diff --git a/2017/5xxx/CVE-2017-5715.json b/2017/5xxx/CVE-2017-5715.json index fa520002bf3..3313568f126 100644 --- a/2017/5xxx/CVE-2017-5715.json +++ b/2017/5xxx/CVE-2017-5715.json @@ -492,6 +492,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2017/5xxx/CVE-2017-5753.json b/2017/5xxx/CVE-2017-5753.json index 353bee4e489..0c6308b3ddc 100644 --- a/2017/5xxx/CVE-2017-5753.json +++ b/2017/5xxx/CVE-2017-5753.json @@ -377,6 +377,11 @@ "refsource": "CONFIRM", "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2017/5xxx/CVE-2017-5754.json b/2017/5xxx/CVE-2017-5754.json index 3a524f0555f..3e55410ae03 100644 --- a/2017/5xxx/CVE-2017-5754.json +++ b/2017/5xxx/CVE-2017-5754.json @@ -372,6 +372,11 @@ "refsource": "CONFIRM", "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index db6e479c649..19908178012 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -123,6 +123,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] }, diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index cc5f3eb0f63..138a0518b83 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -123,6 +123,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] }, diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 965c52babb3..2e4d15f29ec 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -123,6 +123,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] }, diff --git a/2018/21xxx/CVE-2018-21020.json b/2018/21xxx/CVE-2018-21020.json new file mode 100644 index 00000000000..ea6e6ba446c --- /dev/null +++ b/2018/21xxx/CVE-2018-21020.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/pull/7084", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/7084" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21021.json b/2018/21xxx/CVE-2018-21021.json new file mode 100644 index 00000000000..ae60fedf57f --- /dev/null +++ b/2018/21xxx/CVE-2018-21021.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/pull/7086", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/7086" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21022.json b/2018/21xxx/CVE-2018-21022.json new file mode 100644 index 00000000000..13e011e21d4 --- /dev/null +++ b/2018/21xxx/CVE-2018-21022.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/pull/7087", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/7087" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21023.json b/2018/21xxx/CVE-2018-21023.json new file mode 100644 index 00000000000..28de4f4aba4 --- /dev/null +++ b/2018/21xxx/CVE-2018-21023.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/pull/7083", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/7083" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/7271", + "url": "https://github.com/centreon/centreon/pull/7271" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21025.json b/2018/21xxx/CVE-2018-21025.json new file mode 100644 index 00000000000..4d86a834089 --- /dev/null +++ b/2018/21xxx/CVE-2018-21025.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/issues/7082", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/issues/7082" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3615.json b/2018/3xxx/CVE-2018-3615.json index d044a9a27c9..4cbe81b1dd8 100644 --- a/2018/3xxx/CVE-2018-3615.json +++ b/2018/3xxx/CVE-2018-3615.json @@ -132,6 +132,11 @@ "name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault", "refsource": "CONFIRM", "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2018/3xxx/CVE-2018-3620.json b/2018/3xxx/CVE-2018-3620.json index 21df619cf2b..1b4589d4be4 100644 --- a/2018/3xxx/CVE-2018-3620.json +++ b/2018/3xxx/CVE-2018-3620.json @@ -307,6 +307,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2018/3xxx/CVE-2018-3639.json b/2018/3xxx/CVE-2018-3639.json index 8a645818ede..1ee099edfac 100644 --- a/2018/3xxx/CVE-2018-3639.json +++ b/2018/3xxx/CVE-2018-3639.json @@ -757,6 +757,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2018/3xxx/CVE-2018-3640.json b/2018/3xxx/CVE-2018-3640.json index 52686ad38a8..dfe06053dd9 100644 --- a/2018/3xxx/CVE-2018-3640.json +++ b/2018/3xxx/CVE-2018-3640.json @@ -157,6 +157,11 @@ "name": "https://security.netapp.com/advisory/ntap-20180521-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180521-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2018/3xxx/CVE-2018-3646.json