "ID" : "CVE-2018-1680", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879093", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145236", - "name" : "ibm-sim-cve20181680-info-disc (145236)", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Privileged Identity Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - } - ] - } - } - ] - } + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "C": "H", + "UI": "N", + "PR": "N", + "S": "U", + "AC": "H", + "AV": "N", + "A": "N", + "SCORE": "5.900", + "I": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" } - ] - } - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00", + "ID": "CVE-2018-1680", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 879093 (Security Privileged Identity Manager)", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10879093", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145236", + "name": "ibm-sim-cve20181680-info-disc (145236)", + "refsource": "XF" + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Privileged Identity Manager", + "version": { + "version_data": [ + { + "version_value": "2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1874.json b/2018/1xxx/CVE-2018-1874.json index f201dca5206..c6e9afa9872 100644 --- a/2018/1xxx/CVE-2018-1874.json +++ b/2018/1xxx/CVE-2018-1874.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.8.5" - } - ] - }, - "product_name" : "API Connect" - } - ] - } - } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.8.5" + } + ] + }, + "product_name": "API Connect" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-03-27T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1874" - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10876994", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10876994", - "title" : "IBM Security Bulletin 876994 (API Connect)" - }, - { - "name" : "ibm-api-cve20181874-info-disc (151636)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151636" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "C" : "H", - "AC" : "L", - "S" : "U", - "PR" : "N", - "AV" : "P", - "A" : "N", - "SCORE" : "4.600", - "I" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-03-27T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2018-1874" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10876994", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10876994", + "title": "IBM Security Bulletin 876994 (API Connect)" + }, + { + "name": "ibm-api-cve20181874-info-disc (151636)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151636" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "C": "H", + "AC": "L", + "S": "U", + "PR": "N", + "AV": "P", + "A": "N", + "SCORE": "4.600", + "I": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1906.json b/2018/1xxx/CVE-2018-1906.json index 402bea8746c..daf2f375fd1 100644 --- a/2018/1xxx/CVE-2018-1906.json +++ b/2018/1xxx/CVE-2018-1906.json @@ -1,96 +1,96 @@ { - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1906", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872320", - "title" : "IBM Security Bulletin 872320 (InfoSphere Information Server)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872320" - }, - { - "refsource" : "XF", - "name" : "ibm-infosphere-cve20181906-info-disc (152663)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152663", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - }, - { - "version_value" : "11.5" - }, - { - "version_value" : "11.7" - } - ] - }, - "product_name" : "InfoSphere Information Server" - } - ] - } + "value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.", + "lang": "eng" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2018-1906", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00" + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872320", + "title": "IBM Security Bulletin 872320 (InfoSphere Information Server)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872320" + }, + { + "refsource": "XF", + "name": "ibm-infosphere-cve20181906-info-disc (152663)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152663", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.3" + }, + { + "version_value": "11.5" + }, + { + "version_value": "11.7" + } + ] + }, + "product_name": "InfoSphere Information Server" + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "UI" : "N", - "C" : "L", - "AC" : "L", - "S" : "U", - "PR" : "L", - "SCORE" : "4.300", - "I" : "N", - "A" : "N" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "AV": "N", + "UI": "N", + "C": "L", + "AC": "L", + "S": "U", + "PR": "L", + "SCORE": "4.300", + "I": "N", + "A": "N" + } + } + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1917.json b/2018/1xxx/CVE-2018-1917.json index f565ebf0304..deb3cf95ba0 100644 --- a/2018/1xxx/CVE-2018-1917.json +++ b/2018/1xxx/CVE-2018-1917.json @@ -1,96 +1,96 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - }, - { - "version_value" : "11.5" - }, - { - "version_value" : "11.7" - } - ] - }, - "product_name" : "InfoSphere Information Server" - } - ] - } + "value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.", + "lang": "eng" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.3" + }, + { + "version_value": "11.5" + }, + { + "version_value": "11.7" + } + ] + }, + "product_name": "InfoSphere Information Server" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-29T00:00:00", - "ID" : "CVE-2018-1917", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10872274", - "title" : "IBM Security Bulletin 872274 (InfoSphere Information Server)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10872274" - }, - { - "refsource" : "XF", - "name" : "ibm-infosphere-cve20181917-info-disc (152784)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152784", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AV" : "A", - "PR" : "L", - "AC" : "L", - "S" : "U", - "C" : "L", - "UI" : "N", - "I" : "N", - "SCORE" : "3.500", - "A" : "N" - } - } - }, - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-29T00:00:00", + "ID": "CVE-2018-1917", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872274", + "title": "IBM Security Bulletin 872274 (InfoSphere Information Server)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10872274" + }, + { + "refsource": "XF", + "name": "ibm-infosphere-cve20181917-info-disc (152784)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152784", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "AV": "A", + "PR": "L", + "AC": "L", + "S": "U", + "C": "L", + "UI": "N", + "I": "N", + "SCORE": "3.500", + "A": "N" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8786.json b/2018/8xxx/CVE-2018-8786.json index 04ed6f3f7cf..27057b51abc 100644 --- a/2018/8xxx/CVE-2018-8786.json +++ b/2018/8xxx/CVE-2018-8786.json @@ -77,6 +77,11 @@ "name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", "refsource": "CONFIRM", "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0697", + "url": "https://access.redhat.com/errata/RHSA-2019:0697" } ] } diff --git a/2018/8xxx/CVE-2018-8787.json b/2018/8xxx/CVE-2018-8787.json index 5d6ee9d1cf0..ef3d7e4c29e 100644 --- a/2018/8xxx/CVE-2018-8787.json +++ b/2018/8xxx/CVE-2018-8787.json @@ -77,6 +77,11 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a", "refsource": "CONFIRM", "url": "https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0697", + "url": "https://access.redhat.com/errata/RHSA-2019:0697" } ] } diff --git a/2018/8xxx/CVE-2018-8788.json b/2018/8xxx/CVE-2018-8788.json index 49a1062983a..865267e093e 100644 --- a/2018/8xxx/CVE-2018-8788.json +++ b/2018/8xxx/CVE-2018-8788.json @@ -77,6 +77,11 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659", "refsource": "CONFIRM", "url": "https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0697", + "url": "https://access.redhat.com/errata/RHSA-2019:0697" } ] } diff --git a/2019/10xxx/CVE-2019-10691.json b/2019/10xxx/CVE-2019-10691.json new file mode 100644 index 00000000000..f80399650b2 --- /dev/null +++ b/2019/10xxx/CVE-2019-10691.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10691", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3876.json b/2019/3xxx/CVE-2019-3876.json index d023df6df15..e0b18ee6fc1 100644 --- a/2019/3xxx/CVE-2019-3876.json +++ b/2019/3xxx/CVE-2019-3876.json @@ -48,6 +48,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3876", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3876", "refsource": "CONFIRM" + }, + { + "refsource": "BID", + "name": "107664", + "url": "http://www.securityfocus.com/bid/107664" } ] }, diff --git a/2019/4xxx/CVE-2019-4043.json b/2019/4xxx/CVE-2019-4043.json index 4d36fc48b9e..0ad9eb073a1 100644 --- a/2019/4xxx/CVE-2019-4043.json +++ b/2019/4xxx/CVE-2019-4043.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "PR" : "L", - "AC" : "L", - "S" : "U", - "C" : "H", - "UI" : "N", - "I" : "N", - "SCORE" : "7.100", - "A" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0" - }, - { - "version_value" : "6.0.0.0" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "PR": "L", + "AC": "L", + "S": "U", + "C": "H", + "UI": "N", + "I": "N", + "SCORE": "7.100", + "A": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + } + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.2.0" + }, + { + "version_value": "6.0.0.0" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10874238", - "title" : "IBM Security Bulletin 874238 (Sterling B2B Integrator)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10874238" - }, - { - "name" : "ibm-sterling-cve20194043-xxe (156239)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156239" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4043", - "DATE_PUBLIC" : "2019-03-29T00:00:00", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10874238", + "title": "IBM Security Bulletin 874238 (Sterling B2B Integrator)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10874238" + }, + { + "name": "ibm-sterling-cve20194043-xxe (156239)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156239" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4043", + "DATE_PUBLIC": "2019-03-29T00:00:00", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.", + "lang": "eng" + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4080.json b/2019/4xxx/CVE-2019-4080.json index 52862d34bc9..2aad7930fa9 100644 --- a/2019/4xxx/CVE-2019-4080.json +++ b/2019/4xxx/CVE-2019-4080.json @@ -1,99 +1,99 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "C" : "N", - "UI" : "N", - "PR" : "L", - "AC" : "L", - "S" : "U", - "SCORE" : "6.500", - "I" : "N", - "A" : "H" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4080", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-26T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10875692", - "title" : "IBM Security Bulletin 875692 (WebSphere Application Server)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10875692" - }, - { - "refsource" : "XF", - "name" : "ibm-websphere-cve20194080-dos (157380)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157380", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "C": "N", + "UI": "N", + "PR": "L", + "AC": "L", + "S": "U", + "SCORE": "6.500", + "I": "N", + "A": "H" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4080", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-26T00:00:00" + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10875692", + "title": "IBM Security Bulletin 875692 (WebSphere Application Server)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10875692" + }, + { + "refsource": "XF", + "name": "ibm-websphere-cve20194080-dos (157380)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157380", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4093.json b/2019/4xxx/CVE-2019-4093.json index 1b16b550cd9..f6603880eb3 100644 --- a/2019/4xxx/CVE-2019-4093.json +++ b/2019/4xxx/CVE-2019-4093.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "8.1.7" - } - ] - }, - "product_name" : "Spectrum Protect" - } - ] - } - } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "8.1.7" + } + ] + }, + "product_name": "Spectrum Protect" + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875518", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0875518 (Spectrum Protect)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875518" - }, - { - "name" : "ibm-tsm-cve20194093-info-disc (157981)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157981" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-03-14T00:00:00", - "ID" : "CVE-2019-4093", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981." - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "L", - "PR" : "N", - "AC" : "L", - "S" : "U", - "C" : "L", - "UI" : "N", - "I" : "L", - "SCORE" : "5.100", - "A" : "N" - } - } - }, - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875518", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 0875518 (Spectrum Protect)", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875518" + }, + { + "name": "ibm-tsm-cve20194093-info-disc (157981)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157981" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-03-14T00:00:00", + "ID": "CVE-2019-4093", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981." + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AV": "L", + "PR": "N", + "AC": "L", + "S": "U", + "C": "L", + "UI": "N", + "I": "L", + "SCORE": "5.100", + "A": "N" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9759.json b/2019/9xxx/CVE-2019-9759.json index b8f1a81f8c8..9f75036aede 100644 --- a/2019/9xxx/CVE-2019-9759.json +++ b/2019/9xxx/CVE-2019-9759.