diff --git a/2005/2xxx/CVE-2005-2354.json b/2005/2xxx/CVE-2005-2354.json index 414616c6954..39df61caa51 100644 --- a/2005/2xxx/CVE-2005-2354.json +++ b/2005/2xxx/CVE-2005-2354.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2005-2354", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nvu", + "version": { + "version_data": [ + { + "version_value": "0.99+1.0pre" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2005-2354", + "url": "https://security-tracker.debian.org/tracker/CVE-2005-2354" + }, + { + "refsource": "MISC", + "name": "http://www.attrition.org/pipermail/vim/2014-February/002758.html", + "url": "http://www.attrition.org/pipermail/vim/2014-February/002758.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306822", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306822" } ] } diff --git a/2010/2xxx/CVE-2010-2222.json b/2010/2xxx/CVE-2010-2222.json index 6e941d02c1d..62b283f35a6 100644 --- a/2010/2xxx/CVE-2010-2222.json +++ b/2010/2xxx/CVE-2010-2222.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2222", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Directory Server", + "version": { + "version_data": [ + { + "version_value": "8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2222", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2222" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-2222", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-2222" } ] } diff --git a/2010/3xxx/CVE-2010-3670.json b/2010/3xxx/CVE-2010-3670.json index 64bea4113ba..f22adb9f32a 100644 --- a/2010/3xxx/CVE-2010-3670.json +++ b/2010/3xxx/CVE-2010-3670.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3670", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the \"forgot password\" function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3670", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3670" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719" + }, + { + "refsource": "CONFIRM", + "name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness", + "url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness" } ] } diff --git a/2010/3xxx/CVE-2010-3671.json b/2010/3xxx/CVE-2010-3671.json index 10f19660c60..337ec740d3f 100644 --- a/2010/3xxx/CVE-2010-3671.json +++ b/2010/3xxx/CVE-2010-3671.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3671", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3671", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3671" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719" + }, + { + "refsource": "CONFIRM", + "name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management", + "url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management" } ] } diff --git a/2010/3xxx/CVE-2010-3672.json b/2010/3xxx/CVE-2010-3672.json index 9be80f091ba..bd7e1f0f7f7 100644 --- a/2010/3xxx/CVE-2010-3672.json +++ b/2010/3xxx/CVE-2010-3672.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3672", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3672", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3672" + }, + { + "refsource": "CONFIRM", + "name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS", + "url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719" } ] } diff --git a/2010/3xxx/CVE-2010-3673.json b/2010/3xxx/CVE-2010-3673.json index 6cedaada451..618df4c83da 100644 --- a/2010/3xxx/CVE-2010-3673.json +++ b/2010/3xxx/CVE-2010-3673.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3673", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3673", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3673" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719" + }, + { + "refsource": "CONFIRM", + "name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure", + "url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure" } ] } diff --git a/2010/3xxx/CVE-2010-3674.json b/2010/3xxx/CVE-2010-3674.json index eef31782d79..de6c3593010 100644 --- a/2010/3xxx/CVE-2010-3674.json +++ b/2010/3xxx/CVE-2010-3674.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3674", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TYPO3 before 4.4.1 allows XSS in the frontend search box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3674", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3674" + }, + { + "refsource": "CONFIRM", + "name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS", + "url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719" } ] } diff --git a/2019/10xxx/CVE-2019-10084.json b/2019/10xxx/CVE-2019-10084.json index c5133e48fd1..fed71e92d75 100644 --- a/2019/10xxx/CVE-2019-10084.json +++ b/2019/10xxx/CVE-2019-10084.