diff --git a/2013/7xxx/CVE-2013-7285.json b/2013/7xxx/CVE-2013-7285.json index db3d4298f9d..74af36b7872 100644 --- a/2013/7xxx/CVE-2013-7285.json +++ b/2013/7xxx/CVE-2013-7285.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar", "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.", + "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2016/5xxx/CVE-2016-5388.json b/2016/5xxx/CVE-2016-5388.json index 19b51ba9232..0f134d89df1 100644 --- a/2016/5xxx/CVE-2016-5388.json +++ b/2016/5xxx/CVE-2016-5388.json @@ -151,6 +151,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.", + "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1270.json b/2018/1xxx/CVE-2018-1270.json index 32a7d241544..69a54bbb134 100644 --- a/2018/1xxx/CVE-2018-1270.json +++ b/2018/1xxx/CVE-2018-1270.json @@ -107,6 +107,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar", "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.", + "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2018/20xxx/CVE-2018-20815.json b/2018/20xxx/CVE-2018-20815.json index 2006e148831..8719771ef47 100644 --- a/2018/20xxx/CVE-2018-20815.json +++ b/2018/20xxx/CVE-2018-20815.json @@ -106,6 +106,11 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update", "url": "https://seclists.org/bugtraq/2019/Aug/41" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4506", + "url": "https://www.debian.org/security/2019/dsa-4506" } ] } diff --git a/2018/20xxx/CVE-2018-20991.json b/2018/20xxx/CVE-2018-20991.json new file mode 100644 index 00000000000..c4bc1993ac0 --- /dev/null +++ b/2018/20xxx/CVE-2018-20991.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0003.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0003.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20999.json b/2018/20xxx/CVE-2018-20999.json new file mode 100644 index 00000000000..52645a1335c --- /dev/null +++ b/2018/20xxx/CVE-2018-20999.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0012.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0012.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/brycx/orion/issues/46", + "url": "https://github.com/brycx/orion/issues/46" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21000.json b/2018/21xxx/CVE-2018-21000.json new file mode 100644 index 00000000000..238abf2dd79 --- /dev/null +++ b/2018/21xxx/CVE-2018-21000.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0013.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0013.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36", + "url": "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13164.json b/2019/13xxx/CVE-2019-13164.json index b1028647829..ec68f681bc3 100644 --- a/2019/13xxx/CVE-2019-13164.json +++ b/2019/13xxx/CVE-2019-13164.json @@ -76,6 +76,11 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update", "url": "https://seclists.org/bugtraq/2019/Aug/41" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4506", + "url": "https://www.debian.org/security/2019/dsa-4506" } ] } diff --git a/2019/14xxx/CVE-2019-14300.json b/2019/14xxx/CVE-2019-14300.json new file mode 100644 index 00000000000..05b36c561a2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14300.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh-usa.com/en/support-and-download", + "refsource": "MISC", + "name": "https://www.ricoh-usa.com/en/support-and-download" + }, + { + "url": "https://www.ricoh.com/info/2019/0823_1/", + "refsource": "MISC", + "name": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14305.json b/2019/14xxx/CVE-2019-14305.json new file mode 100644 index 00000000000..78b9c1b2764 --- /dev/null +++ b/2019/14xxx/CVE-2019-14305.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh-usa.com/en/support-and-download", + "refsource": "MISC", + "name": "https://www.ricoh-usa.com/en/support-and-download" + }, + { + "url": "https://www.ricoh.com/info/2019/0823_1/", + "refsource": "MISC", + "name": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14307.json b/2019/14xxx/CVE-2019-14307.json new file mode 100644 index 00000000000..8b1a168d4d5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14307.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh-usa.com/en/support-and-download", + "refsource": "MISC", + "name": "https://www.ricoh-usa.com/en/support-and-download" + }, + { + "url": "https://www.ricoh.com/info/2019/0823_1/", + "refsource": "MISC", + "name": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14378.json b/2019/14xxx/CVE-2019-14378.json index 640bfb3644a..6d32f3da211 100644 --- a/2019/14xxx/CVE-2019-14378.json +++ b/2019/14xxx/CVE-2019-14378.json @@ -71,6 +71,11 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update", "url": "https://seclists.org/bugtraq/2019/Aug/41" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4506", + "url": "https://www.debian.org/security/2019/dsa-4506" } ] } diff --git a/2019/15xxx/CVE-2019-15550.json b/2019/15xxx/CVE-2019-15550.json new file mode 100644 index 00000000000..81e32726652 --- /dev/null +++ b/2019/15xxx/CVE-2019-15550.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0008.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0008.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15551.json b/2019/15xxx/CVE-2019-15551.json new file mode 100644 index 00000000000..ba53388fa84 --- /dev/null +++ b/2019/15xxx/CVE-2019-15551.