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9759", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://expzh.com/TONGDA-OA-SQL-Injection.pdf", + "url": "http://expzh.com/TONGDA-OA-SQL-Injection.pdf" } ] } From 5755146b00afe234c4024bd3821fbe6eb25dee03 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 15:00:47 +0000 Subject: [PATCH 05/25] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18815.json | 5 ++ 2018/20xxx/CVE-2018-20025.json | 5 ++ 2018/20xxx/CVE-2018-20026.json | 5 ++ 2019/1010xxx/CVE-2019-1010260.json | 56 +++++++++++++++++--- 2019/5xxx/CVE-2019-5515.json | 82 +++++++++++++++++++++++++++--- 2019/5xxx/CVE-2019-5524.json | 71 +++++++++++++++++++++++--- 2019/7xxx/CVE-2019-7524.json | 5 ++ 2019/9xxx/CVE-2019-9956.json | 5 ++ 8 files changed, 214 insertions(+), 20 deletions(-) diff --git a/2018/18xxx/CVE-2018-18815.json b/2018/18xxx/CVE-2018-18815.json index 6dc0cdb253e..fa88a024dce 100644 --- a/2018/18xxx/CVE-2018-18815.json +++ b/2018/18xxx/CVE-2018-18815.json @@ -156,6 +156,11 @@ "name": "107346", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107346" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/" } ] }, diff --git a/2018/20xxx/CVE-2018-20025.json b/2018/20xxx/CVE-2018-20025.json index b50833c5eef..6741490da3e 100644 --- a/2018/20xxx/CVE-2018-20025.json +++ b/2018/20xxx/CVE-2018-20025.json @@ -62,6 +62,11 @@ "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04" } ] } diff --git a/2018/20xxx/CVE-2018-20026.json b/2018/20xxx/CVE-2018-20026.json index 1208500ee77..8484c611e89 100644 --- a/2018/20xxx/CVE-2018-20026.json +++ b/2018/20xxx/CVE-2018-20026.json @@ -62,6 +62,11 @@ "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04" } ] } diff --git a/2019/1010xxx/CVE-2019-1010260.json b/2019/1010xxx/CVE-2019-1010260.json index 68b260d16b6..f48fa093ba9 100644 --- a/2019/1010xxx/CVE-2019-1010260.json +++ b/2019/1010xxx/CVE-2019-1010260.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ktlint", + "version": { + "version_data": [ + { + "version_value": "0.29.0 and earlier [fixed: 0.30.0 and later - after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261]" + } + ] + } + } + ] + }, + "vendor_name": "ktlint" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shyiko/ktlint/pull/332", + "refsource": "MISC", + "name": "https://github.com/shyiko/ktlint/pull/332" } ] } diff --git a/2019/5xxx/CVE-2019-5515.json b/2019/5xxx/CVE-2019-5515.json index 7e91c048fc9..9966095eccf 100644 --- a/2019/5xxx/CVE-2019-5515.json +++ b/2019/5xxx/CVE-2019-5515.json @@ -1,17 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5515", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5515", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Workstation and Fusion", + "version": { + "version_data": [ + { + "version_value": "Workstation 15.x before 15.0.3" + }, + { + "version_value": "Workstation 14.x before 14.1.6" + }, + { + "version_value": "Fusion 11.x before 11.0.3" + }, + { + "version_value": "Fusion 10.x before 10.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-306/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-306/" + }, + { + "refsource": "BID", + "name": "107634", + "url": "https://www.securityfocus.com/bid/107634" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", + "url": "https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest." } ] } diff --git a/2019/5xxx/CVE-2019-5524.json b/2019/5xxx/CVE-2019-5524.json index c419c4bfd37..9a1d2257ac9 100644 --- a/2019/5xxx/CVE-2019-5524.json +++ b/2019/5xxx/CVE-2019-5524.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5524", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5524", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Workstation, VMware Fusion", + "version": { + "version_data": [ + { + "version_value": "Workstation (14.x before 14.1.6)" + }, + { + "version_value": "Fusion (10.x before 10.1.6)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", + "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html" + }, + { + "refsource": "BID", + "name": "107635", + "url": "http://www.securityfocus.com/bid/107635" + }, + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host." } ] } diff --git a/2019/7xxx/CVE-2019-7524.json b/2019/7xxx/CVE-2019-7524.json index 0e18ab72dea..27b1d4c29cf 100644 --- a/2019/7xxx/CVE-2019-7524.json +++ b/2019/7xxx/CVE-2019-7524.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-3928-1", "url": "https://usn.ubuntu.com/3928-1/" + }, + { + "refsource": "BID", + "name": "107672", + "url": "http://www.securityfocus.com/bid/107672" } ] }, diff --git a/2019/9xxx/CVE-2019-9956.json b/2019/9xxx/CVE-2019-9956.json index d41db866616..a044f05e466 100644 --- a/2019/9xxx/CVE-2019-9956.json +++ b/2019/9xxx/CVE-2019-9956.json @@ -61,6 +61,11 @@ "refsource": "BID", "name": "107546", "url": "http://www.securityfocus.com/bid/107546" + }, + { + "refsource": "BID", + "name": "107672", + "url": "http://www.securityfocus.com/bid/107672" } ] } From b1d965450267fd52667c0dff4b84685cfc528c13 Mon Sep 17 00:00:00 2001 From: MMaiero Date: Tue, 2 Apr 2019 17:13:32 +0200 Subject: [PATCH 06/25] Update CVE-2017-7649.json The only element affected by this issue is the Kura Installer, not the jar files that compose the Kura distribution. --- 2017/7xxx/CVE-2017-7649.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/2017/7xxx/CVE-2017-7649.json b/2017/7xxx/CVE-2017-7649.json index 1396a06cff2..9c6a56f3a23 100644 --- a/2017/7xxx/CVE-2017-7649.json +++ b/2017/7xxx/CVE-2017-7649.json @@ -12,11 +12,12 @@ "product": { "product_data": [ { - "product_name": "Kura", + "product_name": "Eclipse Kura Installer", "version": { "version_data": [ { - "version_value": "Versions prior to 2.1.0" + "version_affected": "<", + "version_value": "2.1.0" } ] } @@ -65,4 +66,4 @@ } ] } -} \ No newline at end of file +} From da233c3168e3e2d480e2a66fcd0528fd796db67c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 16:00:46 +0000 Subject: [PATCH 07/25] "-Synchronized-Data." --- 2018/3xxx/CVE-2018-3974.json | 58 +++++++++++++++++++++++++++++++----- 2018/4xxx/CVE-2018-4049.json | 58 +++++++++++++++++++++++++++++++----- 2018/4xxx/CVE-2018-4051.json | 58 +++++++++++++++++++++++++++++++----- 2018/4xxx/CVE-2018-4052.json | 58 +++++++++++++++++++++++++++++++----- 2018/4xxx/CVE-2018-4053.json | 58 +++++++++++++++++++++++++++++++----- 2019/6xxx/CVE-2019-6536.json | 5 ++++ 6 files changed, 260 insertions(+), 35 deletions(-) diff --git a/2018/3xxx/CVE-2018-3974.json b/2018/3xxx/CVE-2018-3974.json index 47f532b50e2..f5762e860a2 100644 --- a/2018/3xxx/CVE-2018-3974.json +++ b/2018/3xxx/CVE-2018-3974.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3974", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3974", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.45.61 (Windows 64-bit Installer)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0640", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0640" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges." } ] } diff --git a/2018/4xxx/CVE-2018-4049.json b/2018/4xxx/CVE-2018-4049.json index 77da08a0c10..259c1a07ee8 100644 --- a/2018/4xxx/CVE-2018-4049.json +++ b/2018/4xxx/CVE-2018-4049.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4049", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4049", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.48.36 (Windows 64-bit Installer)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0723", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0723" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's \u201cGames\u201d directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges." } ] } diff --git a/2018/4xxx/CVE-2018-4051.json b/2018/4xxx/CVE-2018-4051.json index 5962d19374b..39415ad0853 100644 --- a/2018/4xxx/CVE-2018-4051.json +++ b/2018/4xxx/CVE-2018-4051.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4051", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4051", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.47 (macOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0725", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0725" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories." } ] } diff --git a/2018/4xxx/CVE-2018-4052.json b/2018/4xxx/CVE-2018-4052.json index 37ffdf1a3ee..e02a3ceb65e 100644 --- a/2018/4xxx/CVE-2018-4052.json +++ b/2018/4xxx/CVE-2018-4052.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4052", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4052", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.47 (macOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0726", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0726" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user." } ] } diff --git a/2018/4xxx/CVE-2018-4053.json b/2018/4xxx/CVE-2018-4053.json index d4854dfeb68..0d6a78d72a4 100644 --- a/2018/4xxx/CVE-2018-4053.json +++ b/2018/4xxx/CVE-2018-4053.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4053", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4053", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.47 (macOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0727", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0727" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable." } ] } diff --git a/2019/6xxx/CVE-2019-6536.json b/2019/6xxx/CVE-2019-6536.json index a8ba41898c9..e5394e53cf8 100644 --- a/2019/6xxx/CVE-2019-6536.json +++ b/2019/6xxx/CVE-2019-6536.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/" } ] }, From 4f55584d8291ae2e821bfe65754145f326586d01 Mon Sep 17 00:00:00 2001 From: swpsirt Date: Tue, 2 Apr 2019 09:58:37 -0700 Subject: [PATCH 08/25] Update CVE-2018-9867.json Updating description to reflect affected products. --- 2018/9xxx/CVE-2018-9867.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2018/9xxx/CVE-2018-9867.json b/2018/9xxx/CVE-2018-9867.json index f778fd3849a..5ea3236b370 100644 --- a/2018/9xxx/CVE-2018-9867.json +++ b/2018/9xxx/CVE-2018-9867.json @@ -77,7 +77,7 @@ "description_data": [ { "lang": "eng", - "value": "In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier." + "value": "In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." } ] }, From 02502b415eab1fd911706f4d6cf6c4765122e07d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 17:00:43 +0000 Subject: [PATCH 09/25] "-Synchronized-Data." --- 2014/9xxx/CVE-2014-9323.json | 5 ++++ 2017/14xxx/CVE-2017-14953.json | 2 +- 2017/3xxx/CVE-2017-3248.json | 5 ++++ 2017/6xxx/CVE-2017-6369.json | 5 ++++ 2018/15xxx/CVE-2018-15180.json | 48 ++++++++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17057.json | 5 ++++ 2019/7xxx/CVE-2019-7440.json | 5 ++++ 2019/7xxx/CVE-2019-7441.json | 5 ++++ 2019/9xxx/CVE-2019-9053.json | 5 ++++ 9 files changed, 82 insertions(+), 3 deletions(-) diff --git a/2014/9xxx/CVE-2014-9323.json b/2014/9xxx/CVE-2014-9323.json index e6ce02d5ff6..f945b99461a 100644 --- a/2014/9xxx/CVE-2014-9323.json +++ b/2014/9xxx/CVE-2014-9323.json @@ -81,6 +81,11 @@ "name": "http://advisories.mageia.org/MGASA-2014-0523.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0523.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3929-1", + "url": "https://usn.ubuntu.com/3929-1/" } ] } diff --git a/2017/14xxx/CVE-2017-14953.json b/2017/14xxx/CVE-2017-14953.json index e83905c94eb..39c4a08dba0 100644 --- a/2017/14xxx/CVE-2017-14953.json +++ b/2017/14xxx/CVE-2017-14953.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication." + "value": "** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product." } ] }, diff --git a/2017/3xxx/CVE-2017-3248.json b/2017/3xxx/CVE-2017-3248.json index 6d1cf40d03c..e8ed6558f62 100644 --- a/2017/3xxx/CVE-2017-3248.json +++ b/2017/3xxx/CVE-2017-3248.json @@ -85,6 +85,11 @@ "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html" } ] } diff --git a/2017/6xxx/CVE-2017-6369.json b/2017/6xxx/CVE-2017-6369.json index 3ff464bd49d..b5cdb779d98 100644 --- a/2017/6xxx/CVE-2017-6369.json +++ b/2017/6xxx/CVE-2017-6369.json @@ -66,6 +66,11 @@ "name": "97070", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97070" + }, + { + "refsource": "UBUNTU", + "name": "USN-3929-1", + "url": "https://usn.ubuntu.com/3929-1/" } ] } diff --git a/2018/15xxx/CVE-2018-15180.json b/2018/15xxx/CVE-2018-15180.json index b7b8b9dfd4c..fad84974bd8 100644 --- a/2018/15xxx/CVE-2018-15180.json +++ b/2018/15xxx/CVE-2018-15180.