From 549a58b45bb8aed48295fc0a518ab0bdffc379d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Nov 2019 21:01:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2010/4xxx/CVE-2010-4657.json | 65 ++++++++++++++++++++++-- 2010/4xxx/CVE-2010-4661.json | 65 ++++++++++++++++++++++-- 2011/4xxx/CVE-2011-4972.json | 60 ++++++++++++++++++++-- 2012/5xxx/CVE-2012-5193.json | 53 +++++++++++++++++++- 2013/3xxx/CVE-2013-3367.json | 58 +++++++++++++++++++++- 2013/4xxx/CVE-2013-4275.json | 91 ++++++++++++++++++++++++++++++++-- 2014/1xxx/CVE-2014-1214.json | 53 +++++++++++++++++++- 2019/17xxx/CVE-2019-17515.json | 67 +++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17550.json | 72 +++++++++++++++++++++++++++ 9 files changed, 566 insertions(+), 18 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17515.json create mode 100644 2019/17xxx/CVE-2019-17550.json diff --git a/2010/4xxx/CVE-2010-4657.json b/2010/4xxx/CVE-2010-4657.json index c824a612f9b..c1307ec4558 100644 --- a/2010/4xxx/CVE-2010-4657.json +++ b/2010/4xxx/CVE-2010-4657.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4657", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "php5", + "product": { + "product_data": [ + { + "product_name": "php5", + "version": { + "version_data": [ + { + "version_value": "before 5.4.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4657", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4657" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4657", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4657" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/php/%2Bbug/655442", + "url": "https://bugs.launchpad.net/php/%2Bbug/655442" } ] } diff --git a/2010/4xxx/CVE-2010-4661.json b/2010/4xxx/CVE-2010-4661.json index 3f844ebd550..14b58f8bc53 100644 --- a/2010/4xxx/CVE-2010-4661.json +++ b/2010/4xxx/CVE-2010-4661.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4661", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "udisks", + "product": { + "product_data": [ + { + "product_name": "udisks", + "version": { + "version_data": [ + { + "version_value": "before 1.0.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4661", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4661" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4661", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4661" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4661", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4661" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00000.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00000.html" } ] } diff --git a/2011/4xxx/CVE-2011-4972.json b/2011/4xxx/CVE-2011-4972.json index 883e889e499..c8a7c545ee6 100644 --- a/2011/4xxx/CVE-2011-4972.json +++ b/2011/4xxx/CVE-2011-4972.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4972", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CKSource", + "product": { + "product_data": [ + { + "product_name": "CKEditor Drupal module", + "version": { + "version_data": [ + { + "version_value": "7.x-1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://drupal.org/node/1337006", + "url": "https://drupal.org/node/1337006" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/04/5", + "url": "http://www.openwall.com/lists/oss-security/2013/06/04/5" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/04/7", + "url": "http://www.openwall.com/lists/oss-security/2013/06/04/7" } ] } diff --git a/2012/5xxx/CVE-2012-5193.json b/2012/5xxx/CVE-2012-5193.json index abcdc0ddfef..c339b7d5781 100644 --- a/2012/5xxx/CVE-2012-5193.json +++ b/2012/5xxx/CVE-2012-5193.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5193", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-016-multiple-vulnerabilities-in-bitweaver/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-016-multiple-vulnerabilities-in-bitweaver/" + }, + { + "refsource": "EXPLOIT-DB", + "name": "22216", + "url": "https://www.exploit-db.com/exploits/22216" } ] } diff --git a/2013/3xxx/CVE-2013-3367.json b/2013/3xxx/CVE-2013-3367.json index bb7b6011542..f45b7033805 100644 --- a/2013/3xxx/CVE-2013-3367.json +++ b/2013/3xxx/CVE-2013-3367.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3367", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G\u00acDFdg_24Mhw3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf", + "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf" } ] } diff --git a/2013/4xxx/CVE-2013-4275.json b/2013/4xxx/CVE-2013-4275.json index 40dd775aa27..6d3287b0737 100644 --- a/2013/4xxx/CVE-2013-4275.json +++ b/2013/4xxx/CVE-2013-4275.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4275", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,92 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via the breadcrumb separator field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zen", + "product": { + "product_data": [ + { + "product_name": "Zen theme", + "version": { + "version_data": [ + { + "version_value": "6.x-1.x" + }, + { + "version_value": "7.x-3.x before 7.x-3.2" + }, + { + "version_value": "and 7.x-5.x before 7.x-5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.madirish.net/?article=452", + "url": "http://www.madirish.net/?article=452" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/2071157", + "url": "https://drupal.org/node/2071157" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2013/Aug/226", + "url": "http://seclists.org/fulldisclosure/2013/Aug/226" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/22/2", + "url": "http://www.openwall.com/lists/oss-security/2013/08/22/2" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/2071055", + "url": "https://drupal.org/node/2071055" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/2071065", + "url": "https://drupal.org/node/2071065" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/754000", + "url": "https://drupal.org/node/754000" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61922", + "url": "http://www.securityfocus.com/bid/61922" } ] } diff --git a/2014/1xxx/CVE-2014-1214.json b/2014/1xxx/CVE-2014-1214.json index dbd20d98dab..e13081552bc 100644 --- a/2014/1xxx/CVE-2014-1214.json +++ b/2014/1xxx/CVE-2014-1214.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1214", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2019/17xxx/CVE-2019-17515.json b/2019/17xxx/CVE-2019-17515.json new file mode 100644 index 00000000000..2d50d87a65b --- /dev/null +++ b/2019/17xxx/CVE-2019-17515.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/cleantalk-spam-protect/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cleantalk-spam-protect/#developers" + }, + { + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2172333", + "url": "https://plugins.trac.wordpress.org/changeset/2172333" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17550.json b/2019/17xxx/CVE-2019-17550.json new file mode 100644 index 00000000000..cb9c0183ab6 --- /dev/null +++ b/2019/17xxx/CVE-2019-17550.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/blog2social/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/blog2social/#developers" + }, + { + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2186043", + "url": "https://plugins.trac.wordpress.org/changeset/2186043" + }, + { + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/log/blog2social/", + "url": "https://plugins.trac.wordpress.org/log/blog2social/" + } + ] + } +} \ No newline at end of file