From 54d347536ec3774bb12e19bcf6d35ff50ca27c65 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 20 Jun 2019 17:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15891.json | 53 +++++++++++++++++++++++++++-- 2018/15xxx/CVE-2018-15892.json | 53 +++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16116.json | 58 ++++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16117.json | 58 ++++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16118.json | 58 ++++++++++++++++++++++++++++++-- 2019/0xxx/CVE-2019-0086.json | 5 +++ 2019/0xxx/CVE-2019-0099.json | 5 +++ 2019/0xxx/CVE-2019-0170.json | 5 +++ 2019/12xxx/CVE-2019-12744.json | 61 ++++++++++++++++++++++++++++++---- 2019/12xxx/CVE-2019-12745.json | 61 ++++++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8458.json | 58 ++++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8459.json | 58 ++++++++++++++++++++++++++++---- 12 files changed, 497 insertions(+), 36 deletions(-) diff --git a/2018/15xxx/CVE-2018-15891.json b/2018/15xxx/CVE-2018-15891.json index 0bc8d24845e..77a2d5327a0 100644 --- a/2018/15xxx/CVE-2018-15891.json +++ b/2018/15xxx/CVE-2018-15891.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15891", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.freepbx.org/", + "refsource": "MISC", + "name": "https://www.freepbx.org/" + }, + { + "refsource": "CONFIRM", + "name": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode", + "url": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode" } ] } diff --git a/2018/15xxx/CVE-2018-15892.json b/2018/15xxx/CVE-2018-15892.json index bcaf8c6638a..94f2f48310e 100644 --- a/2018/15xxx/CVE-2018-15892.json +++ b/2018/15xxx/CVE-2018-15892.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15892", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.freepbx.org/", + "refsource": "MISC", + "name": "https://www.freepbx.org/" + }, + { + "refsource": "CONFIRM", + "name": "https://wiki.freepbx.org/display/FOP/2018-09-11+DISA+SQL+Injection", + "url": "https://wiki.freepbx.org/display/FOP/2018-09-11+DISA+SQL+Injection" } ] } diff --git a/2018/16xxx/CVE-2018-16116.json b/2018/16xxx/CVE-2018-16116.json index 1ac0aa2477f..94cc034a2b5 100644 --- a/2018/16xxx/CVE-2018-16116.json +++ b/2018/16xxx/CVE-2018-16116.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16116", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the \"username\" GET parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx", + "refsource": "MISC", + "name": "https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx" + }, + { + "refsource": "MISC", + "name": "https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-001.md", + "url": "https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-001.md" + }, + { + "refsource": "CONFIRM", + "name": "https://community.sophos.com/kb/en-us/132637", + "url": "https://community.sophos.com/kb/en-us/132637" } ] } diff --git a/2018/16xxx/CVE-2018-16117.json b/2018/16xxx/CVE-2018-16117.json index 7341140667f..360753a5d51 100644 --- a/2018/16xxx/CVE-2018-16117.json +++ b/2018/16xxx/CVE-2018-16117.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16117", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the \"dbName\" POST parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx", + "refsource": "MISC", + "name": "https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx" + }, + { + "refsource": "MISC", + "name": "https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-002.md", + "url": "https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-002.md" + }, + { + "refsource": "CONFIRM", + "name": "https://community.sophos.com/kb/en-us/132637", + "url": "https://community.sophos.com/kb/en-us/132637" } ] } diff --git a/2018/16xxx/CVE-2018-16118.json b/2018/16xxx/CVE-2018-16118.json index 1f163d36cb4..f2ddfc166a1 100644 --- a/2018/16xxx/CVE-2018-16118.json +++ b/2018/16xxx/CVE-2018-16118.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16118", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the \"X-Forwarded-for\" HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx", + "refsource": "MISC", + "name": "https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx" + }, + { + "refsource": "MISC", + "name": "https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-003.md", + "url": "https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-003.md" + }, + { + "refsource": "CONFIRM", + "name": "https://community.sophos.com/kb/en-us/132637", + "url": "https://community.sophos.com/kb/en-us/132637" } ] } diff --git a/2019/0xxx/CVE-2019-0086.json b/2019/0xxx/CVE-2019-0086.json index 4fb3d38b568..66f6d92228e 100644 --- a/2019/0xxx/CVE-2019-0086.json +++ b/2019/0xxx/CVE-2019-0086.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K35815741", + "url": "https://support.f5.com/csp/article/K35815741" } ] }, diff --git a/2019/0xxx/CVE-2019-0099.json b/2019/0xxx/CVE-2019-0099.json index 9257df5ec4d..31ac1745a41 100644 --- a/2019/0xxx/CVE-2019-0099.json +++ b/2019/0xxx/CVE-2019-0099.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K30105730", + "url": "https://support.f5.com/csp/article/K30105730" } ] }, diff --git a/2019/0xxx/CVE-2019-0170.json b/2019/0xxx/CVE-2019-0170.json index cf52e18a12c..96087dc2de5 100644 --- a/2019/0xxx/CVE-2019-0170.json +++ b/2019/0xxx/CVE-2019-0170.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K51470205", + "url": "https://support.f5.com/csp/article/K51470205" } ] }, diff --git a/2019/12xxx/CVE-2019-12744.json b/2019/12xxx/CVE-2019-12744.json index e78a31d2478..1fedb563bda 100644 --- a/2019/12xxx/CVE-2019-12744.json +++ b/2019/12xxx/CVE-2019-12744.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12744", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12744", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://secfolks.blogspot.com/2019/06/exploit-for-cve-2019-12744-remote.html", + "url": "https://secfolks.blogspot.com/2019/06/exploit-for-cve-2019-12744-remote.html" + }, + { + "refsource": "CONFIRM", + "name": "https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG", + "url": "https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" } ] } diff --git a/2019/12xxx/CVE-2019-12745.json b/2019/12xxx/CVE-2019-12745.json index 141c0ed3cb2..d8136ab00a6 100644 --- a/2019/12xxx/CVE-2019-12745.json +++ b/2019/12xxx/CVE-2019-12745.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12745", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12745", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG", + "url": "https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" + }, + { + "refsource": "MISC", + "name": "https://secfolks.blogspot.com/2019/06/exploit-for-cve-2019-12745-stored-xss.html", + "url": "https://secfolks.blogspot.com/2019/06/exploit-for-cve-2019-12745-stored-xss.html" } ] } diff --git a/2019/8xxx/CVE-2019-8458.json b/2019/8xxx/CVE-2019-8458.json index 307d0e51754..b790e041b46 100644 --- a/2019/8xxx/CVE-2019-8458.json +++ b/2019/8xxx/CVE-2019-8458.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8458", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8458", + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Check Point", + "product": { + "product_data": [ + { + "product_name": "Check Point Endpoint Security Client for Windows, Anti-Malware blade", + "version": { + "version_data": [ + { + "version_value": "before E81.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-114" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153053", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153053" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate." } ] } diff --git a/2019/8xxx/CVE-2019-8459.json b/2019/8xxx/CVE-2019-8459.json index fe964b855d7..68fd28feca8 100644 --- a/2019/8xxx/CVE-2019-8459.json +++ b/2019/8xxx/CVE-2019-8459.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8459", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8459", + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Check Point", + "product": { + "product_data": [ + { + "product_name": "Check Point Endpoint Security Client for Windows, VPN blade", + "version": { + "version_data": [ + { + "version_value": "before E80.83" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-428" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk124972#Resolved%20Issues", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk124972#Resolved%20Issues" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one." } ] }