diff --git a/2016/10xxx/CVE-2016-10937.json b/2016/10xxx/CVE-2016-10937.json index 84ab2d2ed1f..63a5a3f070f 100644 --- a/2016/10xxx/CVE-2016-10937.json +++ b/2016/10xxx/CVE-2016-10937.json @@ -61,6 +61,11 @@ "url": "https://bugs.debian.org/939702", "refsource": "MISC", "name": "https://bugs.debian.org/939702" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1976-1] imapfilter security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00040.html" } ] } diff --git a/2019/1010xxx/CVE-2019-1010095.json b/2019/1010xxx/CVE-2019-1010095.json index ca026bc67b2..29d2afa2adb 100644 --- a/2019/1010xxx/CVE-2019-1010095.json +++ b/2019/1010xxx/CVE-2019-1010095.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: http://127.0.0.1/admin/users/add.php. The attack vector is: After the administrator logged in, open the html page." + "value": "DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page." } ] }, diff --git a/2019/1010xxx/CVE-2019-1010096.json b/2019/1010xxx/CVE-2019-1010096.json index 929faed31fb..57ebd4be5a2 100644 --- a/2019/1010xxx/CVE-2019-1010096.json +++ b/2019/1010xxx/CVE-2019-1010096.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page." + "value": "DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page." } ] }, diff --git a/2019/15xxx/CVE-2019-15681.json b/2019/15xxx/CVE-2019-15681.json index b0383a2872e..e5d53d3a8fe 100644 --- a/2019/15xxx/CVE-2019-15681.json +++ b/2019/15xxx/CVE-2019-15681.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a", "url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1977-1] libvncserver security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17506.json b/2019/17xxx/CVE-2019-17506.json index 81cd2200fdd..d222e459a98 100644 --- a/2019/17xxx/CVE-2019-17506.json +++ b/2019/17xxx/CVE-2019-17506.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely." + "value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely." } ] },