b/2018/3xxx/CVE-2018-3646.json index 0bfad8db454..c6b3e5c94a6 100644 --- a/2018/3xxx/CVE-2018-3646.json +++ b/2018/3xxx/CVE-2018-3646.json @@ -322,6 +322,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] } diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index 261ef18fa81..01aed402405 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -123,6 +123,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10292" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" } ] }, diff --git a/2019/13xxx/CVE-2019-13336.json b/2019/13xxx/CVE-2019-13336.json new file mode 100644 index 00000000000..35bdc078338 --- /dev/null +++ b/2019/13xxx/CVE-2019-13336.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.reddit.com/r/AskNetsec/comments/c9p22m/company_threatening_to_sue_me_if_i_publicly/", + "url": "https://www.reddit.com/r/AskNetsec/comments/c9p22m/company_threatening_to_sue_me_if_i_publicly/" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=SkTKt1nV57I", + "url": "https://www.youtube.com/watch?v=SkTKt1nV57I" + }, + { + "refsource": "MISC", + "name": "http://noahclements.com/Improper-Input-Validation-on-dbell-Smart-Doorbell-Can-Lead-To-Attackers-Remotely-Unlocking-Door/", + "url": "http://noahclements.com/Improper-Input-Validation-on-dbell-Smart-Doorbell-Can-Lead-To-Attackers-Remotely-Unlocking-Door/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14656.json b/2019/14xxx/CVE-2019-14656.json new file mode 100644 index 00000000000..351500edda9 --- /dev/null +++ b/2019/14xxx/CVE-2019-14656.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://cerebusforensics.com/yealink/exploit.html", + "refsource": "MISC", + "name": "http://cerebusforensics.com/yealink/exploit.html" + }, + { + "refsource": "MISC", + "name": "https://sway.office.com/3pCb559LYVuT0eig", + "url": "https://sway.office.com/3pCb559LYVuT0eig" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14657.json b/2019/14xxx/CVE-2019-14657.json new file mode 100644 index 00000000000..d2522a5f7e6 --- /dev/null +++ b/2019/14xxx/CVE-2019-14657.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://cerebusforensics.com/yealink/exploit.html", + "refsource": "MISC", + "name": "http://cerebusforensics.com/yealink/exploit.html" + }, + { + "refsource": "MISC", + "name": "https://sway.office.com/3pCb559LYVuT0eig", + "url": "https://sway.office.com/3pCb559LYVuT0eig" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16416.json b/2019/16xxx/CVE-2019-16416.json new file mode 100644 index 00000000000..42849a7550c --- /dev/null +++ b/2019/16xxx/CVE-2019-16416.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HRworks 3.36.9 allows XSS via the purpose of a travel-expense report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hrworks.de", + "refsource": "MISC", + "name": "https://www.hrworks.de" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/svennergr/501409fbdb0ef4a8b0f07a26a2815fbb", + "url": "https://gist.github.com/svennergr/501409fbdb0ef4a8b0f07a26a2815fbb" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16417.json b/2019/16xxx/CVE-2019-16417.json new file mode 100644 index 00000000000..854ab30067c --- /dev/null +++ b/2019/16xxx/CVE-2019-16417.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hrworks.de/kategorie/news/flow/", + "refsource": "MISC", + "name": "https://www.hrworks.de/kategorie/news/flow/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/svennergr/204038bda1849ebce9af32eea9e55038", + "url": "https://gist.github.com/svennergr/204038bda1849ebce9af32eea9e55038" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16929.json b/2019/16xxx/CVE-2019-16929.json new file mode 100644 index 00000000000..b7a73440fd2 --- /dev/null +++ b/2019/16xxx/CVE-2019-16929.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://auth0.com/docs/security/bulletins/cve-2019-16929", + "url": "https://auth0.com/docs/security/bulletins/cve-2019-16929" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17104.json b/2019/17xxx/CVE-2019-17104.json new file mode 100644 index 00000000000..aa9273a4ed2 --- /dev/null +++ b/2019/17xxx/CVE-2019-17104.