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15180", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/0B60g8JcPElCCNHd1R2pPNzVGdy1ITjIza1VubWlUekoyNGhR/view", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/0B60g8JcPElCCNHd1R2pPNzVGdy1ITjIza1VubWlUekoyNGhR/view" } ] } diff --git a/2018/17xxx/CVE-2018-17057.json b/2018/17xxx/CVE-2018-17057.json index 7433c0bdd93..741e4f46c2c 100644 --- a/2018/17xxx/CVE-2018-17057.json +++ b/2018/17xxx/CVE-2018-17057.json @@ -76,6 +76,11 @@ "refsource": "EXPLOIT-DB", "name": "46634", "url": "https://www.exploit-db.com/exploits/46634/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html" } ] } diff --git a/2019/7xxx/CVE-2019-7440.json b/2019/7xxx/CVE-2019-7440.json index 1b4b527e437..8311c8ec669 100644 --- a/2019/7xxx/CVE-2019-7440.json +++ b/2019/7xxx/CVE-2019-7440.json @@ -61,6 +61,11 @@ "refsource": "EXPLOIT-DB", "name": "46633", "url": "https://www.exploit-db.com/exploits/46633/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152361/JioFi-4G-M2S-1.0.2-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/152361/JioFi-4G-M2S-1.0.2-Cross-Site-Request-Forgery.html" } ] } diff --git a/2019/7xxx/CVE-2019-7441.json b/2019/7xxx/CVE-2019-7441.json index d36058d052c..37d083a97a9 100644 --- a/2019/7xxx/CVE-2019-7441.json +++ b/2019/7xxx/CVE-2019-7441.json @@ -61,6 +61,11 @@ "refsource": "EXPLOIT-DB", "name": "46632", "url": "https://www.exploit-db.com/exploits/46632/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152362/WordPress-PayPal-Checkout-Payment-Gateway-1.6.8-Parameter-Tampering.html", + "url": "http://packetstormsecurity.com/files/152362/WordPress-PayPal-Checkout-Payment-Gateway-1.6.8-Parameter-Tampering.html" } ] } diff --git a/2019/9xxx/CVE-2019-9053.json b/2019/9xxx/CVE-2019-9053.json index 2d512eb16cd..328511a096d 100644 --- a/2019/9xxx/CVE-2019-9053.json +++ b/2019/9xxx/CVE-2019-9053.json @@ -66,6 +66,11 @@ "refsource": "EXPLOIT-DB", "name": "46635", "url": "https://www.exploit-db.com/exploits/46635/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html" } ] } From 91d596ca3992d0901964b03785593d8ac7b4ffb1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 18:00:52 +0000 Subject: [PATCH 10/25] "-Synchronized-Data." --- 2017/0xxx/CVE-2017-0330.json | 5 + 2017/6xxx/CVE-2017-6274.json | 5 + 2017/6xxx/CVE-2017-6278.json | 5 + 2017/6xxx/CVE-2017-6284.json | 5 + 2017/7xxx/CVE-2017-7649.json | 2 +- 2018/1000xxx/CVE-2018-1000807.json | 5 + 2018/1000xxx/CVE-2018-1000808.json | 5 + 2018/1000xxx/CVE-2018-1000999.json | 61 +-------- 2018/10xxx/CVE-2018-10733.json | 5 + 2018/10xxx/CVE-2018-10916.json | 5 + 2018/11xxx/CVE-2018-11813.json | 5 + 2018/12xxx/CVE-2018-12558.json | 5 + 2018/14xxx/CVE-2018-14498.json | 5 + 2018/18xxx/CVE-2018-18384.json | 5 + 2018/19xxx/CVE-2018-19275.json | 53 +++++++- 2018/19xxx/CVE-2018-19869.json | 5 + 2018/19xxx/CVE-2018-19871.json | 5 + 2018/1xxx/CVE-2018-1152.json | 5 + 2018/3xxx/CVE-2018-3639.json | 5 + 2018/3xxx/CVE-2018-3665.json | 5 + 2018/6xxx/CVE-2018-6267.json | 5 + 2018/6xxx/CVE-2018-6268.json | 5 + 2018/6xxx/CVE-2018-6271.json | 5 + 2018/9xxx/CVE-2018-9867.json | 100 +++++++-------- 2019/10xxx/CVE-2019-10692.json | 67 ++++++++++ 2019/10xxx/CVE-2019-10693.json | 18 +++ 2019/10xxx/CVE-2019-10694.json | 18 +++ 2019/10xxx/CVE-2019-10695.json | 18 +++ 2019/10xxx/CVE-2019-10696.json | 18 +++ 2019/10xxx/CVE-2019-10697.json | 18 +++ 2019/10xxx/CVE-2019-10698.json | 18 +++ 2019/10xxx/CVE-2019-10699.json | 18 +++ 2019/10xxx/CVE-2019-10700.json | 18 +++ 2019/10xxx/CVE-2019-10701.json | 18 +++ 2019/10xxx/CVE-2019-10702.json | 18 +++ 2019/10xxx/CVE-2019-10703.json | 18 +++ 2019/1xxx/CVE-2019-1559.json | 5 + 2019/3xxx/CVE-2019-3816.json | 5 + 2019/3xxx/CVE-2019-3833.json | 5 + 2019/3xxx/CVE-2019-3838.json | 10 ++ 2019/3xxx/CVE-2019-3855.json | 5 + 2019/3xxx/CVE-2019-3856.json | 5 + 2019/3xxx/CVE-2019-3857.json | 5 + 2019/3xxx/CVE-2019-3858.json | 5 + 2019/3xxx/CVE-2019-3859.json | 5 + 2019/3xxx/CVE-2019-3860.json | 5 + 2019/3xxx/CVE-2019-3861.json | 5 + 2019/3xxx/CVE-2019-3862.json | 5 + 2019/3xxx/CVE-2019-3863.json | 5 + 2019/7xxx/CVE-2019-7474.json | 199 ++++++++++++++--------------- 2019/7xxx/CVE-2019-7475.json | 199 ++++++++++++++--------------- 2019/7xxx/CVE-2019-7477.json | 199 ++++++++++++++--------------- 2019/8xxx/CVE-2019-8955.json | 5 + 2019/9xxx/CVE-2019-9208.json | 5 + 2019/9xxx/CVE-2019-9209.json | 5 + 2019/9xxx/CVE-2019-9214.json | 5 + 2019/9xxx/CVE-2019-9894.json | 5 + 2019/9xxx/CVE-2019-9895.json | 5 + 2019/9xxx/CVE-2019-9896.json | 5 + 2019/9xxx/CVE-2019-9897.json | 5 + 2019/9xxx/CVE-2019-9898.json | 5 + 2019/9xxx/CVE-2019-9946.json | 56 +++++++- 62 files changed, 936 insertions(+), 413 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10692.json create mode 100644 2019/10xxx/CVE-2019-10693.json create mode 100644 2019/10xxx/CVE-2019-10694.json create mode 100644 2019/10xxx/CVE-2019-10695.json create mode 100644 2019/10xxx/CVE-2019-10696.json create mode 100644 2019/10xxx/CVE-2019-10697.json create mode 100644 2019/10xxx/CVE-2019-10698.json create mode 100644 2019/10xxx/CVE-2019-10699.json create mode 100644 2019/10xxx/CVE-2019-10700.json create mode 100644 2019/10xxx/CVE-2019-10701.json create mode 100644 2019/10xxx/CVE-2019-10702.json create mode 100644 2019/10xxx/CVE-2019-10703.json diff --git a/2017/0xxx/CVE-2017-0330.json b/2017/0xxx/CVE-2017-0330.json index 11d7aaf16bc..54da985b4c7 100644 --- a/2017/0xxx/CVE-2017-0330.json +++ b/2017/0xxx/CVE-2017-0330.json @@ -66,6 +66,11 @@ "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2017/6xxx/CVE-2017-6274.json b/2017/6xxx/CVE-2017-6274.json index 3691d73cafc..15945464095 100644 --- a/2017/6xxx/CVE-2017-6274.json +++ b/2017/6xxx/CVE-2017-6274.json @@ -57,6 +57,11 @@ "name": "https://source.android.com/security/bulletin/pixel/2017-11-01#announcements", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01#announcements" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2017/6xxx/CVE-2017-6278.json b/2017/6xxx/CVE-2017-6278.json index b67c1a39bfa..040ab22b713 100644 --- a/2017/6xxx/CVE-2017-6278.json +++ b/2017/6xxx/CVE-2017-6278.json @@ -57,6 +57,11 @@ "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4635", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4635" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2017/6xxx/CVE-2017-6284.json b/2017/6xxx/CVE-2017-6284.json index a972d5ab359..0d3f455d7db 100644 --- a/2017/6xxx/CVE-2017-6284.json +++ b/2017/6xxx/CVE-2017-6284.json @@ -57,6 +57,11 @@ "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2017/7xxx/CVE-2017-7649.json b/2017/7xxx/CVE-2017-7649.json index 9c6a56f3a23..d9fbd704e5e 100644 --- a/2017/7xxx/CVE-2017-7649.json +++ b/2017/7xxx/CVE-2017-7649.json @@ -66,4 +66,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000807.json b/2018/1000xxx/CVE-2018-1000807.json index be7050bf2a6..fa3696a63ab 100644 --- a/2018/1000xxx/CVE-2018-1000807.json +++ b/2018/1000xxx/CVE-2018-1000807.json @@ -69,6 +69,11 @@ "name": "USN-3813-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3813-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1104", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000808.json b/2018/1000xxx/CVE-2018-1000808.json index 20ff4b19f3d..99b0aaa7ac9 100644 --- a/2018/1000xxx/CVE-2018-1000808.json +++ b/2018/1000xxx/CVE-2018-1000808.json @@ -69,6 +69,11 @@ "name": "USN-3813-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3813-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1104", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000999.json b/2018/1000xxx/CVE-2018-1000999.json index 9d5a6d4c3fd..1599c5d9e11 100644 --- a/2018/1000xxx/CVE-2018-1000999.json +++ b/2018/1000xxx/CVE-2018-1000999.json @@ -1,64 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_ASSIGNED": "2019-01-22T21:21:10.010936", - "DATE_REQUESTED": "2018-12-20T18:12:12", - "ID": "CVE-2018-1000999", - "REQUESTER": "cve@rapid7.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000999", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Fastnet SA MailCleaner version 2018092601 contains a Command Injection (CWE-78) vulnerability in /admin/managetracing/search/search that can result in an authenticated web application user running commands on the underlying web server as root. This attack appears to be exploitable via Post-authentication access to the web server." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/rapid7/metasploit-framework/pull/11148", - "refsource": "MISC", - "url": "https://github.com/rapid7/metasploit-framework/pull/11148" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: [CVE-2018-20323]. Reason: This candidate is a duplicate of [CVE-2018-20323]. Notes: All CVE users should reference [CVE-2018-20323] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2018/10xxx/CVE-2018-10733.json b/2018/10xxx/CVE-2018-10733.json index 33450a3c2a3..62311732b49 100644 --- a/2018/10xxx/CVE-2018-10733.json +++ b/2018/10xxx/CVE-2018-10733.json @@ -66,6 +66,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1574844", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574844" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1120", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html" } ] } diff --git a/2018/10xxx/CVE-2018-10916.json b/2018/10xxx/CVE-2018-10916.json index 1f0a39eca1d..b92ee4a6c40 100644 --- a/2018/10xxx/CVE-2018-10916.json +++ b/2018/10xxx/CVE-2018-10916.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1059", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00036.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1110", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00010.html" } ] } diff --git a/2018/11xxx/CVE-2018-11813.json b/2018/11xxx/CVE-2018-11813.json index 7b49e173510..64e535e3061 100644 --- a/2018/11xxx/CVE-2018-11813.json +++ b/2018/11xxx/CVE-2018-11813.json @@ -61,6 +61,11 @@ "name": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf", "refsource": "MISC", "url": "https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1118", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" } ] } diff --git a/2018/12xxx/CVE-2018-12558.json b/2018/12xxx/CVE-2018-12558.json index 6fb4a61c673..c45e440abe8 100644 --- a/2018/12xxx/CVE-2018-12558.json +++ b/2018/12xxx/CVE-2018-12558.json @@ -61,6 +61,11 @@ "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1114", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html" } ] } diff --git a/2018/14xxx/CVE-2018-14498.json b/2018/14xxx/CVE-2018-14498.json index bf404f5cb85..32dca8f0c71 100644 --- a/2018/14xxx/CVE-2018-14498.json +++ b/2018/14xxx/CVE-2018-14498.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-87e2fa8e0f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1118", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" } ] } diff --git a/2018/18xxx/CVE-2018-18384.json b/2018/18xxx/CVE-2018-18384.json index f3be7f45ff6..d2766d1973c 100644 --- a/2018/18xxx/CVE-2018-18384.json +++ b/2018/18xxx/CVE-2018-18384.json @@ -61,6 +61,11 @@ "name": "https://sourceforge.net/p/infozip/bugs/53/", "refsource": "MISC", "url": "https://sourceforge.net/p/infozip/bugs/53/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1117", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html" } ] } diff --git a/2018/19xxx/CVE-2018-19275.json b/2018/19xxx/CVE-2018-19275.json index a5b445bf306..2cbf6e5557b 100644 --- a/2018/19xxx/CVE-2018-19275.json +++ b/2018/19xxx/CVE-2018-19275.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19275", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002", + "url": "https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-advisory-19-0002" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf", + "url": "https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-190002001-v10.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19869.json b/2018/19xxx/CVE-2018-19869.json index 9949fca5559..56835e7e11a 100644 --- a/2018/19xxx/CVE-2018-19869.json +++ b/2018/19xxx/CVE-2018-19869.json @@ -61,6 +61,11 @@ "name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", "refsource": "CONFIRM", "url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1116", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html" } ] } diff --git a/2018/19xxx/CVE-2018-19871.json b/2018/19xxx/CVE-2018-19871.json index 2f4f5bdc180..a46663eedf8 100644 --- a/2018/19xxx/CVE-2018-19871.json +++ b/2018/19xxx/CVE-2018-19871.json @@ -61,6 +61,11 @@ "name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", "refsource": "CONFIRM", "url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html" } ] } diff --git a/2018/1xxx/CVE-2018-1152.json b/2018/1xxx/CVE-2018-1152.json index 37b759bde10..ea9d2ea8469 100644 --- a/2018/1xxx/CVE-2018-1152.json +++ b/2018/1xxx/CVE-2018-1152.json @@ -82,6 +82,11 @@ "name": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6", "refsource": "CONFIRM", "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1118", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html" } ] } diff --git a/2018/3xxx/CVE-2018-3639.json b/2018/3xxx/CVE-2018-3639.json index e83cfcafb20..aaae91ee21b 100644 --- a/2018/3xxx/CVE-2018-3639.json +++ b/2018/3xxx/CVE-2018-3639.json @@ -727,6 +727,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2018/3xxx/CVE-2018-3665.json b/2018/3xxx/CVE-2018-3665.json index 14066507b36..fc3d2a74064 100644 --- a/2018/3xxx/CVE-2018-3665.json +++ b/2018/3xxx/CVE-2018-3665.json @@ -152,6 +152,11 @@ "name": "USN-3698-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-2/" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2018/6xxx/CVE-2018-6267.json b/2018/6xxx/CVE-2018-6267.json index 439414a5992..cbfadfbf973 100644 --- a/2018/6xxx/CVE-2018-6267.json +++ b/2018/6xxx/CVE-2018-6267.json @@ -62,6 +62,11 @@ "name": "https://source.android.com/security/bulletin/2019-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2019-02-01" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2018/6xxx/CVE-2018-6268.json b/2018/6xxx/CVE-2018-6268.json index acf6e5de357..39c6a3553a9 100644 --- a/2018/6xxx/CVE-2018-6268.json +++ b/2018/6xxx/CVE-2018-6268.json @@ -62,6 +62,11 @@ "name": "https://source.android.com/security/bulletin/2019-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2019-02-01" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2018/6xxx/CVE-2018-6271.json b/2018/6xxx/CVE-2018-6271.json index c9a1724a5b9..fe020d3dd11 100644 --- a/2018/6xxx/CVE-2018-6271.json +++ b/2018/6xxx/CVE-2018-6271.json @@ -62,6 +62,11 @@ "name": "https://source.android.com/security/bulletin/2019-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2019-02-01" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" } ] } diff --git a/2018/9xxx/CVE-2018-9867.json b/2018/9xxx/CVE-2018-9867.json index 5ea3236b370..8575261ee73 100644 --- a/2018/9xxx/CVE-2018-9867.json +++ b/2018/9xxx/CVE-2018-9867.json @@ -11,58 +11,58 @@ "product": { "product_data": [ { - "product_name" : "SonicOS", - "version" : { - "version_data" : [ - { - "version_value" : "5.9.1.10 and earlier" - }, - { - "version_value" : "6.2.7.3" - }, - { - "version_value" : "6.5.1.3" - }, - { - "version_value" : "6.5.2.2" - }, - { - "version_value" : "6.5.3.1" - }, - { - "version_value" : "6.2.7.8" - }, - { - "version_value" : "6.4.0.0" - }, - { - "version_value" : "6.5.1.8" - }, - { - "version_value" : "6.0.5.3-86o" - } - ] + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_value": "5.9.1.10 and earlier" + }, + { + "version_value": "6.2.7.3" + }, + { + "version_value": "6.5.1.3" + }, + { + "version_value": "6.5.2.2" + }, + { + "version_value": "6.5.3.1" + }, + { + "version_value": "6.2.7.8" + }, + { + "version_value": "6.4.0.0" + }, + { + "version_value": "6.5.1.8" + }, + { + "version_value": "6.0.5.3-86o" + } + ] } - }, - { - "product_name" : "SonicOSv", - "version" : { - "version_data" : [ - { - "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" - }, - { - "version_value" : "6.5.0.2.8v_RC367 (AZURE)" - }, - { - "version_value" : "6.5.0.2.8v_RC368 (AWS)" - }, - { - "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" - } - ] + }, + { + "product_name": "SonicOSv", + "version": { + "version_data": [ + { + "version_value": "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value": "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value": "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value": "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] } - } + } ] }, "vendor_name": "SonicWall" diff --git a/2019/10xxx/CVE-2019-10692.json b/2019/10xxx/CVE-2019-10692.json new file mode 100644 index 00000000000..6e7ece33beb --- /dev/null +++ b/2019/10xxx/CVE-2019-10692.