From 65ec9d74b73ee42d8ada3cc7de41b7aacc9fa8e3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 26 Nov 2019 15:02:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/4xxx/CVE-2015-4457.json | 48 ++++++++++++++++++- 2015/9xxx/CVE-2015-9537.json | 72 ++++++++++++++++++++++++++++ 2015/9xxx/CVE-2015-9538.json | 87 ++++++++++++++++++++++++++++++++++ 2015/9xxx/CVE-2015-9539.json | 72 ++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10745.json | 5 ++ 2017/18xxx/CVE-2017-18208.json | 5 ++ 2018/10xxx/CVE-2018-10902.json | 5 ++ 2018/17xxx/CVE-2018-17860.json | 53 ++++++++++++++++++++- 2018/18xxx/CVE-2018-18559.json | 5 ++ 2018/9xxx/CVE-2018-9568.json | 5 ++ 2019/12xxx/CVE-2019-12489.json | 61 +++++++++++++++++++++--- 2019/18xxx/CVE-2019-18460.json | 67 ++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18461.json | 67 ++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18462.json | 67 ++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18463.json | 67 ++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19206.json | 61 +++++++++++++++++++++--- 2019/19xxx/CVE-2019-19274.json | 82 ++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19275.json | 82 ++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19276.json | 18 +++++++ 2019/19xxx/CVE-2019-19277.json | 18 +++++++ 2019/19xxx/CVE-2019-19278.json | 18 +++++++ 2019/19xxx/CVE-2019-19279.json | 18 +++++++ 2019/19xxx/CVE-2019-19280.json | 18 +++++++ 2019/19xxx/CVE-2019-19281.json | 18 +++++++ 2019/19xxx/CVE-2019-19282.json | 18 +++++++ 2019/19xxx/CVE-2019-19283.json | 18 +++++++ 2019/19xxx/CVE-2019-19284.json | 18 +++++++ 2019/19xxx/CVE-2019-19285.json | 18 +++++++ 2019/19xxx/CVE-2019-19286.json | 18 +++++++ 2019/19xxx/CVE-2019-19287.json | 18 +++++++ 2019/19xxx/CVE-2019-19288.json | 18 +++++++ 2019/19xxx/CVE-2019-19289.json | 18 +++++++ 2019/19xxx/CVE-2019-19290.json | 18 +++++++ 2019/19xxx/CVE-2019-19291.json | 18 +++++++ 2019/19xxx/CVE-2019-19292.json | 18 +++++++ 2019/19xxx/CVE-2019-19293.json | 18 +++++++ 2019/19xxx/CVE-2019-19294.json | 18 +++++++ 2019/19xxx/CVE-2019-19295.json | 18 +++++++ 2019/19xxx/CVE-2019-19296.json | 18 +++++++ 2019/19xxx/CVE-2019-19297.json | 18 +++++++ 2019/19xxx/CVE-2019-19298.json | 18 +++++++ 2019/19xxx/CVE-2019-19299.json | 18 +++++++ 2019/19xxx/CVE-2019-19300.json | 18 +++++++ 2019/19xxx/CVE-2019-19301.json | 18 +++++++ 2019/19xxx/CVE-2019-19302.json | 18 +++++++ 2019/19xxx/CVE-2019-19303.json | 18 +++++++ 2019/19xxx/CVE-2019-19304.json | 18 +++++++ 2019/19xxx/CVE-2019-19305.json | 18 +++++++ 2019/19xxx/CVE-2019-19306.json | 67 ++++++++++++++++++++++++++ 2019/3xxx/CVE-2019-3900.json | 5 ++ 2019/5xxx/CVE-2019-5489.json | 5 ++ 2019/6xxx/CVE-2019-6675.json | 63 +++++++++++++++++++++--- 2019/6xxx/CVE-2019-6974.json | 5 ++ 2019/7xxx/CVE-2019-7221.json | 5 ++ 54 files changed, 1578 insertions(+), 23 deletions(-) create mode 100644 2015/9xxx/CVE-2015-9537.json create mode 100644 2015/9xxx/CVE-2015-9538.json create mode 100644 2015/9xxx/CVE-2015-9539.json create mode 100644 2019/18xxx/CVE-2019-18460.json create mode 100644 2019/18xxx/CVE-2019-18461.json create mode 100644 2019/18xxx/CVE-2019-18462.json create mode 100644 2019/18xxx/CVE-2019-18463.json create mode 100644 2019/19xxx/CVE-2019-19274.json create mode 100644 2019/19xxx/CVE-2019-19275.json create mode 100644 2019/19xxx/CVE-2019-19276.json create mode 100644 2019/19xxx/CVE-2019-19277.json create mode 100644 2019/19xxx/CVE-2019-19278.json create mode 100644 2019/19xxx/CVE-2019-19279.json create mode 100644 2019/19xxx/CVE-2019-19280.json create mode 100644 2019/19xxx/CVE-2019-19281.json create mode 100644 2019/19xxx/CVE-2019-19282.json create mode 100644 2019/19xxx/CVE-2019-19283.json create mode 100644 2019/19xxx/CVE-2019-19284.json create mode 100644 2019/19xxx/CVE-2019-19285.json create mode 100644 2019/19xxx/CVE-2019-19286.json create mode 100644 2019/19xxx/CVE-2019-19287.json create mode 100644 2019/19xxx/CVE-2019-19288.json create mode 100644 2019/19xxx/CVE-2019-19289.json create mode 100644 2019/19xxx/CVE-2019-19290.json create mode 100644 2019/19xxx/CVE-2019-19291.json create mode 100644 2019/19xxx/CVE-2019-19292.json create mode 100644 2019/19xxx/CVE-2019-19293.json create mode 100644 2019/19xxx/CVE-2019-19294.json create mode 100644 2019/19xxx/CVE-2019-19295.json create mode 100644 2019/19xxx/CVE-2019-19296.json create mode 100644 2019/19xxx/CVE-2019-19297.json create mode 100644 2019/19xxx/CVE-2019-19298.json create mode 100644 2019/19xxx/CVE-2019-19299.json create mode 100644 2019/19xxx/CVE-2019-19300.json create mode 100644 2019/19xxx/CVE-2019-19301.json create mode 100644 2019/19xxx/CVE-2019-19302.json create mode 100644 2019/19xxx/CVE-2019-19303.json create mode 100644 2019/19xxx/CVE-2019-19304.json create mode 100644 2019/19xxx/CVE-2019-19305.json create mode 100644 2019/19xxx/CVE-2019-19306.json diff --git a/2015/4xxx/CVE-2015-4457.json b/2015/4xxx/CVE-2015-4457.json index a85ed7fefe6..17f65e1490a 100644 --- a/2015/4xxx/CVE-2015-4457.json +++ b/2015/4xxx/CVE-2015-4457.