From 54d4af67ac5b7ab5163c2ef533380ba8d5b9d489 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 May 2019 17:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11057.json | 56 ++++++++++++++++++++++++--- 2019/11xxx/CVE-2019-11833.json | 5 +++ 2019/11xxx/CVE-2019-11887.json | 56 ++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12086.json | 71 +++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12153.json | 18 +++++++++ 2019/12xxx/CVE-2019-12154.json | 18 +++++++++ 2019/1xxx/CVE-2019-1771.json | 5 +++ 2019/1xxx/CVE-2019-1772.json | 5 +++ 2019/1xxx/CVE-2019-1773.json | 5 +++ 2019/1xxx/CVE-2019-1774.json | 5 +++ 2019/1xxx/CVE-2019-1775.json | 5 +++ 2019/7xxx/CVE-2019-7353.json | 53 ++++++++++++++++++++++++- 12 files changed, 282 insertions(+), 20 deletions(-) create mode 100644 2019/12xxx/CVE-2019-12153.json create mode 100644 2019/12xxx/CVE-2019-12154.json diff --git a/2019/11xxx/CVE-2019-11057.json b/2019/11xxx/CVE-2019-11057.json index d1ceb57d34e..960743514b1 100644 --- a/2019/11xxx/CVE-2019-11057.json +++ b/2019/11xxx/CVE-2019-11057.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11057", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11057", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[vtigercrm-developers] 20190403 Vtiger CRM 7.1.0 (hotfix3) Released", + "url": "http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-April/037964.html" } ] } diff --git a/2019/11xxx/CVE-2019-11833.json b/2019/11xxx/CVE-2019-11833.json index 8e033455701..7c7f3b85de1 100644 --- a/2019/11xxx/CVE-2019-11833.json +++ b/2019/11xxx/CVE-2019-11833.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64", "url": "https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64" + }, + { + "refsource": "BID", + "name": "108372", + "url": "http://www.securityfocus.com/bid/108372" } ] } diff --git a/2019/11xxx/CVE-2019-11887.json b/2019/11xxx/CVE-2019-11887.json index e3ab9dc9c21..0f864a4eb4d 100644 --- a/2019/11xxx/CVE-2019-11887.json +++ b/2019/11xxx/CVE-2019-11887.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11887", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11887", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://news.simplybook.me/notification/", + "url": "https://news.simplybook.me/notification/" } ] } diff --git a/2019/12xxx/CVE-2019-12086.json b/2019/12xxx/CVE-2019-12086.json index da0ba2f327d..013f2563df2 100644 --- a/2019/12xxx/CVE-2019-12086.json +++ b/2019/12xxx/CVE-2019-12086.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12086", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12086", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + }, + { + "url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/", + "refsource": "MISC", + "name": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/" + }, + { + "url": "https://github.com/FasterXML/jackson-databind/issues/2326", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2326" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9", + "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9" } ] } diff --git a/2019/12xxx/CVE-2019-12153.json b/2019/12xxx/CVE-2019-12153.json new file mode 100644 index 00000000000..c0db2a44a16 --- /dev/null +++ b/2019/12xxx/CVE-2019-12153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12154.json b/2019/12xxx/CVE-2019-12154.json new file mode 100644 index 00000000000..939a23e83ec --- /dev/null +++ b/2019/12xxx/CVE-2019-12154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1771.json b/2019/1xxx/CVE-2019-1771.json index aa80974c1f4..5a1d94015a9 100644 --- a/2019/1xxx/CVE-2019-1771.json +++ b/2019/1xxx/CVE-2019-1771.json @@ -72,6 +72,11 @@ "name": "20190515 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player" + }, + { + "refsource": "BID", + "name": "108373", + "url": "http://www.securityfocus.com/bid/108373" } ] }, diff --git a/2019/1xxx/CVE-2019-1772.json b/2019/1xxx/CVE-2019-1772.json index 82261c788b8..d61b107cb27 100644 --- a/2019/1xxx/CVE-2019-1772.json +++ b/2019/1xxx/CVE-2019-1772.json @@ -72,6 +72,11 @@ "name": "20190515 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player" + }, + { + "refsource": "BID", + "name": "108373", + "url": "http://www.securityfocus.com/bid/108373" } ] }, diff --git a/2019/1xxx/CVE-2019-1773.json b/2019/1xxx/CVE-2019-1773.json index a7c826e813a..676839a52b0 100644 --- a/2019/1xxx/CVE-2019-1773.json +++ b/2019/1xxx/CVE-2019-1773.json @@ -72,6 +72,11 @@ "name": "20190515 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player" + }, + { + "refsource": "BID", + "name": "108373", + "url": "http://www.securityfocus.com/bid/108373" } ] }, diff --git a/2019/1xxx/CVE-2019-1774.json b/2019/1xxx/CVE-2019-1774.json index 61bd0c7167c..687fb0e3ee3 100644 --- a/2019/1xxx/CVE-2019-1774.json +++ b/2019/1xxx/CVE-2019-1774.json @@ -72,6 +72,11 @@ "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" + }, + { + "refsource": "BID", + "name": "108371", + "url": "http://www.securityfocus.com/bid/108371" } ] }, diff --git a/2019/1xxx/CVE-2019-1775.json b/2019/1xxx/CVE-2019-1775.json index 55403578119..00760c9356c 100644 --- a/2019/1xxx/CVE-2019-1775.json +++ b/2019/1xxx/CVE-2019-1775.json @@ -72,6 +72,11 @@ "name": "20190515 Cisco NX-OS Software Command Injection Vulnerabilities (CVE-2019-1774, CVE-2019-1775)", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775" + }, + { + "refsource": "BID", + "name": "108371", + "url": "http://www.securityfocus.com/bid/108371" } ] }, diff --git a/2019/7xxx/CVE-2019-7353.json b/2019/7xxx/CVE-2019-7353.json index a6fe72e0305..dbff17f8fe3 100644 --- a/2019/7xxx/CVE-2019-7353.json +++ b/2019/7xxx/CVE-2019-7353.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7353", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/" } ] }