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-google-maps&old=2061433&new_path=%2Fwp-google-maps&new=2061434&sfp_email=&sfph_mail=#file755", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-google-maps&old=2061433&new_path=%2Fwp-google-maps&new=2061434&sfp_email=&sfph_mail=#file755" + }, + { + "url": "https://wordpress.org/plugins/wp-google-maps/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-google-maps/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10693.json b/2019/10xxx/CVE-2019-10693.json new file mode 100644 index 00000000000..cd805f34d61 --- /dev/null +++ b/2019/10xxx/CVE-2019-10693.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10693", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10694.json b/2019/10xxx/CVE-2019-10694.json new file mode 100644 index 00000000000..384810fbafa --- /dev/null +++ b/2019/10xxx/CVE-2019-10694.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10694", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10695.json b/2019/10xxx/CVE-2019-10695.json new file mode 100644 index 00000000000..3eb91580518 --- /dev/null +++ b/2019/10xxx/CVE-2019-10695.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10695", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10696.json b/2019/10xxx/CVE-2019-10696.json new file mode 100644 index 00000000000..7682c30b308 --- /dev/null +++ b/2019/10xxx/CVE-2019-10696.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10696", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10697.json b/2019/10xxx/CVE-2019-10697.json new file mode 100644 index 00000000000..abbb164f096 --- /dev/null +++ b/2019/10xxx/CVE-2019-10697.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10697", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10698.json b/2019/10xxx/CVE-2019-10698.json new file mode 100644 index 00000000000..44049c43ed6 --- /dev/null +++ b/2019/10xxx/CVE-2019-10698.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10698", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10699.json b/2019/10xxx/CVE-2019-10699.json new file mode 100644 index 00000000000..878614e2ad5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10700.json b/2019/10xxx/CVE-2019-10700.json new file mode 100644 index 00000000000..59b384fbd78 --- /dev/null +++ b/2019/10xxx/CVE-2019-10700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10701.json b/2019/10xxx/CVE-2019-10701.json new file mode 100644 index 00000000000..7dd3dff801c --- /dev/null +++ b/2019/10xxx/CVE-2019-10701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10702.json b/2019/10xxx/CVE-2019-10702.json new file mode 100644 index 00000000000..10e522330e5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10702.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10702", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10703.json b/2019/10xxx/CVE-2019-10703.json new file mode 100644 index 00000000000..085a025b507 --- /dev/null +++ b/2019/10xxx/CVE-2019-10703.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10703", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index ba21d529590..69a91074fda 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -126,6 +126,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1076", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" } ] } diff --git a/2019/3xxx/CVE-2019-3816.json b/2019/3xxx/CVE-2019-3816.json index e0de9929830..f53687a44dc 100644 --- a/2019/3xxx/CVE-2019-3816.json +++ b/2019/3xxx/CVE-2019-3816.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-af0cd1b8f7", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1111", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html" } ] } diff --git a/2019/3xxx/CVE-2019-3833.json b/2019/3xxx/CVE-2019-3833.json index 79689d36746..3cd9b4714c8 100644 --- a/2019/3xxx/CVE-2019-3833.json +++ b/2019/3xxx/CVE-2019-3833.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-af0cd1b8f7", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1111", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html" } ] } diff --git a/2019/3xxx/CVE-2019-3838.json b/2019/3xxx/CVE-2019-3838.json index 8eb5788d598..441daa61c37 100644 --- a/2019/3xxx/CVE-2019-3838.json +++ b/2019/3xxx/CVE-2019-3838.json @@ -68,6 +68,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-1a2c059afd", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1119", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1121", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3855.json b/2019/3xxx/CVE-2019-3855.json index 32403d74fa3..865c1720e22 100644 --- a/2019/3xxx/CVE-2019-3855.json +++ b/2019/3xxx/CVE-2019-3855.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3856.json b/2019/3xxx/CVE-2019-3856.json index 876c91e24d5..c122c1d367a 100644 --- a/2019/3xxx/CVE-2019-3856.json +++ b/2019/3xxx/CVE-2019-3856.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3857.json b/2019/3xxx/CVE-2019-3857.json index c8be821c373..6232923532e 100644 --- a/2019/3xxx/CVE-2019-3857.json +++ b/2019/3xxx/CVE-2019-3857.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3858.json b/2019/3xxx/CVE-2019-3858.json index 3c7db23b1c0..7ceecb0bff4 100644 --- a/2019/3xxx/CVE-2019-3858.json +++ b/2019/3xxx/CVE-2019-3858.json @@ -98,6 +98,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3859.json b/2019/3xxx/CVE-2019-3859.json index 2f812eb92fb..4cd1aa3215d 100644 --- a/2019/3xxx/CVE-2019-3859.json +++ b/2019/3xxx/CVE-2019-3859.json @@ -103,6 +103,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1730-2] libssh2 regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3860.json b/2019/3xxx/CVE-2019-3860.json index 98d6907442c..0d342e4fa2c 100644 --- a/2019/3xxx/CVE-2019-3860.json +++ b/2019/3xxx/CVE-2019-3860.json @@ -68,6 +68,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3861.json b/2019/3xxx/CVE-2019-3861.json index e1c1337165b..922d33bfe00 100644 --- a/2019/3xxx/CVE-2019-3861.json +++ b/2019/3xxx/CVE-2019-3861.json @@ -68,6 +68,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index e262c7c6fc6..2b174097b28 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -98,6 +98,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3863.json b/2019/3xxx/CVE-2019-3863.json index db221ee1e55..8e52bdceace 100644 --- a/2019/3xxx/CVE-2019-3863.json +++ b/2019/3xxx/CVE-2019-3863.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1075", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1109", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html" } ] }, diff --git a/2019/7xxx/CVE-2019-7474.json b/2019/7xxx/CVE-2019-7474.json index 8e744c44e17..167287dde90 100644 --- a/2019/7xxx/CVE-2019-7474.json +++ b/2019/7xxx/CVE-2019-7474.json @@ -1,106 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@sonicwall.com", - "ID" : "CVE-2019-7474", - "STATE" : "PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2019-7474", + "STATE": "PUBLIC" }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SonicOS", - "version" : { - "version_data" : [ - { - "version_value" : "5.9.1.10 and earlier" - }, - { - "version_value" : "6.2.7.3" - }, - { - "version_value" : "6.5.1.3" - }, - { - "version_value" : "6.5.2.2" - }, - { - "version_value" : "6.5.3.1" - }, - { - "version_value" : "6.2.7.8" - }, - { - "version_value" : "6.4.0.0" - }, - { - "version_value" : "6.5.1.8" - }, - { - "version_value" : "6.0.5.3-86o" - } - ] - } - }, - { - "product_name" : "SonicOSv", - "version" : { - "version_data" : [ - { - "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" - }, - { - "version_value" : "6.5.0.2.8v_RC367 (AZURE)" - }, - { - "version_value" : "6.5.0.2.8v_RC368 (AWS)" - }, - { - "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" - } - ] - } - } - ] - }, - "vendor_name" : "SonicWall" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ + "affects": { + "vendor": { + "vendor_data": [ { - "lang" : "eng", - "value" : "CWE-248: Uncaught Exception" + "product": { + "product_data": [ + { + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_value": "5.9.1.10 and earlier" + }, + { + "version_value": "6.2.7.3" + }, + { + "version_value": "6.5.1.3" + }, + { + "version_value": "6.5.2.2" + }, + { + "version_value": "6.5.3.1" + }, + { + "version_value": "6.2.7.8" + }, + { + "version_value": "6.4.0.0" + }, + { + "version_value": "6.5.1.8" + }, + { + "version_value": "6.0.5.3-86o" + } + ] + } + }, + { + "product_name": "SonicOSv", + "version": { + "version_data": [ + { + "version_value": "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value": "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value": "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value": "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" } - ] - } - ] + ] + } }, - "references" : { - "reference_data" : [ - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001" - } - ] + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0001" + } + ] } - } - \ No newline at end of file +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7475.json b/2019/7xxx/CVE-2019-7475.json index c6ebe085e99..783a8b61b36 100644 --- a/2019/7xxx/CVE-2019-7475.json +++ b/2019/7xxx/CVE-2019-7475.json @@ -1,106 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@sonicwall.com", - "ID" : "CVE-2019-7475", - "STATE" : "PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2019-7475", + "STATE": "PUBLIC" }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SonicOS", - "version" : { - "version_data" : [ - { - "version_value" : "5.9.1.10 and earlier" - }, - { - "version_value" : "6.2.7.3" - }, - { - "version_value" : "6.5.1.3" - }, - { - "version_value" : "6.5.2.2" - }, - { - "version_value" : "6.5.3.1" - }, - { - "version_value" : "6.2.7.8" - }, - { - "version_value" : "6.4.0.0" - }, - { - "version_value" : "6.5.1.8" - }, - { - "version_value" : "6.0.5.3-86o" - } - ] - } - }, - { - "product_name" : "SonicOSv", - "version" : { - "version_data" : [ - { - "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" - }, - { - "version_value" : "6.5.0.2.8v_RC367 (AZURE)" - }, - { - "version_value" : "6.5.0.2.8v_RC368 (AWS)" - }, - { - "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" - } - ] - } - } - ] - }, - "vendor_name" : "SonicWall" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ + "affects": { + "vendor": { + "vendor_data": [ { - "lang" : "eng", - "value" : "CWE-284: Improper Access Control" + "product": { + "product_data": [ + { + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_value": "5.9.1.10 and earlier" + }, + { + "version_value": "6.2.7.3" + }, + { + "version_value": "6.5.1.3" + }, + { + "version_value": "6.5.2.2" + }, + { + "version_value": "6.5.3.1" + }, + { + "version_value": "6.2.7.8" + }, + { + "version_value": "6.4.0.0" + }, + { + "version_value": "6.5.1.8" + }, + { + "version_value": "6.0.5.3-86o" + } + ] + } + }, + { + "product_name": "SonicOSv", + "version": { + "version_data": [ + { + "version_value": "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value": "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value": "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value": "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" } - ] - } - ] + ] + } }, - "references" : { - "reference_data" : [ - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002" - } - ] + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0002" + } + ] } - } - \ No newline at end of file +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7477.json b/2019/7xxx/CVE-2019-7477.json index 416de268d18..07020688017 100644 --- a/2019/7xxx/CVE-2019-7477.json +++ b/2019/7xxx/CVE-2019-7477.json @@ -1,106 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@sonicwall.com", - "ID" : "CVE-2019-7477", - "STATE" : "PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2019-7477", + "STATE": "PUBLIC" }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SonicOS", - "version" : { - "version_data" : [ - { - "version_value" : "5.9.1.10 and earlier" - }, - { - "version_value" : "6.2.7.3" - }, - { - "version_value" : "6.5.1.3" - }, - { - "version_value" : "6.5.2.2" - }, - { - "version_value" : "6.5.3.1" - }, - { - "version_value" : "6.2.7.8" - }, - { - "version_value" : "6.4.0.0" - }, - { - "version_value" : "6.5.1.8" - }, - { - "version_value" : "6.0.5.3-86o" - } - ] - } - }, - { - "product_name" : "SonicOSv", - "version" : { - "version_data" : [ - { - "version_value" : "6.5.0.2-8v_RC363 (VMWARE)" - }, - { - "version_value" : "6.5.0.2.8v_RC367 (AZURE)" - }, - { - "version_value" : "6.5.0.2.8v_RC368 (AWS)" - }, - { - "version_value" : "6.5.0.2.8v_RC366 (HYPER_V)" - } - ] - } - } - ] - }, - "vendor_name" : "SonicWall" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ + "affects": { + "vendor": { + "vendor_data": [ { - "lang" : "eng", - "value" : "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + "product": { + "product_data": [ + { + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_value": "5.9.1.10 and earlier" + }, + { + "version_value": "6.2.7.3" + }, + { + "version_value": "6.5.1.3" + }, + { + "version_value": "6.5.2.2" + }, + { + "version_value": "6.5.3.1" + }, + { + "version_value": "6.2.7.8" + }, + { + "version_value": "6.4.0.0" + }, + { + "version_value": "6.5.1.8" + }, + { + "version_value": "6.0.5.3-86o" + } + ] + } + }, + { + "product_name": "SonicOSv", + "version": { + "version_data": [ + { + "version_value": "6.5.0.2-8v_RC363 (VMWARE)" + }, + { + "version_value": "6.5.0.2.8v_RC367 (AZURE)" + }, + { + "version_value": "6.5.0.2.8v_RC368 (AWS)" + }, + { + "version_value": "6.5.0.2.8v_RC366 (HYPER_V)" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" } - ] - } - ] + ] + } }, - "references" : { - "reference_data" : [ - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003" - } - ] + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003" + } + ] } - } - \ No newline at end of file +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8955.json b/2019/8xxx/CVE-2019-8955.json index 7e0bc7596aa..acbb455ef20 100644 --- a/2019/8xxx/CVE-2019-8955.json +++ b/2019/8xxx/CVE-2019-8955.json @@ -66,6 +66,11 @@ "name": "https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312", "refsource": "MISC", "url": "https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1107", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00013.html" } ] } diff --git a/2019/9xxx/CVE-2019-9208.json b/2019/9xxx/CVE-2019-9208.json index b5db164973e..fd02e8e4f5a 100644 --- a/2019/9xxx/CVE-2019-9208.json +++ b/2019/9xxx/CVE-2019-9208.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", "url": "https://seclists.org/bugtraq/2019/Mar/35" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1108", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" } ] } diff --git a/2019/9xxx/CVE-2019-9209.json b/2019/9xxx/CVE-2019-9209.json index 93c7f3d2594..3c59f82ccc4 100644 --- a/2019/9xxx/CVE-2019-9209.json +++ b/2019/9xxx/CVE-2019-9209.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1729-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1108", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" } ] } diff --git a/2019/9xxx/CVE-2019-9214.json b/2019/9xxx/CVE-2019-9214.json index 395292a1cba..f8558ff041d 100644 --- a/2019/9xxx/CVE-2019-9214.json +++ b/2019/9xxx/CVE-2019-9214.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", "url": "https://seclists.org/bugtraq/2019/Mar/35" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1108", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html" } ] } diff --git a/2019/9xxx/CVE-2019-9894.json b/2019/9xxx/CVE-2019-9894.json index a957118463e..b6f9e42fb67 100644 --- a/2019/9xxx/CVE-2019-9894.json +++ b/2019/9xxx/CVE-2019-9894.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-9e1a1cd634", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" } ] } diff --git a/2019/9xxx/CVE-2019-9895.json b/2019/9xxx/CVE-2019-9895.json index 418cb759054..ceb3b8dcb24 100644 --- a/2019/9xxx/CVE-2019-9895.json +++ b/2019/9xxx/CVE-2019-9895.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-9e1a1cd634", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" } ] } diff --git a/2019/9xxx/CVE-2019-9896.json b/2019/9xxx/CVE-2019-9896.json index 9e09959dc4c..19089794a11 100644 --- a/2019/9xxx/CVE-2019-9896.json +++ b/2019/9xxx/CVE-2019-9896.json @@ -56,6 +56,11 @@ "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "refsource": "MISC", "name": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" } ] } diff --git a/2019/9xxx/CVE-2019-9897.json b/2019/9xxx/CVE-2019-9897.json index e988bef91c8..753b4088651 100644 --- a/2019/9xxx/CVE-2019-9897.json +++ b/2019/9xxx/CVE-2019-9897.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-9e1a1cd634", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" } ] } diff --git a/2019/9xxx/CVE-2019-9898.json b/2019/9xxx/CVE-2019-9898.json index 13b505ba83f..683998d8f1f 100644 --- a/2019/9xxx/CVE-2019-9898.json +++ b/2019/9xxx/CVE-2019-9898.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190401-0002/", "url": "https://security.netapp.com/advisory/ntap-20190401-0002/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" } ] } diff --git a/2019/9xxx/CVE-2019-9946.json b/2019/9xxx/CVE-2019-9946.json index d6447b905de..fe137e5a6ce 100644 --- a/2019/9xxx/CVE-2019-9946.json +++ b/2019/9xxx/CVE-2019-9946.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9946", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9946", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272", + "url": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272" } ] } From 5f8259ba55bf36001b845fe06de42dfd7fca1891 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 19:00:53 +0000 Subject: [PATCH 11/25] "-Synchronized-Data." --- 2018/12xxx/CVE-2018-12679.json | 48 ++++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10704.json | 18 ++++++++++ 2019/10xxx/CVE-2019-10705.json | 18 ++++++++++ 2019/10xxx/CVE-2019-10706.json | 18 ++++++++++ 2019/10xxx/CVE-2019-10707.json | 62 ++++++++++++++++++++++++++++++++++ 2019/10xxx/CVE-2019-10708.json | 62 ++++++++++++++++++++++++++++++++++ 6 files changed, 224 insertions(+), 2 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10704.json create mode 100644 2019/10xxx/CVE-2019-10705.json create mode 100644 2019/10xxx/CVE-2019-10706.json create mode 100644 2019/10xxx/CVE-2019-10707.json create mode 100644 2019/10xxx/CVE-2019-10708.json diff --git a/2018/12xxx/CVE-2018-12679.json b/2018/12xxx/CVE-2018-12679.json index 0368cd58a88..97e4961e896 100644 --- a/2018/12xxx/CVE-2018-12679.json +++ b/2018/12xxx/CVE-2018-12679.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12679", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Tanganelli/CoAPthon3/issues/16", + "refsource": "MISC", + "name": "https://github.com/Tanganelli/CoAPthon3/issues/16" } ] } diff --git a/2019/10xxx/CVE-2019-10704.json b/2019/10xxx/CVE-2019-10704.json new file mode 100644 index 00000000000..690eb406e6b --- /dev/null +++ b/2019/10xxx/CVE-2019-10704.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10704", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10705.json b/2019/10xxx/CVE-2019-10705.json new file mode 100644 index 00000000000..5fd4e43f7e0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10705.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10705", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10706.json b/2019/10xxx/CVE-2019-10706.json new file mode 100644 index 00000000000..a5e78bacc06 --- /dev/null +++ b/2019/10xxx/CVE-2019-10706.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10706", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10707.json b/2019/10xxx/CVE-2019-10707.json new file mode 100644 index 00000000000..e6ac04bf586 --- /dev/null +++ b/2019/10xxx/CVE-2019-10707.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MKCMS V5.0 has SQL injection via the bplay.php play parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/181/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/181/" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10708.json b/2019/10xxx/CVE-2019-10708.json new file mode 100644 index 00000000000..e8073e49f0c --- /dev/null +++ b/2019/10xxx/CVE-2019-10708.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.iwantacve.cn/index.php/archives/185/", + "refsource": "MISC", + "name": "http://www.iwantacve.cn/index.php/archives/185/" + } + ] + } +} \ No newline at end of file From 6b825fbe45e6124e31466c3f98fa28c7424d45ec Mon Sep 17 00:00:00 2001 From: Anthony Singleton Date: Tue, 2 Apr 2019 15:11:51 -0400 Subject: [PATCH 12/25] returned CVE ids from year 2017. --- 2017/2xxx/CVE-2017-2676.json | 19 +------------------ 2017/2xxx/CVE-2017-2677.json | 19 +------------------ 2017/2xxx/CVE-2017-2678.json | 19 +------------------ 2017/2xxx/CVE-2017-2679.json | 19 +------------------ 4 files changed, 4 insertions(+), 72 deletions(-) mode change 100644 => 100755 2017/2xxx/CVE-2017-2676.json mode change 100644 => 100755 2017/2xxx/CVE-2017-2677.json mode change 100644 => 100755 2017/2xxx/CVE-2017-2678.json mode change 100644 => 100755 2017/2xxx/CVE-2017-2679.json diff --git a/2017/2xxx/CVE-2017-2676.json b/2017/2xxx/CVE-2017-2676.json old mode 100644 new mode 100755 index 663ef9c0d2d..15ce2229cea --- a/2017/2xxx/CVE-2017-2676.json +++ b/2017/2xxx/CVE-2017-2676.json @@ -1,18 +1 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2676", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2676", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2677.json b/2017/2xxx/CVE-2017-2677.json old mode 100644 new mode 100755 index bac484d4cfa..6022ebd84fb --- a/2017/2xxx/CVE-2017-2677.json +++ b/2017/2xxx/CVE-2017-2677.json @@ -1,18 +1 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2677", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2677", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2678.json b/2017/2xxx/CVE-2017-2678.json old mode 100644 new mode 100755 index 1aba64c67e1..c1b07813a5d --- a/2017/2xxx/CVE-2017-2678.json +++ b/2017/2xxx/CVE-2017-2678.json @@ -1,18 +1 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2678", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2678", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2679.json b/2017/2xxx/CVE-2017-2679.json old mode 100644 new mode 100755 index d84506dfffd..360d9101f92 --- a/2017/2xxx/CVE-2017-2679.json +++ b/2017/2xxx/CVE-2017-2679.json @@ -1,18 +1 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-2679", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2679", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file From 3c17b2bd8c597a0f69888fa5cfea051797a28a81 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 20:00:50 +0000 Subject: [PATCH 13/25] "-Synchronized-Data." --- 2017/2xxx/CVE-2017-2676.json | 19 ++++++++++- 2017/2xxx/CVE-2017-2677.json | 19 ++++++++++- 2017/2xxx/CVE-2017-2678.json | 19 ++++++++++- 2017/2xxx/CVE-2017-2679.json | 19 ++++++++++- 2017/6xxx/CVE-2017-6047.json | 58 ++++++++++++++++++++++++++++++---- 2017/6xxx/CVE-2017-6049.json | 58 ++++++++++++++++++++++++++++++---- 2018/12xxx/CVE-2018-12680.json | 48 ++++++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10709.json | 18 +++++++++++ 2019/10xxx/CVE-2019-10710.json | 18 +++++++++++ 2019/10xxx/CVE-2019-10711.json | 18 +++++++++++ 2019/10xxx/CVE-2019-10712.json | 18 +++++++++++ 2019/10xxx/CVE-2019-10713.json | 18 +++++++++++ 2019/6xxx/CVE-2019-6531.json | 58 ++++++++++++++++++++++++++++++---- 13 files changed, 361 insertions(+), 27 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10709.json create mode 100644 2019/10xxx/CVE-2019-10710.json create mode 100644 2019/10xxx/CVE-2019-10711.json create mode 100644 2019/10xxx/CVE-2019-10712.json create mode 100644 2019/10xxx/CVE-2019-10713.json diff --git a/2017/2xxx/CVE-2017-2676.json b/2017/2xxx/CVE-2017-2676.json index 15ce2229cea..b963731ee8b 100755 --- a/2017/2xxx/CVE-2017-2676.json +++ b/2017/2xxx/CVE-2017-2676.json @@ -1 +1,18 @@ -{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2676", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2676", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2677.json b/2017/2xxx/CVE-2017-2677.json index 6022ebd84fb..ce7cfd04afc 100755 --- a/2017/2xxx/CVE-2017-2677.json +++ b/2017/2xxx/CVE-2017-2677.json @@ -1 +1,18 @@ -{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2677", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2677", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2678.json b/2017/2xxx/CVE-2017-2678.json index c1b07813a5d..8f51e405cae 100755 --- a/2017/2xxx/CVE-2017-2678.json +++ b/2017/2xxx/CVE-2017-2678.json @@ -1 +1,18 @@ -{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2678", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2678", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2679.json b/2017/2xxx/CVE-2017-2679.json index 360d9101f92..02badf7336c 100755 --- a/2017/2xxx/CVE-2017-2679.json +++ b/2017/2xxx/CVE-2017-2679.json @@ -1 +1,18 @@ -{"data_version": "4.0", "CVE_data_meta": {"STATE": "REJECT", "ID": "CVE-2017-2679", "ASSIGNER": "cve@mitre.org"}, "data_format": "MITRE", "data_type": "CVE", "description": {"description_data": [{"lang": "eng", "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."}]}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6047.json b/2017/6xxx/CVE-2017-6047.json index cdbec694b91..8ada1ef38cd 100644 --- a/2017/6xxx/CVE-2017-6047.json +++ b/2017/6xxx/CVE-2017-6047.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-6047", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6047", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Detcon", + "product": { + "product_data": [ + { + "product_name": "Sitewatch Gateway", + "version": { + "version_data": [ + { + "version_value": "All versions affected except cellular versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHENTICATION CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication." } ] } diff --git a/2017/6xxx/CVE-2017-6049.json b/2017/6xxx/CVE-2017-6049.json index 6fcf1562dad..243938cb0f5 100644 --- a/2017/6xxx/CVE-2017-6049.json +++ b/2017/6xxx/CVE-2017-6049.