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4457", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js", + "refsource": "MISC", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js" } ] } diff --git a/2015/9xxx/CVE-2015-9537.json b/2015/9xxx/CVE-2015-9537.json new file mode 100644 index 00000000000..85c2dd48b8e --- /dev/null +++ b/2015/9xxx/CVE-2015-9537.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/nextgen-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/nextgen-gallery/#developers" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/1", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/1" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2015/10/27/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2015/10/27/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9538.json b/2015/9xxx/CVE-2015-9538.json new file mode 100644 index 00000000000..d6c95d5170b --- /dev/null +++ b/2015/9xxx/CVE-2015-9538.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/nextgen-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/nextgen-gallery/#developers" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/2", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/2" + }, + { + "url": "https://packetstormsecurity.com/files/135114/WordPress-NextGEN-Gallery-2.1.15-Cross-Site-Scripting-Path-Traversal.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/135114/WordPress-NextGEN-Gallery-2.1.15-Cross-Site-Scripting-Path-Traversal.html" + }, + { + "url": "https://cxsecurity.com/issue/WLB-2015080165", + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2015080165" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2015/08/28/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2015/08/28/4" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2015/09/01/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2015/09/01/7" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9539.json b/2015/9xxx/CVE-2015-9539.json new file mode 100644 index 00000000000..aa17ff3ea44 --- /dev/null +++ b/2015/9xxx/CVE-2015-9539.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/4", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/4" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2015/10/27/2", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2015/10/27/2" + }, + { + "url": "https://github.com/amansaini/fast-secure-contact-form", + "refsource": "MISC", + "name": "https://github.com/amansaini/fast-secure-contact-form" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10745.json b/2016/10xxx/CVE-2016-10745.json index a3f3be46ccc..eeb1603c42d 100644 --- a/2016/10xxx/CVE-2016-10745.json +++ b/2016/10xxx/CVE-2016-10745.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1614", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3964", + "url": "https://access.redhat.com/errata/RHSA-2019:3964" } ] } diff --git a/2017/18xxx/CVE-2017-18208.json b/2017/18xxx/CVE-2017-18208.json index ca82ea0d286..2ab8d98fede 100644 --- a/2017/18xxx/CVE-2017-18208.json +++ b/2017/18xxx/CVE-2017-18208.json @@ -116,6 +116,11 @@ "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] } diff --git a/2018/10xxx/CVE-2018-10902.json b/2018/10xxx/CVE-2018-10902.json index e05feac26ef..cd6ef0ff159 100644 --- a/2018/10xxx/CVE-2018-10902.json +++ b/2018/10xxx/CVE-2018-10902.json @@ -151,6 +151,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3217", "url": "https://access.redhat.com/errata/RHSA-2019:3217" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] } diff --git a/2018/17xxx/CVE-2018-17860.json b/2018/17xxx/CVE-2018-17860.json index fc2f1e0d2ae..b8d7c0fe107 100644 --- a/2018/17xxx/CVE-2018-17860.json +++ b/2018/17xxx/CVE-2018-17860.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17860", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop", + "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb", + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb" } ] } diff --git a/2018/18xxx/CVE-2018-18559.json b/2018/18xxx/CVE-2018-18559.json index 2d98ffc68cb..ff2de18daeb 100644 --- a/2018/18xxx/CVE-2018-18559.json +++ b/2018/18xxx/CVE-2018-18559.