From 5035d9c0b8c64b4724372b11623653a3609c59d5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 29 Jul 2019 19:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/11xxx/CVE-2018-11772.json | 58 +++++++++++++++++++++++++++---- 2018/11xxx/CVE-2018-11773.json | 58 +++++++++++++++++++++++++++---- 2018/11xxx/CVE-2018-11774.json | 58 +++++++++++++++++++++++++++---- 2018/14xxx/CVE-2018-14618.json | 5 +++ 2018/15xxx/CVE-2018-15664.json | 5 +++ 2018/16xxx/CVE-2018-16884.json | 10 ++++++ 2018/1xxx/CVE-2018-1312.json | 5 +++ 2018/20xxx/CVE-2018-20815.json | 5 +++ 2019/11xxx/CVE-2019-11085.json | 10 ++++++ 2019/11xxx/CVE-2019-11811.json | 10 ++++++ 2019/13xxx/CVE-2019-13655.json | 62 ++++++++++++++++++++++++++++++++++ 2019/3xxx/CVE-2019-3862.json | 5 +++ 2019/3xxx/CVE-2019-3883.json | 5 +++ 2019/6xxx/CVE-2019-6778.json | 5 +++ 14 files changed, 280 insertions(+), 21 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13655.json diff --git a/2018/11xxx/CVE-2018-11772.json b/2018/11xxx/CVE-2018-11772.json index c9ccdb0118f..00c2eee3909 100644 --- a/2018/11xxx/CVE-2018-11772.json +++ b/2018/11xxx/CVE-2018-11772.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11772", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11772", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "VCL", + "version": { + "version_data": [ + { + "version_value": "2.1 through 2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[vcl-dev] 20190729 [CVE-2018-11772] Apache VCL SQL injection attack in privilege management", + "url": "https://lists.apache.org/thread.html/a468c473b4c418307b9866fe4c613630a2efc46bed53438b6af1f55c@%3Cdev.vcl.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech." } ] } diff --git a/2018/11xxx/CVE-2018-11773.json b/2018/11xxx/CVE-2018-11773.json index 8375a81c294..6b9fb101554 100644 --- a/2018/11xxx/CVE-2018-11773.json +++ b/2018/11xxx/CVE-2018-11773.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11773", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11773", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "VCL", + "version": { + "version_data": [ + { + "version_value": "2.1 through 2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper form validation in block allocation management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[vcl-dev] 20190729 [CVE-2018-11773] Apache VCL improper form validation in block allocation management", + "url": "https://lists.apache.org/thread.html/db71c4edc21ecb834cf20e3ee23ffac5d37f32e7eb67257a413bf878@%3Cdev.vcl.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech." } ] } diff --git a/2018/11xxx/CVE-2018-11774.json b/2018/11xxx/CVE-2018-11774.json index c5cfbfdd2c6..8c97fb72756 100644 --- a/2018/11xxx/CVE-2018-11774.json +++ b/2018/11xxx/CVE-2018-11774.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11774", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11774", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "VCL", + "version": { + "version_data": [ + { + "version_value": "2.1 through 2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[vcl-dev] 20190729 [CVE-2018-11774] Apache VCL SQL injection attack in VM management", + "url": "https://lists.apache.org/thread.html/8f90e00910d1ee3d850e56d87c18cb298a126d10955413d296e47c0c@%3Cdev.vcl.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech." } ] } diff --git a/2018/14xxx/CVE-2018-14618.json b/2018/14xxx/CVE-2018-14618.json index 2bb3e5b3102..00a11de1179 100644 --- a/2018/14xxx/CVE-2018-14618.json +++ b/2018/14xxx/CVE-2018-14618.json @@ -119,6 +119,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1880", + "url": "https://access.redhat.com/errata/RHSA-2019:1880" } ] } diff --git a/2018/15xxx/CVE-2018-15664.json b/2018/15xxx/CVE-2018-15664.json index 38a3afdd051..0e3b85224db 100644 --- a/2018/15xxx/CVE-2018-15664.json +++ b/2018/15xxx/CVE-2018-15664.