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-6049", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6049", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Detcon", + "product": { + "product_data": [ + { + "product_name": "Sitewatch Gateway", + "version": { + "version_data": [ + { + "version_value": "All versions affected except cellular versions." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PLAINTEXT STORAGE OF A PASSWORD CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL." } ] } diff --git a/2018/12xxx/CVE-2018-12680.json b/2018/12xxx/CVE-2018-12680.json index cd9ffbb1c15..d69fb558a38 100644 --- a/2018/12xxx/CVE-2018-12680.json +++ b/2018/12xxx/CVE-2018-12680.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12680", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Tanganelli/CoAPthon/issues/135", + "refsource": "MISC", + "name": "https://github.com/Tanganelli/CoAPthon/issues/135" } ] } diff --git a/2019/10xxx/CVE-2019-10709.json b/2019/10xxx/CVE-2019-10709.json new file mode 100644 index 00000000000..8fd84c368ac --- /dev/null +++ b/2019/10xxx/CVE-2019-10709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10710.json b/2019/10xxx/CVE-2019-10710.json new file mode 100644 index 00000000000..86262731a4b --- /dev/null +++ b/2019/10xxx/CVE-2019-10710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10711.json b/2019/10xxx/CVE-2019-10711.json new file mode 100644 index 00000000000..d442c211239 --- /dev/null +++ b/2019/10xxx/CVE-2019-10711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10712.json b/2019/10xxx/CVE-2019-10712.json new file mode 100644 index 00000000000..c46ad2383df --- /dev/null +++ b/2019/10xxx/CVE-2019-10712.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10712", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10713.json b/2019/10xxx/CVE-2019-10713.json new file mode 100644 index 00000000000..0bf7192a52a --- /dev/null +++ b/2019/10xxx/CVE-2019-10713.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10713", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6531.json b/2019/6xxx/CVE-2019-6531.json index 56c504a1404..d6fc35a6099 100644 --- a/2019/6xxx/CVE-2019-6531.json +++ b/2019/6xxx/CVE-2019-6531.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6531", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6531", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kunbus", + "product": { + "product_data": [ + { + "product_name": "PR100088 Modbus gateway", + "version": { + "version_data": [ + { + "version_value": "All versions prior to Release R02 (or Software Version 1.1.13166)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INFORMATION EXPOSURE THROUGH QUERY STRINGS IN GET REQUEST CWE-598" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position." } ] } From a9031a5eed7a9524fd0b035bc568b5db24fa4715 Mon Sep 17 00:00:00 2001 From: Anthony Singleton Date: Tue, 2 Apr 2019 16:27:57 -0400 Subject: [PATCH 14/25] returned CVE ids from year 2017. --- 2017/2xxx/CVE-2017-2676.json | 34 +++++++++++++++++----------------- 2017/2xxx/CVE-2017-2677.json | 34 +++++++++++++++++----------------- 2017/2xxx/CVE-2017-2678.json | 34 +++++++++++++++++----------------- 2017/2xxx/CVE-2017-2679.json | 34 +++++++++++++++++----------------- 4 files changed, 68 insertions(+), 68 deletions(-) diff --git a/2017/2xxx/CVE-2017-2676.json b/2017/2xxx/CVE-2017-2676.json index b963731ee8b..d583b539362 100755 --- a/2017/2xxx/CVE-2017-2676.json +++ b/2017/2xxx/CVE-2017-2676.json @@ -1,18 +1,18 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-2676", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } +{ + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "REJECT", + "ID": "CVE-2017-2676", + "ASSIGNER": "cve@mitre.org" + }, + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } } \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2677.json b/2017/2xxx/CVE-2017-2677.json index ce7cfd04afc..c887013a4d3 100755 --- a/2017/2xxx/CVE-2017-2677.json +++ b/2017/2xxx/CVE-2017-2677.json @@ -1,18 +1,18 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-2677", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } +{ + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "REJECT", + "ID": "CVE-2017-2677", + "ASSIGNER": "cve@mitre.org" + }, + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } } \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2678.json b/2017/2xxx/CVE-2017-2678.json index 8f51e405cae..bb30039bb09 100755 --- a/2017/2xxx/CVE-2017-2678.json +++ b/2017/2xxx/CVE-2017-2678.json @@ -1,18 +1,18 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-2678", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } +{ + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "REJECT", + "ID": "CVE-2017-2678", + "ASSIGNER": "cve@mitre.org" + }, + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } } \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2679.json b/2017/2xxx/CVE-2017-2679.json index 02badf7336c..73238be8024 100755 --- a/2017/2xxx/CVE-2017-2679.json +++ b/2017/2xxx/CVE-2017-2679.json @@ -1,18 +1,18 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-2679", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } +{ + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "REJECT", + "ID": "CVE-2017-2679", + "ASSIGNER": "cve@mitre.org" + }, + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } } \ No newline at end of file From 9b46bef004782f4d7ac8a0841b6f864b33359a77 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 21:00:57 +0000 Subject: [PATCH 15/25] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10714.json | 77 ++++++++++++++++++++++++++++++++++ 2019/10xxx/CVE-2019-10715.json | 18 ++++++++ 2019/10xxx/CVE-2019-10716.json | 18 ++++++++ 2019/9xxx/CVE-2019-9894.json | 5 +++ 2019/9xxx/CVE-2019-9895.json | 5 +++ 2019/9xxx/CVE-2019-9896.json | 5 +++ 2019/9xxx/CVE-2019-9897.json | 5 +++ 2019/9xxx/CVE-2019-9898.json | 5 +++ 8 files changed, 138 insertions(+) create mode 100644 2019/10xxx/CVE-2019-10714.json create mode 100644 2019/10xxx/CVE-2019-10715.json create mode 100644 2019/10xxx/CVE-2019-10716.json diff --git a/2019/10xxx/CVE-2019-10714.json b/2019/10xxx/CVE-2019-10714.json new file mode 100644 index 00000000000..3c97e8586c9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10714.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c" + }, + { + "url": "https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a" + }, + { + "url": "https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36" + }, + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1495", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1495" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10715.json b/2019/10xxx/CVE-2019-10715.json new file mode 100644 index 00000000000..48127af440c --- /dev/null +++ b/2019/10xxx/CVE-2019-10715.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10715", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10716.json b/2019/10xxx/CVE-2019-10716.json new file mode 100644 index 00000000000..c9563a1e728 --- /dev/null +++ b/2019/10xxx/CVE-2019-10716.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10716", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9894.json b/2019/9xxx/CVE-2019-9894.json index b6f9e42fb67..a50640440b6 100644 --- a/2019/9xxx/CVE-2019-9894.json +++ b/2019/9xxx/CVE-2019-9894.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1113", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1123", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9895.json b/2019/9xxx/CVE-2019-9895.json index ceb3b8dcb24..95c033838df 100644 --- a/2019/9xxx/CVE-2019-9895.json +++ b/2019/9xxx/CVE-2019-9895.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1113", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1123", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9896.json b/2019/9xxx/CVE-2019-9896.json index 19089794a11..7991284d746 100644 --- a/2019/9xxx/CVE-2019-9896.json +++ b/2019/9xxx/CVE-2019-9896.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1113", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1123", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9897.json b/2019/9xxx/CVE-2019-9897.json index 753b4088651..8fe44465e59 100644 --- a/2019/9xxx/CVE-2019-9897.json +++ b/2019/9xxx/CVE-2019-9897.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1113", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1123", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9898.json b/2019/9xxx/CVE-2019-9898.json index 683998d8f1f..1370a1db6a7 100644 --- a/2019/9xxx/CVE-2019-9898.json +++ b/2019/9xxx/CVE-2019-9898.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1113", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1123", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html" } ] } From de9da87cf8ad8d3ae966bda3765dd2caf485a6bf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2019 22:00:46 +0000 Subject: [PATCH 16/25] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18035.json | 48 ++++++++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10717.json | 18 ++++++++++++ 2019/10xxx/CVE-2019-10718.json | 18 ++++++++++++ 2019/10xxx/CVE-2019-10719.json | 18 ++++++++++++ 2019/10xxx/CVE-2019-10720.json | 18 ++++++++++++ 2019/10xxx/CVE-2019-10721.json | 18 ++++++++++++ 2019/6xxx/CVE-2019-6506.json | 53 ++++++++++++++++++++++++++++++++-- 7 files changed, 187 insertions(+), 4 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10717.json create mode 100644 2019/10xxx/CVE-2019-10718.json create mode 100644 2019/10xxx/CVE-2019-10719.json create mode 100644 2019/10xxx/CVE-2019-10720.json create mode 100644 2019/10xxx/CVE-2019-10721.json diff --git a/2018/18xxx/CVE-2018-18035.json b/2018/18xxx/CVE-2018-18035.json index 528b16682b2..8e1cab83c28 100644 --- a/2018/18xxx/CVE-2018-18035.json +++ b/2018/18xxx/CVE-2018-18035.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18035", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", + "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" } ] } diff --git a/2019/10xxx/CVE-2019-10717.json b/2019/10xxx/CVE-2019-10717.json new file mode 100644 index 00000000000..6cb108fcda9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10717.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10717", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10718.json b/2019/10xxx/CVE-2019-10718.json new file mode 100644 index 00000000000..2247ce79643 --- /dev/null +++ b/2019/10xxx/CVE-2019-10718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10719.json b/2019/10xxx/CVE-2019-10719.json new file mode 100644 index 00000000000..5bfcf979aa9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10720.json b/2019/10xxx/CVE-2019-10720.json new file mode 100644 index 00000000000..6d98449721e --- /dev/null +++ b/2019/10xxx/CVE-2019-10720.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10720", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10721.json b/2019/10xxx/CVE-2019-10721.json new file mode 100644 index 00000000000..46b8ab3fbc5 --- /dev/null +++ b/2019/10xxx/CVE-2019-10721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6506.json b/2019/6xxx/CVE-2019-6506.json index d4b1f4539a4..a0a3c6c2987 100644 --- a/2019/6xxx/CVE-2019-6506.json +++ b/2019/6xxx/CVE-2019-6506.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6506", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SalesAgility SuiteCRM 7.11.0 allows SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.suitecrm.com/admin/releases/7.11.x/", + "url": "https://docs.suitecrm.com/admin/releases/7.11.x/" + }, + { + "refsource": "CONFIRM", + "name": "https://suitecrm.com/suitecrm-7-11-3-lts-security-maintenance-patch-released/", + "url": "https://suitecrm.com/suitecrm-7-11-3-lts-security-maintenance-patch-released/" } ] } From 04898d603cb739572dec6e207a123c5cc8237a6c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 01:00:44 +0000 Subject: [PATCH 17/25] "-Synchronized-Data." --- 2017/1000xxx/CVE-2017-1000410.json | 5 +++++ 2017/18xxx/CVE-2017-18249.json | 10 +++++++++ 2017/18xxx/CVE-2017-18360.json | 5 +++++ 2018/12xxx/CVE-2018-12545.json | 10 +++++++++ 2018/13xxx/CVE-2018-13097.json | 10 +++++++++ 2018/13xxx/CVE-2018-13099.json | 10 +++++++++ 2018/13xxx/CVE-2018-13100.json | 10 +++++++++ 2018/14xxx/CVE-2018-14610.json | 10 +++++++++ 2018/14xxx/CVE-2018-14611.json | 10 +++++++++ 2018/14xxx/CVE-2018-14612.json | 10 +++++++++ 2018/14xxx/CVE-2018-14613.json | 10 +++++++++ 2018/14xxx/CVE-2018-14614.json | 10 +++++++++ 2018/14xxx/CVE-2018-14616.json | 10 +++++++++ 2018/14xxx/CVE-2018-14678.json | 10 +++++++++ 2018/16xxx/CVE-2018-16884.json | 10 +++++++++ 2018/18xxx/CVE-2018-18021.json | 10 +++++++++ 2018/19xxx/CVE-2018-19824.json | 25 +++++++++++++++++++++ 2018/9xxx/CVE-2018-9517.json | 10 +++++++++ 2019/3xxx/CVE-2019-3701.json | 10 +++++++++ 2019/3xxx/CVE-2019-3819.json | 10 +++++++++ 2019/6xxx/CVE-2019-6974.json | 35 ++++++++++++++++++++++++++++++ 2019/7xxx/CVE-2019-7221.json | 30 +++++++++++++++++++++++++ 2019/7xxx/CVE-2019-7222.json | 35 ++++++++++++++++++++++++++++++ 2019/7xxx/CVE-2019-7308.json | 20 +++++++++++++++++ 2019/8xxx/CVE-2019-8912.json | 20 +++++++++++++++++ 2019/8xxx/CVE-2019-8956.json | 10 +++++++++ 2019/8xxx/CVE-2019-8980.json | 20 +++++++++++++++++ 2019/9xxx/CVE-2019-9003.json | 10 +++++++++ 2019/9xxx/CVE-2019-9162.json | 10 +++++++++ 2019/9xxx/CVE-2019-9213.json | 35 ++++++++++++++++++++++++++++++ 30 files changed, 430 insertions(+) diff --git a/2017/1000xxx/CVE-2017-1000410.json b/2017/1000xxx/CVE-2017-1000410.json index c706980fd3d..7687a384f67 100644 --- a/2017/1000xxx/CVE-2017-1000410.json +++ b/2017/1000xxx/CVE-2017-1000410.json @@ -108,6 +108,11 @@ "name": "102101", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102101" + }, + { + "refsource": "UBUNTU", + "name": "USN-3933-2", + "url": "https://usn.ubuntu.com/3933-2/" } ] } diff --git a/2017/18xxx/CVE-2017-18249.json b/2017/18xxx/CVE-2017-18249.json index 57ef1b2899e..0afa760bc0a 100644 --- a/2017/18xxx/CVE-2017-18249.json +++ b/2017/18xxx/CVE-2017-18249.json @@ -71,6 +71,16 @@ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2017/18xxx/CVE-2017-18360.json b/2017/18xxx/CVE-2017-18360.json index fbfd4b7b9be..55adc6f147d 100644 --- a/2017/18xxx/CVE-2017-18360.json +++ b/2017/18xxx/CVE-2017-18360.json @@ -76,6 +76,11 @@ "name": "https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b" + }, + { + "refsource": "UBUNTU", + "name": "USN-3933-2", + "url": "https://usn.ubuntu.com/3933-2/" } ] } diff --git a/2018/12xxx/CVE-2018-12545.json b/2018/12xxx/CVE-2018-12545.json index b03c753aa99..7cb996e0f6b 100644 --- a/2018/12xxx/CVE-2018-12545.json +++ b/2018/12xxx/CVE-2018-12545.json @@ -61,6 +61,16 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096" + }, + { + "refsource": "MLIST", + "name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE", + "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE", + "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E" } ] } diff --git a/2018/13xxx/CVE-2018-13097.json b/2018/13xxx/CVE-2018-13097.json index e485f62b888..56a6d55b39a 100644 --- a/2018/13xxx/CVE-2018-13097.json +++ b/2018/13xxx/CVE-2018-13097.