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/servo/rust-smallvec/issues/148", + "url": "https://github.com/servo/rust-smallvec/issues/148" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15552.json b/2019/15xxx/CVE-2019-15552.json new file mode 100644 index 00000000000..82a53410876 --- /dev/null +++ b/2019/15xxx/CVE-2019-15552.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0010.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0010.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/sile/libflate/issues/35", + "url": "https://github.com/sile/libflate/issues/35" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15553.json b/2019/15xxx/CVE-2019-15553.json new file mode 100644 index 00000000000..7380a47f728 --- /dev/null +++ b/2019/15xxx/CVE-2019-15553.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0011.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0011.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490", + "url": "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15554.json b/2019/15xxx/CVE-2019-15554.json new file mode 100644 index 00000000000..951ca82276b --- /dev/null +++ b/2019/15xxx/CVE-2019-15554.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0012.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0012.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/servo/rust-smallvec/issues/149", + "url": "https://github.com/servo/rust-smallvec/issues/149" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15563.json b/2019/15xxx/CVE-2019-15563.json new file mode 100644 index 00000000000..89842f0d9c5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15563.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OHDSI/WebAPI/pull/1101", + "refsource": "MISC", + "name": "https://github.com/OHDSI/WebAPI/pull/1101" + }, + { + "url": "https://github.com/OHDSI/WebAPI/releases/tag/v2.7.2", + "refsource": "MISC", + "name": "https://github.com/OHDSI/WebAPI/releases/tag/v2.7.2" + }, + { + "url": "https://github.com/OHDSI/WebAPI/milestone/28?closed=1", + "refsource": "MISC", + "name": "https://github.com/OHDSI/WebAPI/milestone/28?closed=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15564.json b/2019/15xxx/CVE-2019-15564.json new file mode 100644 index 00000000000..992bae3d31d --- /dev/null +++ b/2019/15xxx/CVE-2019-15564.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CompassionCH/compassion-switzerland/pull/897", + "refsource": "MISC", + "name": "https://github.com/CompassionCH/compassion-switzerland/pull/897" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15565.json b/2019/15xxx/CVE-2019-15565.json new file mode 100644 index 00000000000..4ff3890f613 --- /dev/null +++ b/2019/15xxx/CVE-2019-15565.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/danidomen/icommktconnector/pull/1", + "refsource": "MISC", + "name": "https://github.com/danidomen/icommktconnector/pull/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15566.json b/2019/15xxx/CVE-2019-15566.json new file mode 100644 index 00000000000..2c891353268 --- /dev/null +++ b/2019/15xxx/CVE-2019-15566.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7", + "refsource": "MISC", + "name": "https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7" + }, + { + "url": "https://github.com/Alfresco/alfresco-android-app/pull/547", + "refsource": "MISC", + "name": "https://github.com/Alfresco/alfresco-android-app/pull/547" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15567.json b/2019/15xxx/CVE-2019-15567.json new file mode 100644 index 00000000000..650f0490899 --- /dev/null +++ b/2019/15xxx/CVE-2019-15567.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openforis/arena/pull/170", + "refsource": "MISC", + "name": "https://github.com/openforis/arena/pull/170" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15568.json b/2019/15xxx/CVE-2019-15568.json new file mode 100644 index 00000000000..e94cdbcef0c --- /dev/null +++ b/2019/15xxx/CVE-2019-15568.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chanzuckerberg/idseq-web/pull/2372", + "refsource": "MISC", + "name": "https://github.com/chanzuckerberg/idseq-web/pull/2372" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15569.json b/2019/15xxx/CVE-2019-15569.json new file mode 100644 index 00000000000..3a49150b6a4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15569.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hmcts/ccd-data-store-api/pull/394", + "refsource": "MISC", + "name": "https://github.com/hmcts/ccd-data-store-api/pull/394" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15570.json b/2019/15xxx/CVE-2019-15570.json new file mode 100644 index 00000000000..0f1851ecef8 --- /dev/null +++ b/2019/15xxx/CVE-2019-15570.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bedita/bedita/pull/1608", + "refsource": "MISC", + "name": "https://github.com/bedita/bedita/pull/1608" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15571.json b/2019/15xxx/CVE-2019-15571.json new file mode 100644 index 00000000000..d9fda7d863f --- /dev/null +++ b/2019/15xxx/CVE-2019-15571.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/clonos/control-pane/pull/20", + "refsource": "MISC", + "name": "https://github.com/clonos/control-pane/pull/20" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15572.json b/2019/15xxx/CVE-2019-15572.json new file mode 100644 index 00000000000..bd9bf08a10f --- /dev/null +++ b/2019/15xxx/CVE-2019-15572.