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/issues/7097", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/issues/7097" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17106.json b/2019/17xxx/CVE-2019-17106.json new file mode 100644 index 00000000000..4bf0ea99ade --- /dev/null +++ b/2019/17xxx/CVE-2019-17106.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/issues/7098", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/issues/7098" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17107.json b/2019/17xxx/CVE-2019-17107.json new file mode 100644 index 00000000000..1dbd8be9df3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17107.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/pull/7099", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/7099" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17108.json b/2019/17xxx/CVE-2019-17108.json new file mode 100644 index 00000000000..817aacedda2 --- /dev/null +++ b/2019/17xxx/CVE-2019-17108.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/pull/7101", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/pull/7101" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/10/08/1", + "url": "https://www.openwall.com/lists/oss-security/2019/10/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17271.json b/2019/17xxx/CVE-2019-17271.json new file mode 100644 index 00000000000..7536006f1eb --- /dev/null +++ b/2019/17xxx/CVE-2019-17271.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa", + "refsource": "MISC", + "name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17352.json b/2019/17xxx/CVE-2019-17352.json new file mode 100644 index 00000000000..fff6059d79c --- /dev/null +++ b/2019/17xxx/CVE-2019-17352.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jfinal/jfinal/issues/171", + "refsource": "MISC", + "name": "https://github.com/jfinal/jfinal/issues/171" + }, + { + "url": "https://gitee.com/jfinal/cos/commit/5eb23d6e384abaad19faa7600d14c9a2f525946a", + "refsource": "MISC", + "name": "https://gitee.com/jfinal/cos/commit/5eb23d6e384abaad19faa7600d14c9a2f525946a" + }, + { + "url": "https://gitee.com/jfinal/cos/commit/8d26eec61f0d072a68bf7393cf3a8544a1112130", + "refsource": "MISC", + "name": "https://gitee.com/jfinal/cos/commit/8d26eec61f0d072a68bf7393cf3a8544a1112130" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1125.json b/2019/1xxx/CVE-2019-1125.json index 1cd03aa00c4..17cfb1f58c1 100644 --- a/2019/1xxx/CVE-2019-1125.json +++ b/2019/1xxx/CVE-2019-1125.json @@ -251,6 +251,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2899", "url": "https://access.redhat.com/errata/RHSA-2019:2899" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2975", + "url": "https://access.redhat.com/errata/RHSA-2019:2975" } ] } diff --git a/2019/5xxx/CVE-2019-5953.json b/2019/5xxx/CVE-2019-5953.json index fab6c5bb1a6..937d10c86dd 100644 --- a/2019/5xxx/CVE-2019-5953.json +++ b/2019/5xxx/CVE-2019-5953.json @@ -21,6 +21,11 @@ "refsource": "GENTOO", "name": "GLSA-201908-19", "url": "https://security.gentoo.org/glsa/201908-19" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2979", + "url": "https://access.redhat.com/errata/RHSA-2019:2979" } ] }, diff --git a/2019/6xxx/CVE-2019-6133.json b/2019/6xxx/CVE-2019-6133.json index 5626a41a0ad..38ccf38d835 100644 --- a/2019/6xxx/CVE-2019-6133.json +++ b/2019/6xxx/CVE-2019-6133.json @@ -171,6 +171,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2699", "url": "https://access.redhat.com/errata/RHSA-2019:2699" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2978", + "url": "https://access.redhat.com/errata/RHSA-2019:2978" } ] } diff --git a/2019/9xxx/CVE-2019-9506.json b/2019/9xxx/CVE-2019-9506.json index 6a9ca3b3e4f..b7c6d7bb81d 100644 --- a/2019/9xxx/CVE-2019-9506.json +++ b/2019/9xxx/CVE-2019-9506.json @@ -157,6 +157,11 @@ "refsource": "UBUNTU", "name": "USN-4147-1", "url": "https://usn.ubuntu.com/4147-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2975", + "url": "https://access.redhat.com/errata/RHSA-2019:2975" } ] }, diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index a58dd3d912e..45f9c144f0d 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -256,6 +256,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2b1f72899a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2980", + "url": "https://access.redhat.com/errata/RHSA-2019:2980" } ] }