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/13xxx/CVE-2018-13099.json b/2018/13xxx/CVE-2018-13099.json index 23b497def55..5c45e8aa4fd 100644 --- a/2018/13xxx/CVE-2018-13099.json +++ b/2018/13xxx/CVE-2018-13099.json @@ -81,6 +81,16 @@ "name": "https://bugzilla.kernel.org/show_bug.cgi?id=200179", "refsource": "MISC", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200179" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/13xxx/CVE-2018-13100.json b/2018/13xxx/CVE-2018-13100.json index 5eafed2653f..99b4a542597 100644 --- a/2018/13xxx/CVE-2018-13100.json +++ b/2018/13xxx/CVE-2018-13100.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/14xxx/CVE-2018-14610.json b/2018/14xxx/CVE-2018-14610.json index 86dda4bb503..65b4f542acd 100644 --- a/2018/14xxx/CVE-2018-14610.json +++ b/2018/14xxx/CVE-2018-14610.json @@ -71,6 +71,16 @@ "name": "https://patchwork.kernel.org/patch/10503415/", "refsource": "MISC", "url": "https://patchwork.kernel.org/patch/10503415/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/14xxx/CVE-2018-14611.json b/2018/14xxx/CVE-2018-14611.json index a9024e4840e..aca2addc63c 100644 --- a/2018/14xxx/CVE-2018-14611.json +++ b/2018/14xxx/CVE-2018-14611.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/14xxx/CVE-2018-14612.json b/2018/14xxx/CVE-2018-14612.json index d3193a6b1c5..59c6e3ca380 100644 --- a/2018/14xxx/CVE-2018-14612.json +++ b/2018/14xxx/CVE-2018-14612.json @@ -76,6 +76,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/14xxx/CVE-2018-14613.json b/2018/14xxx/CVE-2018-14613.json index a9131c17a86..8f0cb9b10ca 100644 --- a/2018/14xxx/CVE-2018-14613.json +++ b/2018/14xxx/CVE-2018-14613.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/14xxx/CVE-2018-14614.json b/2018/14xxx/CVE-2018-14614.json index c4937e7621f..c6c1d3fcbab 100644 --- a/2018/14xxx/CVE-2018-14614.json +++ b/2018/14xxx/CVE-2018-14614.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/14xxx/CVE-2018-14616.json b/2018/14xxx/CVE-2018-14616.json index a3922495808..a189ac91df3 100644 --- a/2018/14xxx/CVE-2018-14616.json +++ b/2018/14xxx/CVE-2018-14616.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/14xxx/CVE-2018-14678.json b/2018/14xxx/CVE-2018-14678.json index ee77ddb8bf1..d0d0e639354 100644 --- a/2018/14xxx/CVE-2018-14678.json +++ b/2018/14xxx/CVE-2018-14678.json @@ -76,6 +76,16 @@ "name": "DSA-4308", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4308" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" } ] } diff --git a/2018/16xxx/CVE-2018-16884.json b/2018/16xxx/CVE-2018-16884.json index 3b65593930f..74f14b167ba 100644 --- a/2018/16xxx/CVE-2018-16884.json +++ b/2018/16xxx/CVE-2018-16884.json @@ -91,6 +91,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2018/18xxx/CVE-2018-18021.json b/2018/18xxx/CVE-2018-18021.json index c79e838ac93..de8b66ad6f2 100644 --- a/2018/18xxx/CVE-2018-18021.json +++ b/2018/18xxx/CVE-2018-18021.json @@ -106,6 +106,16 @@ "name": "DSA-4313", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4313" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" } ] } diff --git a/2018/19xxx/CVE-2018-19824.json b/2018/19xxx/CVE-2018-19824.json index a8814b6b2c8..93c649d973e 100644 --- a/2018/19xxx/CVE-2018-19824.json +++ b/2018/19xxx/CVE-2018-19824.json @@ -96,6 +96,31 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3933-2", + "url": "https://usn.ubuntu.com/3933-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2018/9xxx/CVE-2018-9517.json b/2018/9xxx/CVE-2018-9517.json index ccb128b8ea9..d02132c50a2 100644 --- a/2018/9xxx/CVE-2018-9517.json +++ b/2018/9xxx/CVE-2018-9517.json @@ -56,6 +56,16 @@ "name": "https://source.android.com/security/bulletin/pixel/2018-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2019/3xxx/CVE-2019-3701.json b/2019/3xxx/CVE-2019-3701.json index b5f4304567d..d8712b21d43 100644 --- a/2019/3xxx/CVE-2019-3701.json +++ b/2019/3xxx/CVE-2019-3701.json @@ -76,6 +76,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2019/3xxx/CVE-2019-3819.json b/2019/3xxx/CVE-2019-3819.json index 29a41baea2a..109eae713cf 100644 --- a/2019/3xxx/CVE-2019-3819.json +++ b/2019/3xxx/CVE-2019-3819.json @@ -81,6 +81,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" } ] } diff --git a/2019/6xxx/CVE-2019-6974.json b/2019/6xxx/CVE-2019-6974.json index 6dec082e3c4..47a4e22a1c8 100644 --- a/2019/6xxx/CVE-2019-6974.json +++ b/2019/6xxx/CVE-2019-6974.json @@ -106,6 +106,41 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3933-2", + "url": "https://usn.ubuntu.com/3933-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7221.json b/2019/7xxx/CVE-2019-7221.json index b7c9e78a3c9..639e7cb2f6f 100644 --- a/2019/7xxx/CVE-2019-7221.json +++ b/2019/7xxx/CVE-2019-7221.json @@ -101,6 +101,36 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7222.json b/2019/7xxx/CVE-2019-7222.json index 3c539aeefd7..03d340e0540 100644 --- a/2019/7xxx/CVE-2019-7222.json +++ b/2019/7xxx/CVE-2019-7222.json @@ -106,6 +106,41 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3933-2", + "url": "https://usn.ubuntu.com/3933-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/7xxx/CVE-2019-7308.json b/2019/7xxx/CVE-2019-7308.json index 55dccb4470c..ad007e6365d 100644 --- a/2019/7xxx/CVE-2019-7308.json +++ b/2019/7xxx/CVE-2019-7308.json @@ -86,6 +86,26 @@ "name": "106827", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106827" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/8xxx/CVE-2019-8912.json b/2019/8xxx/CVE-2019-8912.json index 35591d279c3..1e8906cd218 100644 --- a/2019/8xxx/CVE-2019-8912.json +++ b/2019/8xxx/CVE-2019-8912.json @@ -61,6 +61,26 @@ "name": "http://patchwork.ozlabs.org/patch/1042902/", "refsource": "MISC", "url": "http://patchwork.ozlabs.org/patch/1042902/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/8xxx/CVE-2019-8956.json b/2019/8xxx/CVE-2019-8956.json index a50516886c3..31849c87da5 100644 --- a/2019/8xxx/CVE-2019-8956.json +++ b/2019/8xxx/CVE-2019-8956.json @@ -66,6 +66,16 @@ "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0", "url": "https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] }, diff --git a/2019/8xxx/CVE-2019-8980.json b/2019/8xxx/CVE-2019-8980.json index c98eb080645..63365870c50 100644 --- a/2019/8xxx/CVE-2019-8980.json +++ b/2019/8xxx/CVE-2019-8980.json @@ -66,6 +66,26 @@ "name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html", "refsource": "MISC", "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9003.json b/2019/9xxx/CVE-2019-9003.json index 2a7bf636f43..b11040ef740 100644 --- a/2019/9xxx/CVE-2019-9003.json +++ b/2019/9xxx/CVE-2019-9003.json @@ -76,6 +76,16 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190327-0002/", "url": "https://security.netapp.com/advisory/ntap-20190327-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9162.json b/2019/9xxx/CVE-2019-9162.json index dcca03bf232..c225182a546 100644 --- a/2019/9xxx/CVE-2019-9162.json +++ b/2019/9xxx/CVE-2019-9162.json @@ -91,6 +91,16 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190327-0002/", "url": "https://security.netapp.com/advisory/ntap-20190327-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9213.json b/2019/9xxx/CVE-2019-9213.json index f60ef5fa14c..979e10c2adb 100644 --- a/2019/9xxx/CVE-2019-9213.json +++ b/2019/9xxx/CVE-2019-9213.json @@ -111,6 +111,41 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-1", + "url": "https://usn.ubuntu.com/3932-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3932-2", + "url": "https://usn.ubuntu.com/3932-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-1", + "url": "https://usn.ubuntu.com/3930-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-1", + "url": "https://usn.ubuntu.com/3931-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3933-2", + "url": "https://usn.ubuntu.com/3933-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3931-2", + "url": "https://usn.ubuntu.com/3931-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3930-2", + "url": "https://usn.ubuntu.com/3930-2/" } ] } From e20f5a76f858c39c0a1b287cd543d93a83f4c1c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 03:00:46 +0000 Subject: [PATCH 18/25] "-Synchronized-Data." --- 2019/6xxx/CVE-2019-6129.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2019/6xxx/CVE-2019-6129.json b/2019/6xxx/CVE-2019-6129.json index be7d02dd4ba..6e491f9c538 100644 --- a/2019/6xxx/CVE-2019-6129.json +++ b/2019/6xxx/CVE-2019-6129.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp." + "value": "** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don't think it is libpng's job to free this buffer.\"" } ] }, From 87085b5fb6268c6c63b5825500827c23898bb1f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 04:00:45 +0000 Subject: [PATCH 19/25] "-Synchronized-Data." --- 2018/11xxx/CVE-2018-11784.json | 5 +++++ 2019/10xxx/CVE-2019-10722.json | 18 ++++++++++++++++++ 2019/3xxx/CVE-2019-3835.json | 5 +++++ 2019/3xxx/CVE-2019-3838.json | 5 +++++ 2019/6xxx/CVE-2019-6116.json | 5 +++++ 5 files changed, 38 insertions(+) create mode 100644 2019/10xxx/CVE-2019-10722.json diff --git a/2018/11xxx/CVE-2018-11784.json b/2018/11xxx/CVE-2018-11784.json index 3f0f360e35d..eed268ed54b 100644 --- a/2018/11xxx/CVE-2018-11784.json +++ b/2018/11xxx/CVE-2018-11784.json @@ -133,6 +133,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2018-b18f9dd65b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/" } ] } diff --git a/2019/10xxx/CVE-2019-10722.json b/2019/10xxx/CVE-2019-10722.json new file mode 100644 index 00000000000..fdaff9b83fa --- /dev/null +++ b/2019/10xxx/CVE-2019-10722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3835.json b/2019/3xxx/CVE-2019-3835.json index e90efb7fad2..c682f9a700b 100644 --- a/2019/3xxx/CVE-2019-3835.json +++ b/2019/3xxx/CVE-2019-3835.json @@ -68,6 +68,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-1a2c059afd", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/" + }, + { + "refsource": "BUGTRAQ", + "name": "20190402 [slackware-security] ghostscript (SSA:2019-092-01)", + "url": "https://seclists.org/bugtraq/2019/Apr/4" } ] }, diff --git a/2019/3xxx/CVE-2019-3838.json b/2019/3xxx/CVE-2019-3838.json index 441daa61c37..a0e599316cc 100644 --- a/2019/3xxx/CVE-2019-3838.json +++ b/2019/3xxx/CVE-2019-3838.json @@ -78,6 +78,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1121", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20190402 [slackware-security] ghostscript (SSA:2019-092-01)", + "url": "https://seclists.org/bugtraq/2019/Apr/4" } ] }, diff --git a/2019/6xxx/CVE-2019-6116.json b/2019/6xxx/CVE-2019-6116.json index dd14c7e22bd..c2dd934da11 100644 --- a/2019/6xxx/CVE-2019-6116.json +++ b/2019/6xxx/CVE-2019-6116.json @@ -131,6 +131,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-9f06aa44f6", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/" + }, + { + "refsource": "BUGTRAQ", + "name": "20190402 [slackware-security] ghostscript (SSA:2019-092-01)", + "url": "https://seclists.org/bugtraq/2019/Apr/4" } ] } From d925887d4d074ea197c0d1bcffb1b3c7e4628aa0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 05:00:44 +0000 Subject: [PATCH 20/25] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10673.json | 56 ++++++++++++++++++++++++++++++---- 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/2019/10xxx/CVE-2019-10673.json b/2019/10xxx/CVE-2019-10673.json index 9dd90c91c00..450a8c3214d 100644 --- a/2019/10xxx/CVE-2019-10673.json +++ b/2019/10xxx/CVE-2019-10673.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10673", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10673", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress \"password forget\" form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html" } ] } From 3c0c5129fc39b09f4a2ea0e1baa260118a168ac3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 06:00:51 +0000 Subject: [PATCH 21/25] "-Synchronized-Data." --- 2018/12xxx/CVE-2018-12178.json | 5 +++++ 2018/12xxx/CVE-2018-12180.json | 5 +++++ 2018/12xxx/CVE-2018-12181.json | 5 +++++ 2018/3xxx/CVE-2018-3613.