"-Synchronized-Data."

2025-05-06 10:41:46 +00:00 · 2019-08-22 15:00:51 +00:00 · 2019-08-22 15:00:51 +00:00 · 5f58be5caa
commit 5f58be5caa
parent 2b2fb41525
7 changed files with 162 additions and 10 deletions
--- a/2018/18xxx/CVE-2018-18572.json
+++ b/2018/18xxx/CVE-2018-18572.json
@ -2,7 +2,30 @@
    "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-18572",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,7 +34,28 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the \"product\" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/osCommerce/oscommerce2/issues/631",
+                "url": "https://github.com/osCommerce/oscommerce2/issues/631"
            }
        ]
    }
--- a/2018/18xxx/CVE-2018-18573.json
+++ b/2018/18xxx/CVE-2018-18573.json
@ -2,7 +2,30 @@
    "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-18573",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,7 +34,28 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the \"product\" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/osCommerce/oscommerce2/issues/631",
+                "url": "https://github.com/osCommerce/oscommerce2/issues/631"
            }
        ]
    }
--- a/2019/11xxx/CVE-2019-11013.json
+++ b/2019/11xxx/CVE-2019-11013.json
@ -1,17 +1,61 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2019-11013",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2019-11013",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/",
+                "url": "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/"
            }
        ]
    }
--- a/2019/15xxx/CVE-2019-15216.json
+++ b/2019/15xxx/CVE-2019-15216.json
@ -81,6 +81,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
+                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
            }
        ]
    }
--- a/2019/15xxx/CVE-2019-15217.json
+++ b/2019/15xxx/CVE-2019-15217.json
@ -81,6 +81,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
+                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
            }
        ]
    }
--- a/2019/15xxx/CVE-2019-15218.json
+++ b/2019/15xxx/CVE-2019-15218.json
@ -81,6 +81,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
+                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
            }
        ]
    }
--- a/2019/15xxx/CVE-2019-15219.json
+++ b/2019/15xxx/CVE-2019-15219.json
@ -81,6 +81,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
+                "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
            }
        ]
    }