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1190", "url": "https://access.redhat.com/errata/RHSA-2019:1190" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] } diff --git a/2018/9xxx/CVE-2018-9568.json b/2018/9xxx/CVE-2018-9568.json index dc9b3e0676c..479e94031d2 100644 --- a/2018/9xxx/CVE-2018-9568.json +++ b/2018/9xxx/CVE-2018-9568.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2736", "url": "https://access.redhat.com/errata/RHSA-2019:2736" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] } diff --git a/2019/12xxx/CVE-2019-12489.json b/2019/12xxx/CVE-2019-12489.json index 400779642e8..595b283f305 100644 --- a/2019/12xxx/CVE-2019-12489.json +++ b/2019/12xxx/CVE-2019-12489.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12489", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12489", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/garis/Fastgate", + "url": "https://github.com/garis/Fastgate" + }, + { + "refsource": "EXPLOIT-DB", + "name": "47654", + "url": "https://www.exploit-db.com/exploits/47654" } ] } diff --git a/2019/18xxx/CVE-2019-18460.json b/2019/18xxx/CVE-2019-18460.json new file mode 100644 index 00000000000..d3fa37f2796 --- /dev/null +++ b/2019/18xxx/CVE-2019-18460.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/", + "url": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18461.json b/2019/18xxx/CVE-2019-18461.json new file mode 100644 index 00000000000..43c43e13a98 --- /dev/null +++ b/2019/18xxx/CVE-2019-18461.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/", + "url": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18462.json b/2019/18xxx/CVE-2019-18462.json new file mode 100644 index 00000000000..6b458408fbd --- /dev/null +++ b/2019/18xxx/CVE-2019-18462.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/", + "url": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18463.json b/2019/18xxx/CVE-2019-18463.json new file mode 100644 index 00000000000..c467aad8201 --- /dev/null +++ b/2019/18xxx/CVE-2019-18463.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/", + "url": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19206.json b/2019/19xxx/CVE-2019-19206.json index 7e85e429012..84b9294f7a1 100644 --- a/2019/19xxx/CVE-2019-19206.json +++ b/2019/19xxx/CVE-2019-19206.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19206", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19206", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dolibarr.org/forum/dolibarr-changelogs", + "refsource": "MISC", + "name": "https://www.dolibarr.org/forum/dolibarr-changelogs" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@k43p/cve-2019-19206-stored-xss-due-to-javascript-execution-in-an-svg-file-ee1d038fba76", + "url": "https://medium.com/@k43p/cve-2019-19206-stored-xss-due-to-javascript-execution-in-an-svg-file-ee1d038fba76" } ] } diff --git a/2019/19xxx/CVE-2019-19274.json b/2019/19xxx/CVE-2019-19274.json new file mode 100644 index 00000000000..a2f8d9b8f53 --- /dev/null +++ b/2019/19xxx/CVE-2019-19274.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce", + "refsource": "MISC", + "name": "https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce" + }, + { + "url": "https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c" + }, + { + "url": "https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e" + }, + { + "url": "https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b", + "refsource": "MISC", + "name": "https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b" + }, + { + "url": "https://bugs.python.org/issue36495", + "refsource": "MISC", + "name": "https://bugs.python.org/issue36495" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19275.json b/2019/19xxx/CVE-2019-19275.json new file mode 100644 index 00000000000..0d0b866f29d --- /dev/null +++ b/2019/19xxx/CVE-2019-19275.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce", + "refsource": "MISC", + "name": "https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce" + }, + { + "url": "https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c" + }, + { + "url": "https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e" + }, + { + "url": "https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b", + "refsource": "MISC", + "name": "https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b" + }, + { + "url": "https://bugs.python.org/issue36495", + "refsource": "MISC", + "name": "https://bugs.python.org/issue36495" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19276.json b/2019/19xxx/CVE-2019-19276.json new file mode 100644 index 00000000000..8f170ad2bb0 --- /dev/null +++ b/2019/19xxx/CVE-2019-19276.