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2018/12xxx/CVE-2018-12178.json b/2018/12xxx/CVE-2018-12178.json index c4dd09520fc..f36e61b2d22 100644 --- a/2018/12xxx/CVE-2018-12178.json +++ b/2018/12xxx/CVE-2018-12178.json @@ -53,6 +53,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1083", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-bff1cbaba3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" } ] }, diff --git a/2018/12xxx/CVE-2018-12180.json b/2018/12xxx/CVE-2018-12180.json index c4a1e1c0c62..60b58546d7a 100644 --- a/2018/12xxx/CVE-2018-12180.json +++ b/2018/12xxx/CVE-2018-12180.json @@ -53,6 +53,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1083", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-bff1cbaba3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" } ] }, diff --git a/2018/12xxx/CVE-2018-12181.json b/2018/12xxx/CVE-2018-12181.json index b67fa56dcc3..11517e90f9d 100644 --- a/2018/12xxx/CVE-2018-12181.json +++ b/2018/12xxx/CVE-2018-12181.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-bff1cbaba3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" } ] }, diff --git a/2018/3xxx/CVE-2018-3613.json b/2018/3xxx/CVE-2018-3613.json index 5dd2d18a385..c5b7d33165b 100644 --- a/2018/3xxx/CVE-2018-3613.json +++ b/2018/3xxx/CVE-2018-3613.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-bff1cbaba3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" } ] }, From c108939cc1f0b36235bada85223989beb2ddd831 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 09:00:46 +0000 Subject: [PATCH 22/25] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10875.json | 5 +++++ 2018/16xxx/CVE-2018-16837.json | 5 +++++ 2018/16xxx/CVE-2018-16859.json | 5 +++++ 2018/16xxx/CVE-2018-16876.json | 5 +++++ 2019/3xxx/CVE-2019-3828.json | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/2018/10xxx/CVE-2018-10875.json b/2018/10xxx/CVE-2018-10875.json index 9828f1f318d..56be51f3943 100644 --- a/2018/10xxx/CVE-2018-10875.json +++ b/2018/10xxx/CVE-2018-10875.json @@ -116,6 +116,11 @@ "name": "DSA-4396", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4396" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1125", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" } ] } diff --git a/2018/16xxx/CVE-2018-16837.json b/2018/16xxx/CVE-2018-16837.json index 3141d70104f..f4dc2620ee9 100644 --- a/2018/16xxx/CVE-2018-16837.json +++ b/2018/16xxx/CVE-2018-16837.json @@ -106,6 +106,11 @@ "name": "DSA-4396", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4396" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1125", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" } ] } diff --git a/2018/16xxx/CVE-2018-16859.json b/2018/16xxx/CVE-2018-16859.json index 2303d10e37a..ceffba748ed 100644 --- a/2018/16xxx/CVE-2018-16859.json +++ b/2018/16xxx/CVE-2018-16859.json @@ -96,6 +96,11 @@ "name": "RHSA-2018:3772", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3772" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1125", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" } ] } diff --git a/2018/16xxx/CVE-2018-16876.json b/2018/16xxx/CVE-2018-16876.json index 49096016842..8735f67708c 100644 --- a/2018/16xxx/CVE-2018-16876.json +++ b/2018/16xxx/CVE-2018-16876.json @@ -117,6 +117,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:0590", "url": "https://access.redhat.com/errata/RHSA-2019:0590" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1125", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" } ] } diff --git a/2019/3xxx/CVE-2019-3828.json b/2019/3xxx/CVE-2019-3828.json index b69e04693d0..b3c502b9f0f 100644 --- a/2019/3xxx/CVE-2019-3828.json +++ b/2019/3xxx/CVE-2019-3828.json @@ -59,6 +59,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828", "refsource": "CONFIRM" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1125", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" } ] }, From e0daefb4931af339077503aa6890641c8e235d90 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 11:00:46 +0000 Subject: [PATCH 23/25] "-Synchronized-Data." --- 2018/11xxx/CVE-2018-11291.json | 5 +++++ 2018/11xxx/CVE-2018-11821.json | 5 +++++ 2018/11xxx/CVE-2018-11822.json | 5 +++++ 2018/11xxx/CVE-2018-11828.json | 5 +++++ 2018/11xxx/CVE-2018-11849.json | 5 +++++ 2018/11xxx/CVE-2018-11850.json | 5 +++++ 2018/11xxx/CVE-2018-11853.json | 5 +++++ 2018/11xxx/CVE-2018-11854.json | 5 +++++ 2018/11xxx/CVE-2018-11856.json | 5 +++++ 2018/11xxx/CVE-2018-11859.json | 5 +++++ 2018/11xxx/CVE-2018-11861.json | 5 +++++ 2018/11xxx/CVE-2018-11862.json | 5 +++++ 2018/11xxx/CVE-2018-11867.json | 5 +++++ 2018/11xxx/CVE-2018-11870.json | 5 +++++ 2018/11xxx/CVE-2018-11871.json | 5 +++++ 2018/11xxx/CVE-2018-11872.json | 5 +++++ 2018/11xxx/CVE-2018-11873.json | 5 +++++ 2018/11xxx/CVE-2018-11874.json | 5 +++++ 2018/11xxx/CVE-2018-11875.json | 5 +++++ 2018/11xxx/CVE-2018-11876.json | 5 +++++ 2018/11xxx/CVE-2018-11877.json | 5 +++++ 2018/11xxx/CVE-2018-11879.json | 5 +++++ 2018/11xxx/CVE-2018-11880.json | 5 +++++ 2018/11xxx/CVE-2018-11882.json | 5 +++++ 2018/11xxx/CVE-2018-11884.json | 5 +++++ 2018/1xxx/CVE-2018-1917.json | 5 +++++ 2019/4xxx/CVE-2019-4080.json | 5 +++++ 27 files changed, 135 insertions(+) diff --git a/2018/11xxx/CVE-2018-11291.json b/2018/11xxx/CVE-2018-11291.json index 09de89fa2f9..c57a0ca0e49 100644 --- a/2018/11xxx/CVE-2018-11291.json +++ b/2018/11xxx/CVE-2018-11291.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11821.json b/2018/11xxx/CVE-2018-11821.json index 13cb3782b0d..1dab302c2e5 100644 --- a/2018/11xxx/CVE-2018-11821.json +++ b/2018/11xxx/CVE-2018-11821.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11822.json b/2018/11xxx/CVE-2018-11822.json index 1b1f9a519dc..4cd7960552f 100644 --- a/2018/11xxx/CVE-2018-11822.json +++ b/2018/11xxx/CVE-2018-11822.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11828.json b/2018/11xxx/CVE-2018-11828.json index d4588d647aa..758d93375dc 100644 --- a/2018/11xxx/CVE-2018-11828.json +++ b/2018/11xxx/CVE-2018-11828.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11849.json b/2018/11xxx/CVE-2018-11849.json index cbf1ecb70d1..5607e057145 100644 --- a/2018/11xxx/CVE-2018-11849.json +++ b/2018/11xxx/CVE-2018-11849.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11850.json b/2018/11xxx/CVE-2018-11850.json index 064957d61e1..cbb58c3523c 100644 --- a/2018/11xxx/CVE-2018-11850.json +++ b/2018/11xxx/CVE-2018-11850.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11853.json b/2018/11xxx/CVE-2018-11853.json index fc8a541a85e..df71920effb 100644 --- a/2018/11xxx/CVE-2018-11853.json +++ b/2018/11xxx/CVE-2018-11853.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11854.json b/2018/11xxx/CVE-2018-11854.json index 53b3a645746..c3f728435f0 100644 --- a/2018/11xxx/CVE-2018-11854.json +++ b/2018/11xxx/CVE-2018-11854.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11856.json b/2018/11xxx/CVE-2018-11856.json index e2e8d136b48..72a0b149856 100644 --- a/2018/11xxx/CVE-2018-11856.json +++ b/2018/11xxx/CVE-2018-11856.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11859.json b/2018/11xxx/CVE-2018-11859.json index 96c94a3dd2c..e8b4c9a489c 100644 --- a/2018/11xxx/CVE-2018-11859.json +++ b/2018/11xxx/CVE-2018-11859.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11861.json b/2018/11xxx/CVE-2018-11861.json index 7bffafc0255..269ddac85be 100644 --- a/2018/11xxx/CVE-2018-11861.json +++ b/2018/11xxx/CVE-2018-11861.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11862.json b/2018/11xxx/CVE-2018-11862.json index 7ab4dce88b3..1085903d867 100644 --- a/2018/11xxx/CVE-2018-11862.json +++ b/2018/11xxx/CVE-2018-11862.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11867.json b/2018/11xxx/CVE-2018-11867.json index ebdbb3098c2..80ea69cf746 100644 --- a/2018/11xxx/CVE-2018-11867.json +++ b/2018/11xxx/CVE-2018-11867.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11870.json b/2018/11xxx/CVE-2018-11870.json index b360a74ea27..b671ee7fc85 100644 --- a/2018/11xxx/CVE-2018-11870.json +++ b/2018/11xxx/CVE-2018-11870.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11871.json b/2018/11xxx/CVE-2018-11871.json index 0e5bcbfc1fe..ba2e9dfaa0e 100644 --- a/2018/11xxx/CVE-2018-11871.json +++ b/2018/11xxx/CVE-2018-11871.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11872.json b/2018/11xxx/CVE-2018-11872.json index 26ae1663511..17ac0e405b4 100644 --- a/2018/11xxx/CVE-2018-11872.json +++ b/2018/11xxx/CVE-2018-11872.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11873.json b/2018/11xxx/CVE-2018-11873.json index 73f68a88eb3..a92e0d17c56 100644 --- a/2018/11xxx/CVE-2018-11873.json +++ b/2018/11xxx/CVE-2018-11873.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11874.json b/2018/11xxx/CVE-2018-11874.json index bae56ef35d5..72f8e6f8b2c 100644 --- a/2018/11xxx/CVE-2018-11874.json +++ b/2018/11xxx/CVE-2018-11874.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11875.json b/2018/11xxx/CVE-2018-11875.json index 63ab0a74845..90881dff0e0 100644 --- a/2018/11xxx/CVE-2018-11875.json +++ b/2018/11xxx/CVE-2018-11875.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11876.json b/2018/11xxx/CVE-2018-11876.json index c1d23cfebf9..c8e074a55c9 100644 --- a/2018/11xxx/CVE-2018-11876.json +++ b/2018/11xxx/CVE-2018-11876.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11877.json b/2018/11xxx/CVE-2018-11877.json index 41621eb800f..f79f2b62c98 100644 --- a/2018/11xxx/CVE-2018-11877.json +++ b/2018/11xxx/CVE-2018-11877.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11879.json b/2018/11xxx/CVE-2018-11879.json index 448aaab42a0..c24d6de330d 100644 --- a/2018/11xxx/CVE-2018-11879.json +++ b/2018/11xxx/CVE-2018-11879.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11880.json b/2018/11xxx/CVE-2018-11880.json index 4c4355dc708..de797913477 100644 --- a/2018/11xxx/CVE-2018-11880.json +++ b/2018/11xxx/CVE-2018-11880.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11882.json b/2018/11xxx/CVE-2018-11882.json index 243c1165776..34e9a2fe491 100644 --- a/2018/11xxx/CVE-2018-11882.json +++ b/2018/11xxx/CVE-2018-11882.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/11xxx/CVE-2018-11884.json b/2018/11xxx/CVE-2018-11884.json index 17487efe725..8ff2638d49a 100644 --- a/2018/11xxx/CVE-2018-11884.json +++ b/2018/11xxx/CVE-2018-11884.json @@ -56,6 +56,11 @@ "name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "refsource": "BID", + "name": "107681", + "url": "http://www.securityfocus.com/bid/107681" } ] } diff --git a/2018/1xxx/CVE-2018-1917.json b/2018/1xxx/CVE-2018-1917.json index deb3cf95ba0..6db1f66962a 100644 --- a/2018/1xxx/CVE-2018-1917.json +++ b/2018/1xxx/CVE-2018-1917.json @@ -69,6 +69,11 @@ "name": "ibm-infosphere-cve20181917-info-disc (152784)", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152784", "title": "X-Force Vulnerability Report" + }, + { + "refsource": "BID", + "name": "107688", + "url": "http://www.securityfocus.com/bid/107688" } ] }, diff --git a/2019/4xxx/CVE-2019-4080.json b/2019/4xxx/CVE-2019-4080.json index 2aad7930fa9..14a0ff488af 100644 --- a/2019/4xxx/CVE-2019-4080.json +++ b/2019/4xxx/CVE-2019-4080.json @@ -39,6 +39,11 @@ "name": "ibm-websphere-cve20194080-dos (157380)", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157380", "title": "X-Force Vulnerability Report" + }, + { + "refsource": "BID", + "name": "107683", + "url": "http://www.securityfocus.com/bid/107683" } ] }, From 937da759cb1abd29ff68330d3b1e8b65470ab787 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 12:00:55 +0000 Subject: [PATCH 24/25] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18506.json | 5 +++++ 2019/3xxx/CVE-2019-3871.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2018/18xxx/CVE-2018-18506.json b/2018/18xxx/CVE-2018-18506.json index aa355b9e9fd..4d24652f3cb 100644 --- a/2018/18xxx/CVE-2018-18506.json +++ b/2018/18xxx/CVE-2018-18506.json @@ -137,6 +137,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-07", "url": "https://security.gentoo.org/glsa/201904-07" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1126", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html" } ] } diff --git a/2019/3xxx/CVE-2019-3871.json b/2019/3xxx/CVE-2019-3871.json index e6e672ce523..a6c203e6b14 100644 --- a/2019/3xxx/CVE-2019-3871.json +++ b/2019/3xxx/CVE-2019-3871.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1128", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html" } ] }, From e6a7debb5a127390a6b89dd9e7f3ee5be05830dc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Apr 2019 13:00:47 +0000 Subject: [PATCH 25/25] "-Synchronized-Data." --- 2018/17xxx/CVE-2018-17189.json | 5 +++++ 2018/17xxx/CVE-2018-17199.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index f421317a02c..4926bba06df 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -82,6 +82,11 @@ "refsource": "GENTOO", "name": "GLSA-201903-21", "url": "https://security.gentoo.org/glsa/201903-21" + }, + { + "refsource": "BUGTRAQ", + "name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", + "url": "https://seclists.org/bugtraq/2019/Apr/5" } ] } diff --git a/2018/17xxx/CVE-2018-17199.json b/2018/17xxx/CVE-2018-17199.json index a9eb4bf8e38..24d44cbc9d0 100644 --- a/2018/17xxx/CVE-2018-17199.json +++ b/2018/17xxx/CVE-2018-17199.json @@ -77,6 +77,11 @@ "refsource": "GENTOO", "name": "GLSA-201903-21", "url": "https://security.gentoo.org/glsa/201903-21" + }, + { + "refsource": "BUGTRAQ", + "name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", + "url": "https://seclists.org/bugtraq/2019/Apr/5" } ] }