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Impala", + "version": { + "version_data": [ + { + "version_value": "2.7.0 to 3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/ee73dd8dc38ac3b3b132c79c9a02cf9524af9aa11190474c0ebd1f13@%3Cdev.impala.apache.org%3E", + "url": "https://lists.apache.org/thread.html/ee73dd8dc38ac3b3b132c79c9a02cf9524af9aa11190474c0ebd1f13@%3Cdev.impala.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user." } ] } diff --git a/2019/15xxx/CVE-2019-15966.json b/2019/15xxx/CVE-2019-15966.json index 2039667f481..d412b4b12e8 100644 --- a/2019/15xxx/CVE-2019-15966.json +++ b/2019/15xxx/CVE-2019-15966.json @@ -1,94 +1,95 @@ { "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "ID": "CVE-2019-15966", - "STATE": "PUBLIC" - }, + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2019-15966", + "STATE": "PUBLIC" + }, "affects": { - "vendor": { - "vendor_data": [ + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco TelePresence Advanced Media Gateway", + "version": { + "version_data": [ { - "product": { - "product_data": [ - { - "product_name": "Cisco TelePresence Advanced Media Gateway", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.1" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "version_affected": "=", + "version_value": "1.1" + } ] - } - }, + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.\n" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20 Improper Input Validation" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CISCO", - "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362" - } - ] - }, - "solution": [ + "description_data": [ { - "lang": "eng", - "value": "Cisco TelePresence Advanced Media Gateway is no longer receiving software updates. Please see the following link for EoS and EoL information: \nhttps://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-advanced-media-gateway-series/eos-eol-notice-c51-731683.html" - } - ], - "source": { - "advisory": "CSCvr69362", - "defect": [ - "CSCvr69362" - ], - "discovery": "EXTERNAL" + "lang": "eng", + "value": "A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362", + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr69362" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Cisco TelePresence Advanced Media Gateway is no longer receiving software updates. Please see the following link for EoS and EoL information: \nhttps://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-advanced-media-gateway-series/eos-eol-notice-c51-731683.html" + } + ], + "source": { + "advisory": "CSCvr69362", + "defect": [ + "CSCvr69362" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18226.json b/2019/18xxx/CVE-2019-18226.json index ebe1cc41b21..c33bd516abe 100644 --- a/2019/18xxx/CVE-2019-18226.json +++ b/2019/18xxx/CVE-2019-18226.json @@ -15,11 +15,17 @@ "product": { "product_data": [ { - "product_name": "Honeywell equIP series and Performance series IP cameras and recorders", + "product_name": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders", "version": { "version_data": [ { - "version_value": "equIP Series Cameras Model Vulnerability fixed from versions, multiple versions, and Performance Series Cameras Model Vulnerability fixed from version, multiple versions, and Recorders Vulnerability fixed from version, multiple versions." + "version_value": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.21.20190812, HDZ302D 1.000.0043.6.20190820, HDZ302DE 1.000.0043.6.20190820, HDZ302DIN 1.000.0043.6.20190820, HDZ302DIN-C1 1.000.0043.6.20190820, HDZ302DIN-S1 1.000.0043.6.20190820, HDZ302LIK 1.000.0062.3.20190816, HDZ302LIW 1.000.0062.3.20190816, HEPB302W01A04 1.000.0040.3.20190820, HEPB302W01A10 1.000.0040.3.20190820, HEPZ302W0 1.000.0039.3.20190820, HFD6GR1 1.000.HW00.12.20190819, HFD8GR1 1.000.HW00.12.20190819, HM4L8GR1 1.000.HW02.8.20190813, HMBL8GR1 1.000.HW02.8.20190813, HSW2G1 2.460.HW00.5.R.20190827, HSW2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827" + }, + { + "version_value": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01.1.190814, HED8PR1 