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19276", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19277.json b/2019/19xxx/CVE-2019-19277.json new file mode 100644 index 00000000000..e83bcce7252 --- /dev/null +++ b/2019/19xxx/CVE-2019-19277.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19277", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19278.json b/2019/19xxx/CVE-2019-19278.json new file mode 100644 index 00000000000..12bf87d3ef8 --- /dev/null +++ b/2019/19xxx/CVE-2019-19278.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19278", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19279.json b/2019/19xxx/CVE-2019-19279.json new file mode 100644 index 00000000000..f53bfa3a156 --- /dev/null +++ b/2019/19xxx/CVE-2019-19279.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19279", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19280.json b/2019/19xxx/CVE-2019-19280.json new file mode 100644 index 00000000000..5c28d37b716 --- /dev/null +++ b/2019/19xxx/CVE-2019-19280.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19280", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19281.json b/2019/19xxx/CVE-2019-19281.json new file mode 100644 index 00000000000..43e4ce6c522 --- /dev/null +++ b/2019/19xxx/CVE-2019-19281.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19281", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19282.json b/2019/19xxx/CVE-2019-19282.json new file mode 100644 index 00000000000..106ec657428 --- /dev/null +++ b/2019/19xxx/CVE-2019-19282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19283.json b/2019/19xxx/CVE-2019-19283.json new file mode 100644 index 00000000000..30acdcfa04b --- /dev/null +++ b/2019/19xxx/CVE-2019-19283.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19283", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19284.json b/2019/19xxx/CVE-2019-19284.json new file mode 100644 index 00000000000..eb82f292c45 --- /dev/null +++ b/2019/19xxx/CVE-2019-19284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19285.json b/2019/19xxx/CVE-2019-19285.json new file mode 100644 index 00000000000..a16b8b585e1 --- /dev/null +++ b/2019/19xxx/CVE-2019-19285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19286.json b/2019/19xxx/CVE-2019-19286.json new file mode 100644 index 00000000000..fb861296a66 --- /dev/null +++ b/2019/19xxx/CVE-2019-19286.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19286", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19287.json b/2019/19xxx/CVE-2019-19287.json new file mode 100644 index 00000000000..80f3d827f18 --- /dev/null +++ b/2019/19xxx/CVE-2019-19287.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19287", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19288.json b/2019/19xxx/CVE-2019-19288.json new file mode 100644 index 00000000000..7dc42b73d0b --- /dev/null +++ b/2019/19xxx/CVE-2019-19288.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19288", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19289.json b/2019/19xxx/CVE-2019-19289.json new file mode 100644 index 00000000000..23325580a3a --- /dev/null +++ b/2019/19xxx/CVE-2019-19289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19290.json b/2019/19xxx/CVE-2019-19290.json new file mode 100644 index 00000000000..d84bdcf13cc --- /dev/null +++ b/2019/19xxx/CVE-2019-19290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19291.json b/2019/19xxx/CVE-2019-19291.json new file mode 100644 index 00000000000..ea5cd2f45ca --- /dev/null +++ b/2019/19xxx/CVE-2019-19291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19292.json b/2019/19xxx/CVE-2019-19292.json new file mode 100644 index 00000000000..f2bfe8506bd --- /dev/null +++ b/2019/19xxx/CVE-2019-19292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19293.json b/2019/19xxx/CVE-2019-19293.json new file mode 100644 index 00000000000..dbfdd648246 --- /dev/null +++ b/2019/19xxx/CVE-2019-19293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19294.json b/2019/19xxx/CVE-2019-19294.json new file mode 100644 index 00000000000..24e53596304 --- /dev/null +++ b/2019/19xxx/CVE-2019-19294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19295.json b/2019/19xxx/CVE-2019-19295.json new file mode 100644 index 00000000000..4e19823a4c6 --- /dev/null +++ b/2019/19xxx/CVE-2019-19295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19296.json b/2019/19xxx/CVE-2019-19296.json new file mode 100644 index 00000000000..b27eab195b7 --- /dev/null +++ b/2019/19xxx/CVE-2019-19296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19297.json b/2019/19xxx/CVE-2019-19297.json new file mode 100644 index 00000000000..a93d4724d68 --- /dev/null +++ b/2019/19xxx/CVE-2019-19297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19298.json b/2019/19xxx/CVE-2019-19298.json new file mode 100644 index 00000000000..9c8582a9112 --- /dev/null +++ b/2019/19xxx/CVE-2019-19298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19299.json b/2019/19xxx/CVE-2019-19299.json new file mode 100644 index 00000000000..fb7d28f5ca9 --- /dev/null +++ b/2019/19xxx/CVE-2019-19299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19300.json b/2019/19xxx/CVE-2019-19300.json new file mode 100644 index 00000000000..9b388f6835c --- /dev/null +++ b/2019/19xxx/CVE-2019-19300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19301.json b/2019/19xxx/CVE-2019-19301.json new file mode 100644 index 00000000000..602a3094a93 --- /dev/null +++ b/2019/19xxx/CVE-2019-19301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19302.json b/2019/19xxx/CVE-2019-19302.json new file mode 100644 index 00000000000..a45b8898d87 --- /dev/null +++ b/2019/19xxx/CVE-2019-19302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19303.json b/2019/19xxx/CVE-2019-19303.json new file mode 100644 index 00000000000..b2fd510e0cc --- /dev/null +++ b/2019/19xxx/CVE-2019-19303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19304.json b/2019/19xxx/CVE-2019-19304.json new file mode 100644 index 00000000000..a0533664d9d --- /dev/null +++ b/2019/19xxx/CVE-2019-19304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19305.json b/2019/19xxx/CVE-2019-19305.json new file mode 100644 index 00000000000..228f50cfb1c --- /dev/null +++ b/2019/19xxx/CVE-2019-19305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19306.json b/2019/19xxx/CVE-2019-19306.json new file mode 100644 index 00000000000..c6717fbf453 --- /dev/null +++ b/2019/19xxx/CVE-2019-19306.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/16", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/16" + }, + { + "url": "https://wordpress.org/plugins/zoho-crm-forms/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/zoho-crm-forms/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3900.json b/2019/3xxx/CVE-2019-3900.json index 3357d5ff4e3..bbb8e6c290e 100644 --- a/2019/3xxx/CVE-2019-3900.json +++ b/2019/3xxx/CVE-2019-3900.json @@ -168,6 +168,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3836", "url": "https://access.redhat.com/errata/RHSA-2019:3836" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] }, diff --git a/2019/5xxx/CVE-2019-5489.json b/2019/5xxx/CVE-2019-5489.json index c0df9415963..dee4c3ae133 100644 --- a/2019/5xxx/CVE-2019-5489.json +++ b/2019/5xxx/CVE-2019-5489.json @@ -161,6 +161,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] } diff --git a/2019/6xxx/CVE-2019-6675.json b/2019/6xxx/CVE-2019-6675.json index 4575911411e..bb238c1e15e 100644 --- a/2019/6xxx/CVE-2019-6675.json +++ b/2019/6xxx/CVE-2019-6675.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6675", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6675", + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K55655944?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K55655944?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K55655944", + "url": "https://support.f5.com/csp/article/K55655944" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso" } ] } diff --git a/2019/6xxx/CVE-2019-6974.json b/2019/6xxx/CVE-2019-6974.json index 1d707d333c2..6b0e4db84d1 100644 --- a/2019/6xxx/CVE-2019-6974.json +++ b/2019/6xxx/CVE-2019-6974.json @@ -181,6 +181,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K11186236?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K11186236?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] } diff --git a/2019/7xxx/CVE-2019-7221.json b/2019/7xxx/CVE-2019-7221.json index 450ac044d70..590e489cdb3 100644 --- a/2019/7xxx/CVE-2019-7221.json +++ b/2019/7xxx/CVE-2019-7221.json @@ -161,6 +161,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K08413011", "url": "https://support.f5.com/csp/article/K08413011" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3967", + "url": "https://access.redhat.com/errata/RHSA-2019:3967" } ] }