From 5f58be5caad246a80bf55e83887177d94d90b0a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 22 Aug 2019 15:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18572.json | 48 +++++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18573.json | 48 +++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11013.json | 56 ++++++++++++++++++++++++++++++---- 2019/15xxx/CVE-2019-15216.json | 5 +++ 2019/15xxx/CVE-2019-15217.json | 5 +++ 2019/15xxx/CVE-2019-15218.json | 5 +++ 2019/15xxx/CVE-2019-15219.json | 5 +++ 7 files changed, 162 insertions(+), 10 deletions(-) diff --git a/2018/18xxx/CVE-2018-18572.json b/2018/18xxx/CVE-2018-18572.json index 21572dfed15..e0314f60fd2 100644 --- a/2018/18xxx/CVE-2018-18572.json +++ b/2018/18xxx/CVE-2018-18572.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18572", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the \"product\" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/osCommerce/oscommerce2/issues/631", + "url": "https://github.com/osCommerce/oscommerce2/issues/631" } ] } diff --git a/2018/18xxx/CVE-2018-18573.json b/2018/18xxx/CVE-2018-18573.json index e056a4fc5f0..a82bb97d5ae 100644 --- a/2018/18xxx/CVE-2018-18573.json +++ b/2018/18xxx/CVE-2018-18573.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18573", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the \"product\" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/osCommerce/oscommerce2/issues/631", + "url": "https://github.com/osCommerce/oscommerce2/issues/631" } ] } diff --git a/2019/11xxx/CVE-2019-11013.json b/2019/11xxx/CVE-2019-11013.json index dfa235b3123..c5f819327e9 100644 --- a/2019/11xxx/CVE-2019-11013.json +++ b/2019/11xxx/CVE-2019-11013.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11013", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11013", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/", + "url": "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/" } ] } diff --git a/2019/15xxx/CVE-2019-15216.json b/2019/15xxx/CVE-2019-15216.json index 4341e2e3ef3..553349d7b1d 100644 --- a/2019/15xxx/CVE-2019-15216.json +++ b/2019/15xxx/CVE-2019-15216.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", + "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4" } ] } diff --git a/2019/15xxx/CVE-2019-15217.json b/2019/15xxx/CVE-2019-15217.json index ac843ddf28c..c25e4342bab 100644 --- a/2019/15xxx/CVE-2019-15217.json +++ b/2019/15xxx/CVE-2019-15217.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", + "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4" } ] } diff --git a/2019/15xxx/CVE-2019-15218.json b/2019/15xxx/CVE-2019-15218.json index 1c69e2202db..82b6a6ac0e9 100644 --- a/2019/15xxx/CVE-2019-15218.json +++ b/2019/15xxx/CVE-2019-15218.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", + "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4" } ] } diff --git a/2019/15xxx/CVE-2019-15219.json b/2019/15xxx/CVE-2019-15219.json index 449f13b4fd3..8ce839a5bc5 100644 --- a/2019/15xxx/CVE-2019-15219.json +++ b/2019/15xxx/CVE-2019-15219.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", + "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4" } ] }