diff --git a/2016/4xxx/CVE-2016-4978.json b/2016/4xxx/CVE-2016-4978.json index 678716980f0..c1120f2a21f 100644 --- a/2016/4xxx/CVE-2016-4978.json +++ b/2016/4xxx/CVE-2016-4978.json @@ -131,6 +131,11 @@ "name": "RHSA-2018:1447", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1447" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978", + "url": "https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2018/13xxx/CVE-2018-13365.json b/2018/13xxx/CVE-2018-13365.json index 595bee4380b..c6d7c107516 100644 --- a/2018/13xxx/CVE-2018-13365.json +++ b/2018/13xxx/CVE-2018-13365.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-13365", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13365", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "6.0.1" + }, + { + "version_value": "5.6.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-18-085", + "url": "https://fortiguard.com/advisory/FG-IR-18-085" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page." } ] } diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index fe2cf751fa1..a302c2a50ac 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -96,6 +96,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2018/20xxx/CVE-2018-20239.json b/2018/20xxx/CVE-2018-20239.json index 38a0b7853db..b68052e0e58 100644 --- a/2018/20xxx/CVE-2018-20239.json +++ b/2018/20xxx/CVE-2018-20239.json @@ -68,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "Application Links before version 3.4.3, 4.6.x before 4.7.0, 5.0.x before 5.0.11, 5.1.x before 5.2.10, 5.3.x before 5.3.6, 5.4.x before 5.4.12, 6.0.x before 6.0.4, 6.7.x before 6.8.0, 6.13.x before 6.15.2, 7.13.x before 7.13.3 and 8.0.x before 8.1.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter." + "value": "Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0." } ] }, diff --git a/2019/0xxx/CVE-2019-0232.json b/2019/0xxx/CVE-2019-0232.json index 81ab39b2c60..61fd94eb52d 100644 --- a/2019/0xxx/CVE-2019-0232.json +++ b/2019/0xxx/CVE-2019-0232.json @@ -134,6 +134,11 @@ "refsource": "MISC", "name": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/", "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/" + }, + { + "refsource": "MISC", + "name": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/", + "url": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/" } ] }, diff --git a/2019/11xxx/CVE-2019-11894.json b/2019/11xxx/CVE-2019-11894.json index 71b617a1d96..642eb58bc03 100644 --- a/2019/11xxx/CVE-2019-11894.json +++ b/2019/11xxx/CVE-2019-11894.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2019-05-29T12:00:00.000Z", "ID": "CVE-2019-11894", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper access control in the backup mechanism of the Bosch Smart Home Controller (SHC)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bosch Smart Home Controller (SHC)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.8.905" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Philip Kazmeier" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html", + "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11895.json b/2019/11xxx/CVE-2019-11895.json index d21029d2c94..61a1d347bcf 100644 --- a/2019/11xxx/CVE-2019-11895.json +++ b/2019/11xxx/CVE-2019-11895.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2019-05-29T12:00:00.000Z", "ID": "CVE-2019-11895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bosch Smart Home Controller (SHC)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.8.905" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Philip Kazmeier" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html", + "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11896.json b/2019/11xxx/CVE-2019-11896.json index fa9b6a3fc94..47ce8ade376 100644 --- a/2019/11xxx/CVE-2019-11896.json +++ b/2019/11xxx/CVE-2019-11896.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2019-05-29T12:00:00.000Z", "ID": "CVE-2019-11896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Incorrect pviilege assignment in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bosch Smart Home Controller (SHC)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.8.907" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Philip Kazmeier" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html", + "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9621.json b/2019/9xxx/CVE-2019-9621.json index e0f31d2e68e..f5af5967465 100644 --- a/2019/9xxx/CVE-2019-9621.json +++ b/2019/9xxx/CVE-2019-9621.json @@ -62,6 +62,11 @@ "name": "https://wiki.zimbra.com/wiki/Security_Center", "url": "https://wiki.zimbra.com/wiki/Security_Center" }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109127", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109127" + }, { "refsource": "MISC", "name": "http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce",