diff --git a/2016/1000xxx/CVE-2016-1000271.json b/2016/1000xxx/CVE-2016-1000271.json index 8919b52e579..72823124b6d 100644 --- a/2016/1000xxx/CVE-2016-1000271.json +++ b/2016/1000xxx/CVE-2016-1000271.json @@ -1 +1,65 @@ -{"data_version":"4.0","references":{"reference_data":[{"url":"https://packetstormsecurity.com/files/140141/Joomla-DT-Register-SQL-Injection.html"}]},"description":{"description_data":[{"lang":"eng","value":"Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in \"/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events\". This attack appear to be exploitable if the attacker can reach the web server."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5)"}]},"product_name":"Joomla extension DT Register"}]},"vendor_name":"Joomla extension DT Register"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"2019-02-04T11:22:33","DATE_REQUESTED":"2019-02-04T11:22:33","ID":"CVE-2016-1000271","ASSIGNER":"kurt@seifried.org","REQUESTER":"kurt@seifried.org"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"SQL Injection"}]}]}} +{ + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2019-02-04T11:22:33", + "DATE_REQUESTED" : "2019-02-04T11:22:33", + "ID" : "CVE-2016-1000271", + "REQUESTER" : "kurt@seifried.org", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Joomla extension DT Register", + "version" : { + "version_data" : [ + { + "version_value" : "before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5)" + } + ] + } + } + ] + }, + "vendor_name" : "Joomla extension DT Register" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in \"/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events\". This attack appears to be exploitable if the attacker can reach the web server." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "SQL Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://packetstormsecurity.com/files/140141/Joomla-DT-Register-SQL-Injection.html", + "refsource" : "MISC", + "url" : "https://packetstormsecurity.com/files/140141/Joomla-DT-Register-SQL-Injection.html" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000998.json b/2018/1000xxx/CVE-2018-1000998.json index 1d2139b4673..43a444875e5 100644 --- a/2018/1000xxx/CVE-2018-1000998.json +++ b/2018/1000xxx/CVE-2018-1000998.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.010071", "DATE_REQUESTED" : "2018-12-23T22:41:02", "ID" : "CVE-2018-1000998", "REQUESTER" : "kvakil@berkeley.edu", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.kvakil.me/posts/cvsweb/", + "refsource" : "MISC", + "url" : "https://www.kvakil.me/posts/cvsweb/" } ] } diff --git a/2018/1000xxx/CVE-2018-1000999.json b/2018/1000xxx/CVE-2018-1000999.json index 9d04253c5e9..9421acfa16f 100644 --- a/2018/1000xxx/CVE-2018-1000999.json +++ b/2018/1000xxx/CVE-2018-1000999.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.010936", "DATE_REQUESTED" : "2018-12-20T18:12:12", "ID" : "CVE-2018-1000999", "REQUESTER" : "cve@rapid7.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Fastnet SA MailCleaner version 2018092601 contains a Command Injection (CWE-78) vulnerability in /admin/managetracing/search/search that can result in an authenticated web application user running commands on the underlying web server as root. This attack appears to be exploitable via Post-authentication access to the web server." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/rapid7/metasploit-framework/pull/11148", + "refsource" : "MISC", + "url" : "https://github.com/rapid7/metasploit-framework/pull/11148" } ] } diff --git a/2018/1xxx/CVE-2018-1675.json b/2018/1xxx/CVE-2018-1675.json index 7fbcf705b41..3af2ca2b7cc 100644 --- a/2018/1xxx/CVE-2018-1675.json +++ b/2018/1xxx/CVE-2018-1675.json @@ -1,65 +1,14 @@ { - "data_type" : "CVE", "CVE_data_meta" : { - "ID" : "CVE-2018-1675", + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-11-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403", - "title" : "IBM Security Bulletin 742403 (Tivoli Application Dependency Discovery Manager)" - }, - { - "name" : "ibm-taddm-cve20181675-info-disc (145110)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110" - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "A" : "N", - "PR" : "N", - "SCORE" : "6.800", - "AV" : "N", - "S" : "C", - "AC" : "H", - "C" : "H", - "I" : "N", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] + "ID" : "CVE-2018-1675", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -76,18 +25,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110." } ] }, - "data_version" : "4.0" + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "C", + "SCORE" : "6.800", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10742403" + }, + { + "name" : "ibm-taddm-cve20181675-info-disc(145110)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145110" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1801.json b/2018/1xxx/CVE-2018-1801.json index 3222b2bf4ce..dee8428b3b8 100644 --- a/2018/1xxx/CVE-2018-1801.json +++ b/2018/1xxx/CVE-2018-1801.json @@ -1,11 +1,9 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-01-28T00:00:00", + "ID" : "CVE-2018-1801", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -33,6 +31,7 @@ } }, { + "product_name" : "WebSphere Message Broker", "version" : { "version_data" : [ { @@ -42,8 +41,7 @@ "version_value" : "8.0.0.9" } ] - }, - "product_name" : "WebSphere Message Broker" + } }, { "product_name" : "App Connect", @@ -65,24 +63,34 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639." + } + ] + }, "impact" : { "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, "BM" : { "A" : "L", - "PR" : "N", - "SCORE" : "5.300", - "AV" : "N", - "S" : "U", "AC" : "L", + "AV" : "N", "C" : "N", "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.300", "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, @@ -91,33 +99,23 @@ { "description" : [ { - "value" : "Denial of Service", - "lang" : "eng" + "lang" : "eng", + "value" : "Denial of Service" } ] } ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2018-1801", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-01-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, "references" : { "reference_data" : [ { "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 795780 (Integration Bus)", "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780" }, { - "name" : "ibm-ibus-cve20181801-dos (149639)", + "name" : "ibm-ibus-cve20181801-dos(149639)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639" } ] diff --git a/2018/1xxx/CVE-2018-1962.json b/2018/1xxx/CVE-2018-1962.json index a3068558c26..7f8deb4cab7 100644 --- a/2018/1xxx/CVE-2018-1962.json +++ b/2018/1xxx/CVE-2018-1962.json @@ -1,74 +1,14 @@ { "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-01-30T00:00:00", - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1962" - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 796380 (Security Identity Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380" - }, - { - "name" : "ibm-sim-cve20181962-info-disc (153658)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "L", - "PR" : "N", - "A" : "N", - "SCORE" : "4.000", - "C" : "L", - "I" : "N", - "UI" : "N", - "AC" : "L", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.", - "lang" : "eng" - } - ] + "DATE_PUBLIC" : "2019-01-30T00:00:00", + "ID" : "CVE-2018-1962", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -82,9 +22,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "L", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "4.000", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380" + }, + { + "name" : "ibm-sim-cve20181962-info-disc(153658)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1970.json b/2018/1xxx/CVE-2018-1970.json index 958acdb2ce6..e9e25f6aecb 100644 --- a/2018/1xxx/CVE-2018-1970.json +++ b/2018/1xxx/CVE-2018-1970.json @@ -1,66 +1,14 @@ { "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", "DATE_PUBLIC" : "2019-01-30T00:00:00", - "ID" : "CVE-2018-1970" + "ID" : "CVE-2018-1970", + "STATE" : "PUBLIC" }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 796380 (Security Identity Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380" - }, - { - "refsource" : "XF", - "name" : "ibm-sim-cve20181970-info-disc (153751)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "S" : "U", - "C" : "H", - "UI" : "N", - "I" : "N", - "PR" : "L", - "A" : "L", - "SCORE" : "7.100", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -74,16 +22,66 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751." + "value" : "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380" + }, + { + "name" : "ibm-sim-cve20181970-info-disc(153751)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751" } ] } diff --git a/2018/20xxx/CVE-2018-20752.json b/2018/20xxx/CVE-2018-20752.json new file mode 100644 index 00000000000..03f29e1da49 --- /dev/null +++ b/2018/20xxx/CVE-2018-20752.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20752", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bitbucket.org/LaNMaSteR53/recon-ng/commits/41e96fd58891439974fb0c920b349f8926c71d4c#chg-modules/reporting/csv.py", + "refsource" : "MISC", + "url" : "https://bitbucket.org/LaNMaSteR53/recon-ng/commits/41e96fd58891439974fb0c920b349f8926c71d4c#chg-modules/reporting/csv.py" + }, + { + "name" : "https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in", + "refsource" : "MISC", + "url" : "https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in" + } + ] + } +} diff --git a/2019/1000xxx/CVE-2019-1000001.json b/2019/1000xxx/CVE-2019-1000001.json index 182d4a72b03..900c48bf268 100644 --- a/2019/1000xxx/CVE-2019-1000001.json +++ b/2019/1000xxx/CVE-2019-1000001.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.011679", "DATE_REQUESTED" : "2019-01-03T07:58:53", "ID" : "CVE-2019-1000001", "REQUESTER" : "fx.du.moutier@gmail.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/nilsteampassnet/TeamPass/issues/2495", + "refsource" : "MISC", + "url" : "https://github.com/nilsteampassnet/TeamPass/issues/2495" } ] } diff --git a/2019/1000xxx/CVE-2019-1000002.json b/2019/1000xxx/CVE-2019-1000002.json index c8d254ead75..ff51ef2f61c 100644 --- a/2019/1000xxx/CVE-2019-1000002.json +++ b/2019/1000xxx/CVE-2019-1000002.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.012372", "DATE_REQUESTED" : "2019-01-04T16:38:55", "ID" : "CVE-2019-1000002", "REQUESTER" : "info@jonasfranz.de", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to \"any\" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/go-gitea/gitea/pull/5631", + "refsource" : "MISC", + "url" : "https://github.com/go-gitea/gitea/pull/5631" } ] } diff --git a/2019/1000xxx/CVE-2019-1000003.json b/2019/1000xxx/CVE-2019-1000003.json index b2e26ca9997..88f1e7be91c 100644 --- a/2019/1000xxx/CVE-2019-1000003.json +++ b/2019/1000xxx/CVE-2019-1000003.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.013025", "DATE_REQUESTED" : "2019-01-08T10:09:12", "ID" : "CVE-2019-1000003", "REQUESTER" : "rob@dxw.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://advisories.dxw.com/advisories/csrf-mapsvg-lite/", + "refsource" : "MISC", + "url" : "https://advisories.dxw.com/advisories/csrf-mapsvg-lite/" } ] } diff --git a/2019/1000xxx/CVE-2019-1000004.json b/2019/1000xxx/CVE-2019-1000004.json index e565a06a72b..50e9d15079d 100644 --- a/2019/1000xxx/CVE-2019-1000004.json +++ b/2019/1000xxx/CVE-2019-1000004.