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/marcomoa/gesior-aac/pull/8", + "refsource": "MISC", + "name": "https://github.com/marcomoa/gesior-aac/pull/8" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15573.json b/2019/15xxx/CVE-2019-15573.json new file mode 100644 index 00000000000..b7fa18a0701 --- /dev/null +++ b/2019/15xxx/CVE-2019-15573.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/marcomoa/gesior-aac/pull/9", + "refsource": "MISC", + "name": "https://github.com/marcomoa/gesior-aac/pull/9" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15574.json b/2019/15xxx/CVE-2019-15574.json new file mode 100644 index 00000000000..66157d33fb2 --- /dev/null +++ b/2019/15xxx/CVE-2019-15574.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/marcomoa/gesior-aac/pull/11", + "refsource": "MISC", + "name": "https://github.com/marcomoa/gesior-aac/pull/11" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4169.json b/2019/4xxx/CVE-2019-4169.json index 85a625fd0b5..1f3c6c60de8 100644 --- a/2019/4xxx/CVE-2019-4169.json +++ b/2019/4xxx/CVE-2019-4169.json @@ -1,100 +1,100 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4169", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-08-16T00:00:00" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "UI" : "N", - "C" : "H", - "AV" : "A", - "SCORE" : "8.100", - "I" : "H", - "AC" : "L", - "A" : "N", - "PR" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10881209", - "title" : "IBM Security Bulletin 881209 (P9 OpenPOWER)", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10881209", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158702", - "name" : "ibm-bmc-cve20194169-info-disc (158702)", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "P9 OpenPOWER", - "version" : { - "version_data" : [ - { - "version_value" : "OP920" - } - ] - } - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "OP910" - } - ] - }, - "product_name" : "P9 OpenPower" - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.", + "lang": "eng" } - ] - } - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4169", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-08-16T00:00:00" + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "UI": "N", + "C": "H", + "AV": "A", + "SCORE": "8.100", + "I": "H", + "AC": "L", + "A": "N", + "PR": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "references": { + "reference_data": [ + { + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10881209", + "title": "IBM Security Bulletin 881209 (P9 OpenPOWER)", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10881209", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158702", + "name": "ibm-bmc-cve20194169-info-disc (158702)", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P9 OpenPOWER", + "version": { + "version_data": [ + { + "version_value": "OP920" + } + ] + } + }, + { + "version": { + "version_data": [ + { + "version_value": "OP910" + } + ] + }, + "product_name": "P9 OpenPower" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4447.json b/2019/4xxx/CVE-2019-4447.json index 1645f5ea9ba..cea78068eda 100644 --- a/2019/4xxx/CVE-2019-4447.json +++ b/2019/4xxx/CVE-2019-4447.json @@ -1,105 +1,105 @@ { - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-08-21T00:00:00", - "ID" : "CVE-2019-4447", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-08-21T00:00:00", + "ID": "CVE-2019-4447", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "DB2 High Performance Unload load for LUW", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "6.1.0.1" - }, - { - "version_value" : "6.1.0.1IF1" - }, - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.1.0.2IF1" - }, - { - "version_value" : "6.1.0.1IF2" - } - ] - } - } - ] - } + "value": "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.", + "lang": "eng" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592", - "title" : "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)" - }, - { - "refsource" : "XF", - "name" : "ibm-db2-cve20194447-priv-escalation (163488)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163488" - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "SCORE" : "8.400", - "I" : "H", - "AC" : "L", - "A" : "H", - "PR" : "N", - "UI" : "N", - "S" : "U", - "AV" : "L", - "C" : "H" - } - } - } -} + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "DB2 High Performance Unload load for LUW", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.1.0.1" + }, + { + "version_value": "6.1.0.1IF1" + }, + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.1.0.2IF1" + }, + { + "version_value": "6.1.0.1IF2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964592", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964592", + "title": "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)" + }, + { + "refsource": "XF", + "name": "ibm-db2-cve20194447-priv-escalation (163488)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163488" + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "SCORE": "8.400", + "I": "H", + "AC": "L", + "A": "H", + "PR": "N", + "UI": "N", + "S": "U", + "AV": "L", + "C": "H" + } + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4448.json