1.000.HW01.3.20190820, HEW2PER2 1.000.HW01.3.20190820, HEW2PER3 1.000.HW01.3.20190820, HEW2PR1 1.000.HW01.1.190813, HEW2PR2 1.000.HW01.1.190814, HEW2PRW1 1.000.HW01.1.190813, HEW4PER2 1.000.HW01.3.20190820, HEW4PER2B 1.000.HW01.3.20190820, HEW4PER3 1.000.HW01.3.20190820, HEW4PER3B 1.000.HW01.3.20190820, HEW4PR2 1.000.HW01.1.190814, HEW4PR3 1.000.HW01.1.190813, HEW4PRW3 1.000.HW01.1.190813, HFD5PR1 1.000.HW01.1.20190822, HPW2P1 1.000.HW01.3.20190820" + }, + { + "version_value": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, HEN081124 3.215.00HW002.2.20190829, HEN16104 3.215.00HW002.2.20190829, HEN16144 3.215.00HW002.2.20190829, HEN16184 3.215.00HW002.2.20190829, HEN32104 3.215.00HW002.2.20190829, HEN321124 3.215.00HW002.2.20190829, HEN16204 3.215.00HW002.2.20190829, HEN16284 3.215.00HW002.2.20190829, HEN162244 3.215.00HW002.2.20190829, HEN32204 3.215.00HW002.2.20190829, HEN32284 3.215.00HW002.2.20190829, HEN322164 3.215.00HW002.2.20190829, HEN64204 3.215.00HW002.2.20190829, HEN642164 3.215.00HW002.2.20190829, HEN16304 3.215.00HW002.2.20190829, HEN16384 3.215.00HW002.2.20190829, HEN32304 3.215.00HW002.2.20190829, HEN32384 3.215.00HW002.2.20190829, HEN323164 3.215.00HW002.2.20190829, HEN64304 3.215.00HW002.2.20190829, HEN643164 3.215.00HW002.2.20190829, HEN643324 3.215.00HW002.2.20190829, HEN643484 3.215.00HW002.2.20190829, HRHT4040 1.000.00HW001.2.190822, HRHT4041 1.000.00HW001.2.190822, HRHT4042 1.000.00HW001.2.190822, HRHT4080 1.000.00HW001.2.190822, HRHT4082 1.000.00HW001.2.190822, HRHT4084 1.000.00HW001.2.190822, HRHT4160 1.000.00HW001.2.190822, HRHT4162 1.000.00HW001.2.190822, HRHT4164 1.000.00HW001.2.190822, HRHT4166 1.000.00HW001.2.190822, HRHT41612 1.000.00HW001.2.190822, HRHQ1040 1.000.00HW001.1.190822, HRHQ1040L 1.000.00HW001.1.190822, HRHQ1041 1.000.00HW001.1.190822, HRHQ1080 1.000.00HW001.1.190822, HRHQ1080L 1.000.00HW001.1.190822, HRHQ1081 1.000.00HW001.1.190822, HRHQ1082 1.000.00HW001.1.190822, HRHQ1160 1.000.00HW001.1.190822, HRHQ1161 1.000.00HW001.1.190822, HRHQ1162 1.000.00HW001.1.190822, HRHQ1164 1.000.00HW001.1.190822" } ] } diff --git a/2019/18xxx/CVE-2019-18780.json b/2019/18xxx/CVE-2019-18780.json new file mode 100644 index 00000000000..650cc3a56cf --- /dev/null +++ b/2019/18xxx/CVE-2019-18780.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS19-003", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS19-003" + }, + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS19-004", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS19-004" + }, + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS19-005", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS19-005" + }, + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS19-006", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS19-006" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1734.json b/2019/1xxx/CVE-2019-1734.json index 8369b003380..3523852735a 100644 --- a/2019/1xxx/CVE-2019-1734.json +++ b/2019/1xxx/CVE-2019-1734.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. " + "value": "A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability." } ] }, @@ -89,4 +89,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1978.json b/2019/1xxx/CVE-2019-1978.json index 591baa23e3c..5ad619bad54 100644 --- a/2019/1xxx/CVE-2019-1978.json +++ b/2019/1xxx/CVE-2019-1978.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. " + "value": "A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1980.json b/2019/1xxx/CVE-2019-1980.json index d02e2bc9711..69f09972fa2 100644 --- a/2019/1xxx/CVE-2019-1980.json +++ b/2019/1xxx/CVE-2019-1980.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. " + "value": "A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1981.json b/2019/1xxx/CVE-2019-1981.json index 06503cc4742..7950442e2d5 100644 --- a/2019/1xxx/CVE-2019-1981.json +++ b/2019/1xxx/CVE-2019-1981.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. " + "value": "A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1982.json b/2019/1xxx/CVE-2019-1982.json index 97c1ff37cce..e3f55669c61 100644 --- a/2019/1xxx/CVE-2019-1982.json +++ b/2019/1xxx/CVE-2019-1982.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. " + "value": "A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file