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.013704", "DATE_REQUESTED" : "2019-01-08T16:47:11", "ID" : "CVE-2019-1000004", "REQUESTER" : "davidepaalte@hotmail.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/yugandhargangu/JspMyAdmin2/issues/22", + "refsource" : "MISC", + "url" : "https://github.com/yugandhargangu/JspMyAdmin2/issues/22" } ] } diff --git a/2019/1000xxx/CVE-2019-1000005.json b/2019/1000xxx/CVE-2019-1000005.json index 264cd6d1143..32944ccc6ed 100644 --- a/2019/1000xxx/CVE-2019-1000005.json +++ b/2019/1000xxx/CVE-2019-1000005.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.014372", "DATE_REQUESTED" : "2019-01-08T16:58:24", "ID" : "CVE-2019-1000005", "REQUESTER" : "byqwerton@gmail.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content . This vulnerability appears to have been fixed in 7.1.8." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/mpdf/mpdf/issues/949", + "refsource" : "MISC", + "url" : "https://github.com/mpdf/mpdf/issues/949" } ] } diff --git a/2019/1000xxx/CVE-2019-1000006.json b/2019/1000xxx/CVE-2019-1000006.json index 15ebd47866d..9171bbc67fc 100644 --- a/2019/1000xxx/CVE-2019-1000006.json +++ b/2019/1000xxx/CVE-2019-1000006.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.015070", "DATE_REQUESTED" : "2019-01-09T16:28:24", "ID" : "CVE-2019-1000006", "REQUESTER" : "soeren+mitre@soeren-tempel.net", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/RIOT-OS/RIOT/issues/10739", + "refsource" : "MISC", + "url" : "https://github.com/RIOT-OS/RIOT/issues/10739" } ] } diff --git a/2019/1000xxx/CVE-2019-1000007.json b/2019/1000xxx/CVE-2019-1000007.json index 70e813ca5e1..dc603afe3e9 100644 --- a/2019/1000xxx/CVE-2019-1000007.json +++ b/2019/1000xxx/CVE-2019-1000007.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.015889", "DATE_REQUESTED" : "2019-01-10T18:56:13", "ID" : "CVE-2019-1000007", "REQUESTER" : "jonas@wielicki.name", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/horazont/aioxmpp/pull/268", + "refsource" : "MISC", + "url" : "https://github.com/horazont/aioxmpp/pull/268" } ] } diff --git a/2019/1000xxx/CVE-2019-1000008.json b/2019/1000xxx/CVE-2019-1000008.json index 30632ce7902..a33ee8f342f 100644 --- a/2019/1000xxx/CVE-2019-1000008.json +++ b/2019/1000xxx/CVE-2019-1000008.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.016652", "DATE_REQUESTED" : "2019-01-14T20:30:06", "ID" : "CVE-2019-1000008", "REQUESTER" : "matt@mattfarina.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://helm.sh/blog/helm-security-notice-2019/index.html", + "refsource" : "MISC", + "url" : "https://helm.sh/blog/helm-security-notice-2019/index.html" } ] } diff --git a/2019/1000xxx/CVE-2019-1000009.json b/2019/1000xxx/CVE-2019-1000009.json index 1b1ed5d9052..b731c26fffc 100644 --- a/2019/1000xxx/CVE-2019-1000009.json +++ b/2019/1000xxx/CVE-2019-1000009.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.017655", "DATE_REQUESTED" : "2019-01-14T20:41:30", "ID" : "CVE-2019-1000009", "REQUESTER" : "matt@mattfarina.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://helm.sh/blog/chartmuseum-security-notice-2019/index.html", + "refsource" : "MISC", + "url" : "https://helm.sh/blog/chartmuseum-security-notice-2019/index.html" } ] } diff --git a/2019/1000xxx/CVE-2019-1000010.json b/2019/1000xxx/CVE-2019-1000010.json index e821f9d64b2..d48b75c5327 100644 --- a/2019/1000xxx/CVE-2019-1000010.json +++ b/2019/1000xxx/CVE-2019-1000010.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.018967", "DATE_REQUESTED" : "2019-01-15T04:36:09", "ID" : "CVE-2019-1000010", "REQUESTER" : "oscar@sakerhetskontoret.