b/2019/4xxx/CVE-2019-4448.json index d8077bbb97c..a765389ca30 100644 --- a/2019/4xxx/CVE-2019-4448.json +++ b/2019/4xxx/CVE-2019-4448.json @@ -1,105 +1,105 @@ { - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-08-21T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4448", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2019-08-21T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4448", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "DB2 High Performance Unload load for LUW", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "6.1.0.1" - }, - { - "version_value" : "6.1.0.1IF1" - }, - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.1.0.2IF1" - }, - { - "version_value" : "6.1.0.1IF2" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489." } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "UI" : "N", - "S" : "U", - "AV" : "L", - "C" : "H", - "AC" : "L", - "A" : "H", - "PR" : "N", - "SCORE" : "8.400", - "I" : "H" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10964592", - "title" : "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)" - }, - { - "refsource" : "XF", - "name" : "ibm-db2-cve20194448-priv-escalation (163489)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163489", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE" -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "DB2 High Performance Unload load for LUW", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.1.0.1" + }, + { + "version_value": "6.1.0.1IF1" + }, + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.1.0.2IF1" + }, + { + "version_value": "6.1.0.1IF2" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "UI": "N", + "S": "U", + "AV": "L", + "C": "H", + "AC": "L", + "A": "H", + "PR": "N", + "SCORE": "8.400", + "I": "H" + } + } + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964592", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964592", + "title": "IBM Security Bulletin 964592 (DB2 High Performance Unload load for LUW)" + }, + { + "refsource": "XF", + "name": "ibm-db2-cve20194448-priv-escalation (163489)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163489", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4513.json b/2019/4xxx/CVE-2019-4513.json index 30815a952fb..dc6c7198e52 100644 --- a/2019/4xxx/CVE-2019-4513.json +++ b/2019/4xxx/CVE-2019-4513.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "A" : "L", - "PR" : "N", - "SCORE" : "8.200", - "I" : "N", - "S" : "U", - "UI" : "N", - "C" : "H", - "AV" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10996716", - "title" : "IBM Security Bulletin 996716 (Security Access Manager for Enterprise Single Sign-On)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10996716" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164555", - "refsource" : "XF", - "name" : "ibm-sam-cve20194513-xxe (164555)" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Access Manager for Enterprise Single Sign-On", - "version" : { - "version_data" : [ - { - "version_value" : "8.2.2" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "A": "L", + "PR": "N", + "SCORE": "8.200", + "I": "N", + "S": "U", + "UI": "N", + "C": "H", + "AV": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10996716", + "title": "IBM Security Bulletin 996716 (Security Access Manager for Enterprise Single Sign-On)", + "refsource": "CONFIRM", + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10996716" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164555", + "refsource": "XF", + "name": "ibm-sam-cve20194513-xxe (164555)" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Access Manager for Enterprise Single Sign-On", + "version": { + "version_data": [ + { + "version_value": "8.2.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4513", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-08-21T00:00:00" - } -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4513", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-08-21T00:00:00" + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9512.json b/2019/9xxx/CVE-2019-9512.json index ec0107dfd99..4d260b58ed3 100644 --- a/2019/9xxx/CVE-2019-9512.json +++ b/2019/9xxx/CVE-2019-9512.json @@ -173,6 +173,11 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4508-1] h2o security update", "url": "https://seclists.org/bugtraq/2019/Aug/43" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4508", + "url": "https://www.debian.org/security/2019/dsa-4508" } ] }, diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index d96ea79f364..4df88141850 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -173,6 +173,11 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4508-1] h2o security update", "url": "https://seclists.org/bugtraq/2019/Aug/43" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4508", + "url": "https://www.debian.org/security/2019/dsa-4508" } ] }, diff --git a/2019/9xxx/CVE-2019-9515.json b/2019/9xxx/CVE-2019-9515.json index ea9e3c35abb..e82a832eaaa 100644 --- a/2019/9xxx/CVE-2019-9515.json +++ b/2019/9xxx/CVE-2019-9515.json @@ -143,6 +143,11 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4508-1] h2o security update", "url": "https://seclists.org/bugtraq/2019/Aug/43" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4508", + "url": "https://www.debian.org/security/2019/dsa-4508" } ] },