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1910", + "url": "https://access.redhat.com/errata/RHSA-2019:1910" } ] } diff --git a/2018/16xxx/CVE-2018-16884.json b/2018/16xxx/CVE-2018-16884.json index 83a4630bdf9..defd52f2f39 100644 --- a/2018/16xxx/CVE-2018-16884.json +++ b/2018/16xxx/CVE-2018-16884.json @@ -131,6 +131,16 @@ "refsource": "UBUNTU", "name": "USN-3981-2", "url": "https://usn.ubuntu.com/3981-2/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1873", + "url": "https://access.redhat.com/errata/RHSA-2019:1873" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1891", + "url": "https://access.redhat.com/errata/RHSA-2019:1891" } ] } diff --git a/2018/1xxx/CVE-2018-1312.json b/2018/1xxx/CVE-2018-1312.json index 07edf06a397..25c331cfaf0 100644 --- a/2018/1xxx/CVE-2018-1312.json +++ b/2018/1xxx/CVE-2018-1312.json @@ -122,6 +122,11 @@ "refsource": "UBUNTU", "name": "USN-3937-2", "url": "https://usn.ubuntu.com/3937-2/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1898", + "url": "https://access.redhat.com/errata/RHSA-2019:1898" } ] } diff --git a/2018/20xxx/CVE-2018-20815.json b/2018/20xxx/CVE-2018-20815.json index 6326458a83d..ef6a70d5de9 100644 --- a/2018/20xxx/CVE-2018-20815.json +++ b/2018/20xxx/CVE-2018-20815.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1743", "url": "https://access.redhat.com/errata/RHSA-2019:1743" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1881", + "url": "https://access.redhat.com/errata/RHSA-2019:1881" } ] } diff --git a/2019/11xxx/CVE-2019-11085.json b/2019/11xxx/CVE-2019-11085.json index d33f57121cf..b0b1992c609 100644 --- a/2019/11xxx/CVE-2019-11085.json +++ b/2019/11xxx/CVE-2019-11085.json @@ -78,6 +78,16 @@ "refsource": "UBUNTU", "name": "USN-4068-2", "url": "https://usn.ubuntu.com/4068-2/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1873", + "url": "https://access.redhat.com/errata/RHSA-2019:1873" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1891", + "url": "https://access.redhat.com/errata/RHSA-2019:1891" } ] }, diff --git a/2019/11xxx/CVE-2019-11811.json b/2019/11xxx/CVE-2019-11811.json index 4feee09a9a3..098769f7672 100644 --- a/2019/11xxx/CVE-2019-11811.json +++ b/2019/11xxx/CVE-2019-11811.json @@ -86,6 +86,16 @@ "refsource": "BID", "name": "108410", "url": "http://www.securityfocus.com/bid/108410" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1873", + "url": "https://access.redhat.com/errata/RHSA-2019:1873" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1891", + "url": "https://access.redhat.com/errata/RHSA-2019:1891" } ] } diff --git a/2019/13xxx/CVE-2019-13655.json b/2019/13xxx/CVE-2019-13655.json new file mode 100644 index 00000000000..e27a3005c14 --- /dev/null +++ b/2019/13xxx/CVE-2019-13655.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://obsidianterminal.blogspot.com/2019/07/dos-in-imgix-cdns-image-processing.html", + "url": "https://obsidianterminal.blogspot.com/2019/07/dos-in-imgix-cdns-image-processing.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index f52424ec5a6..d7fbe5da750 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -118,6 +118,11 @@ "refsource": "BUGTRAQ", "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update", "url": "https://seclists.org/bugtraq/2019/Apr/25" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1884", + "url": "https://access.redhat.com/errata/RHSA-2019:1884" } ] }, diff --git a/2019/3xxx/CVE-2019-3883.json b/2019/3xxx/CVE-2019-3883.json index 439956436c3..ca8116ffb2a 100644 --- a/2019/3xxx/CVE-2019-3883.json +++ b/2019/3xxx/CVE-2019-3883.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1779-1] 389-ds-base security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00008.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1896", + "url": "https://access.redhat.com/errata/RHSA-2019:1896" } ] }, diff --git a/2019/6xxx/CVE-2019-6778.json b/2019/6xxx/CVE-2019-6778.json index 4e3eb97c5d2..d3680b61023 100644 --- a/2019/6xxx/CVE-2019-6778.json +++ b/2019/6xxx/CVE-2019-6778.json @@ -106,6 +106,11 @@ "refsource": "BUGTRAQ", "name": "20190531 [SECURITY] [DSA 4454-1] qemu security update", "url": "https://seclists.org/bugtraq/2019/May/76" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1883", + "url": "https://access.redhat.com/errata/RHSA-2019:1883" } ] }