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c", + "refsource" : "MISC", + "url" : "https://github.com/phpipam/phpipam/commit/fd37bd8fb2b9c306079db505e0e3fe79a096c31c" + }, + { + "name" : "https://github.com/phpipam/phpipam/issues/2327", + "refsource" : "MISC", + "url" : "https://github.com/phpipam/phpipam/issues/2327" } ] } diff --git a/2019/1000xxx/CVE-2019-1000011.json b/2019/1000xxx/CVE-2019-1000011.json index dd9bd5e01dc..cacc31cab44 100644 --- a/2019/1000xxx/CVE-2019-1000011.json +++ b/2019/1000xxx/CVE-2019-1000011.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.019708", "DATE_REQUESTED" : "2019-01-15T15:30:38", "ID" : "CVE-2019-1000011", "REQUESTER" : "dunglas@gmail.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/api-platform/core/issues/2364", + "refsource" : "MISC", + "url" : "https://github.com/api-platform/core/issues/2364" + }, + { + "name" : "https://github.com/api-platform/core/pull/2441", + "refsource" : "MISC", + "url" : "https://github.com/api-platform/core/pull/2441" } ] } diff --git a/2019/1000xxx/CVE-2019-1000012.json b/2019/1000xxx/CVE-2019-1000012.json index be49592826e..8016acb7510 100644 --- a/2019/1000xxx/CVE-2019-1000012.json +++ b/2019/1000xxx/CVE-2019-1000012.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.020477", "DATE_REQUESTED" : "2019-01-15T18:58:39", "ID" : "CVE-2019-1000012", "REQUESTER" : "bram.verburg@voltone.net", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/hexpm/hex/pull/646", + "refsource" : "MISC", + "url" : "https://github.com/hexpm/hex/pull/646" + }, + { + "name" : "https://github.com/hexpm/hex/pull/651", + "refsource" : "MISC", + "url" : "https://github.com/hexpm/hex/pull/651" } ] } diff --git a/2019/1000xxx/CVE-2019-1000013.json b/2019/1000xxx/CVE-2019-1000013.json index 602c7fa69e4..ba7b5ec81c1 100644 --- a/2019/1000xxx/CVE-2019-1000013.json +++ b/2019/1000xxx/CVE-2019-1000013.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.021164", "DATE_REQUESTED" : "2019-01-15T18:58:43", "ID" : "CVE-2019-1000013", "REQUESTER" : "bram.verburg@voltone.net", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/hexpm/hex_core/pull/48", + "refsource" : "MISC", + "url" : "https://github.com/hexpm/hex_core/pull/48" + }, + { + "name" : "https://github.com/hexpm/hex_core/pull/51", + "refsource" : "MISC", + "url" : "https://github.com/hexpm/hex_core/pull/51" } ] } diff --git a/2019/1000xxx/CVE-2019-1000014.json b/2019/1000xxx/CVE-2019-1000014.json index 7ace87aa07d..a489e06f3d8 100644 --- a/2019/1000xxx/CVE-2019-1000014.json +++ b/2019/1000xxx/CVE-2019-1000014.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.021861", "DATE_REQUESTED" : "2019-01-15T18:58:45", "ID" : "CVE-2019-1000014", "REQUESTER" : "bram.verburg@voltone.net", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/erlang/rebar3/pull/1986", + "refsource" : "MISC", + "url" : "https://github.com/erlang/rebar3/pull/1986" } ] } diff --git a/2019/1000xxx/CVE-2019-1000015.json b/2019/1000xxx/CVE-2019-1000015.json index fb7cea667ce..e4d97bc788d 100644 --- a/2019/1000xxx/CVE-2019-1000015.json +++ b/2019/1000xxx/CVE-2019-1000015.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.022521", "DATE_REQUESTED" : "2019-01-16T14:51:11", "ID" : "CVE-2019-1000015", "REQUESTER" : "jarnaut@dognaedis.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03", + "refsource" : "MISC", + "url" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03" } ] } diff --git a/2019/1000xxx/CVE-2019-1000016.json b/2019/1000xxx/CVE-2019-1000016.json index de0cc4d497d..8edeb115eb8 100644 --- a/2019/1000xxx/CVE-2019-1000016.json +++ b/2019/1000xxx/CVE-2019-1000016.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.023172", "DATE_REQUESTED" : "2019-01-16T15:30:44", "ID" : "CVE-2019-1000016", "REQUESTER" : "skeval65@gmail.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f", + "refsource" : "MISC", + "url" : "https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f" } ] } diff --git a/2019/1000xxx/CVE-2019-1000017.json b/2019/1000xxx/CVE-2019-1000017.json index 978e686aef6..ff39670f424 100644 --- a/2019/1000xxx/CVE-2019-1000017.json +++ b/2019/1000xxx/CVE-2019-1000017.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.023850", "DATE_REQUESTED" : "2019-01-16T16:16:03", "ID" : "CVE-2019-1000017", "REQUESTER" : "jarnaut@dognaedis.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03", + "refsource" : "MISC", + "url" : "https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03" + }, + { + "name" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-34-2019-01-14-Moderate-risk-moderate-impact-XSS-and-unauthorized-access", + "refsource" : "MISC", + "url" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-34-2019-01-14-Moderate-risk-moderate-impact-XSS-and-unauthorized-access" } ] } diff --git a/2019/1000xxx/CVE-2019-1000018.json b/2019/1000xxx/CVE-2019-1000018.json index ca2ac651d49..8a13df893db 100644 --- a/2019/1000xxx/CVE-2019-1000018.json +++ b/2019/1000xxx/CVE-2019-1000018.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.024645", "DATE_REQUESTED" : "2019-01-16T17:31:27", "ID" : "CVE-2019-1000018", "REQUESTER" : "security@es.net", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://esnet-security.github.io/vulnerabilities/20190115_rssh", + "refsource" : "MISC", + "url" : "https://esnet-security.github.io/vulnerabilities/20190115_rssh" } ] } diff --git a/2019/1000xxx/CVE-2019-1000019.json b/2019/1000xxx/CVE-2019-1000019.json index c0f05a81f51..bab3d8d8b6e 100644 --- a/2019/1000xxx/CVE-2019-1000019.json +++ b/2019/1000xxx/CVE-2019-1000019.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.025460", "DATE_REQUESTED" : "2019-01-17T00:55:44", "ID" : "CVE-2019-1000019", "REQUESTER" : "dja@axtens.net", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/libarchive/libarchive/pull/1120", + "refsource" : "MISC", + "url" : "https://github.com/libarchive/libarchive/pull/1120" + }, + { + "name" : "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1", + "refsource" : "MISC", + "url" : "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1" } ] } diff --git a/2019/1000xxx/CVE-2019-1000020.json b/2019/1000xxx/CVE-2019-1000020.json index 8c81d763778..4ded43b6f87 100644 --- a/2019/1000xxx/CVE-2019-1000020.json +++ b/2019/1000xxx/CVE-2019-1000020.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.026263", "DATE_REQUESTED" : "2019-01-17T03:09:42", "ID" : "CVE-2019-1000020", "REQUESTER" : "dja@axtens.net", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/libarchive/libarchive/pull/1120", + "refsource" : "MISC", + "url" : "https://github.com/libarchive/libarchive/pull/1120" + }, + { + "name" : "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423", + "refsource" : "MISC", + "url" : "https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423" } ] } diff --git a/2019/1000xxx/CVE-2019-1000021.json b/2019/1000xxx/CVE-2019-1000021.json index 2db29c66238..511ab33cdbb 100644 --- a/2019/1000xxx/CVE-2019-1000021.json +++ b/2019/1000xxx/CVE-2019-1000021.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.027360", "DATE_REQUESTED" : "2019-01-17T11:57:39", "ID" : "CVE-2019-1000021", "REQUESTER" : "linkmauve@linkmauve.fr", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416", + "refsource" : "MISC", + "url" : "https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416" + }, + { + "name" : "https://xmpp.org/extensions/xep-0223.html#howitworks", + "refsource" : "MISC", + "url" : "https://xmpp.org/extensions/xep-0223.html#howitworks" } ] } diff --git a/2019/1000xxx/CVE-2019-1000022.json b/2019/1000xxx/CVE-2019-1000022.json index 0f03bdebd68..8449be4d029 100644 --- a/2019/1000xxx/CVE-2019-1000022.json +++ b/2019/1000xxx/CVE-2019-1000022.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.028604", "DATE_REQUESTED" : "2019-01-19T09:14:57", "ID" : "CVE-2019-1000022", "REQUESTER" : "cve@taoensso.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/ptaoussanis/sente/issues/137", + "refsource" : "MISC", + "url" : "https://github.com/ptaoussanis/sente/issues/137" } ] } diff --git a/2019/1000xxx/CVE-2019-1000023.json b/2019/1000xxx/CVE-2019-1000023.json index 0b3f0b05671..4ffbcabd2d1 100644 --- a/2019/1000xxx/CVE-2019-1000023.json +++ b/2019/1000xxx/CVE-2019-1000023.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.029865", "DATE_REQUESTED" : "2019-01-20T14:01:57", "ID" : "CVE-2019-1000023", "REQUESTER" : "piotr.karolak@gmail.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html", + "refsource" : "MISC", + "url" : "https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html" + }, + { + "name" : "https://sourceforge.net/projects/ngnms/", + "refsource" : "MISC", + "url" : "https://sourceforge.net/projects/ngnms/" + }, + { + "name" : "https://www.owasp.org/index.php/SQL_Injection", + "refsource" : "MISC", + "url" : "https://www.owasp.org/index.php/SQL_Injection" } ] } diff --git a/2019/1000xxx/CVE-2019-1000024.json b/2019/1000xxx/CVE-2019-1000024.json index 334b954fa19..a042dbd043c 100644 --- a/2019/1000xxx/CVE-2019-1000024.json +++ b/2019/1000xxx/CVE-2019-1000024.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2019-01-22T21:21:10.031068", "DATE_REQUESTED" : "2019-01-20T14:10:58", "ID" : "CVE-2019-1000024", "REQUESTER" : "piotr.karolak@gmail.com", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -14,7 +37,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The \"id\" and \"operation\" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html", + "refsource" : "MISC", + "url" : "https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-(XSS)-in-OPTOSS-Next-Gen-Network-Management-System-(NG-NetMS).html" + }, + { + "name" : "https://sourceforge.net/projects/ngnms/", + "refsource" : "MISC", + "url" : "https://sourceforge.net/projects/ngnms/" + }, + { + "name" : "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)", + "refsource" : "MISC", + "url" : "https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)" } ] } diff --git a/2019/4xxx/CVE-2019-4038.json b/2019/4xxx/CVE-2019-4038.json index 89413f98fc6..95010f9d627 100644 --- a/2019/4xxx/CVE-2019-4038.json +++ b/2019/4xxx/CVE-2019-4038.json @@ -1,12 +1,18 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-02-01T00:00:00", + "ID" : "CVE-2019-4038", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Security Identity Manager", "version" : { "version_data" : [ { @@ -16,41 +22,43 @@ "version_value" : "7.0" } ] - }, - "product_name" : "Security Identity Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162." + "value" : "IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162." } ] }, - "data_version" : "4.0", "impact" : { "cvssv3" : { "BM" : { - "AV" : "P", - "SCORE" : "7.200", "A" : "H", - "PR" : "H", - "UI" : "N", - "I" : "H", + "AC" : "L", + "AV" : "P", "C" : "H", + "I" : "H", + "PR" : "H", "S" : "C", - "AC" : "L" + "SCORE" : "7.200", + "UI" : "N" }, "TM" : { + "E" : "U", "RC" : "C", - "RL" : "O", - "E" : "U" + "RL" : "O" } } }, @@ -66,28 +74,18 @@ } ] }, - "data_format" : "MITRE", "references" : { "reference_data" : [ { - "title" : "IBM Security Bulletin 869604 (Security Identity Manager)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10869604", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10869604", - "refsource" : "CONFIRM" + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10869604" }, { - "name" : "ibm-sim-cve20194038-code-injection (156162)", + "name" : "ibm-sim-cve20194038-code-injection(156162)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162" } ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4038", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-02-01T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" } }