From 6605c892057c7a36d05a5266a22751dfb34d668a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 19 Jul 2019 15:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/1010xxx/CVE-2019-1010245.json | 61 +++++- 2019/1010xxx/CVE-2019-1010247.json | 66 +++++- 2019/13xxx/CVE-2019-13979.json | 67 ++++++ 2019/13xxx/CVE-2019-13980.json | 62 ++++++ 2019/13xxx/CVE-2019-13981.json | 67 ++++++ 2019/13xxx/CVE-2019-13982.json | 62 ++++++ 2019/13xxx/CVE-2019-13983.json | 67 ++++++ 2019/13xxx/CVE-2019-13984.json | 67 ++++++ 2019/1xxx/CVE-2019-1068.json | 314 +++++++++++++++-------------- 2019/1xxx/CVE-2019-1082.json | 226 +++++++++++---------- 2019/1xxx/CVE-2019-1167.json | 116 +++++------ 11 files changed, 838 insertions(+), 337 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13979.json create mode 100644 2019/13xxx/CVE-2019-13980.json create mode 100644 2019/13xxx/CVE-2019-13981.json create mode 100644 2019/13xxx/CVE-2019-13982.json create mode 100644 2019/13xxx/CVE-2019-13983.json create mode 100644 2019/13xxx/CVE-2019-13984.json diff --git a/2019/1010xxx/CVE-2019-1010245.json b/2019/1010xxx/CVE-2019-1010245.json index e678ef3855f..506cf904df6 100644 --- a/2019/1010xxx/CVE-2019-1010245.json +++ b/2019/1010xxx/CVE-2019-1010245.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010245", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ONOS SDN Controller", + "version": { + "version_data": [ + { + "version_value": "1.15 and earlier versions [fixed: 1.15]" + } + ] + } + } + ] + }, + "vendor_name": "The Linux Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv", + "refsource": "MISC", + "name": "https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv" + }, + { + "url": "https://gerrit.onosproject.org/#/c/20767/", + "refsource": "MISC", + "name": "https://gerrit.onosproject.org/#/c/20767/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010247.json b/2019/1010xxx/CVE-2019-1010247.json index 47af9be7ae6..e7d12ca94e7 100644 --- a/2019/1010xxx/CVE-2019-1010247.json +++ b/2019/1010xxx/CVE-2019-1010247.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mod_auth_openidc", + "version": { + "version_data": [ + { + "version_value": "2.3.10.1 and earlier [fixed: 2.3.10.2]" + } + ] + } + } + ] + }, + "vendor_name": "ZmartZone IAM" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2", + "refsource": "MISC", + "name": "https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2" + }, + { + "url": "https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b", + "refsource": "MISC", + "name": "https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b" + }, + { + "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt", + "refsource": "MISC", + "name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt" } ] } diff --git a/2019/13xxx/CVE-2019-13979.json b/2019/13xxx/CVE-2019-13979.json new file mode 100644 index 00000000000..372f020f475 --- /dev/null +++ b/2019/13xxx/CVE-2019-13979.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/directus/api/issues/979", + "refsource": "MISC", + "name": "https://github.com/directus/api/issues/979" + }, + { + "url": "https://github.com/directus/api/projects/42", + "refsource": "MISC", + "name": "https://github.com/directus/api/projects/42" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13980.json b/2019/13xxx/CVE-2019-13980.json new file mode 100644 index 00000000000..576981a4ab8 --- /dev/null +++ b/2019/13xxx/CVE-2019-13980.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/directus/api/issues/979", + "refsource": "MISC", + "name": "https://github.com/directus/api/issues/979" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13981.json b/2019/13xxx/CVE-2019-13981.json new file mode 100644 index 00000000000..bf60820c9b1 --- /dev/null +++ b/2019/13xxx/CVE-2019-13981.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/directus/api/issues/987", + "refsource": "MISC", + "name": "https://github.com/directus/api/issues/987" + }, + { + "url": "https://github.com/directus/api/issues/986", + "refsource": "MISC", + "name": "https://github.com/directus/api/issues/986" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13982.json b/2019/13xxx/CVE-2019-13982.json new file mode 100644 index 00000000000..86794e5a057 --- /dev/null +++ b/2019/13xxx/CVE-2019-13982.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/directus/app/commit/f010b49eef1526fe0882078bb4a07688e8cc92c1", + "refsource": "MISC", + "name": "https://github.com/directus/app/commit/f010b49eef1526fe0882078bb4a07688e8cc92c1" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13983.json b/2019/13xxx/CVE-2019-13983.json new file mode 100644 index 00000000000..e65586104d7 --- /dev/null +++ b/2019/13xxx/CVE-2019-13983.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/directus/api/issues/991", + "refsource": "MISC", + "name": "https://github.com/directus/api/issues/991" + }, + { + "url": "https://github.com/directus/api/projects/43", + "refsource": "MISC", + "name": "https://github.com/directus/api/projects/43" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13984.json b/2019/13xxx/CVE-2019-13984.json new file mode 100644 index 00000000000..021aa0bd0eb --- /dev/null +++ b/2019/13xxx/CVE-2019-13984.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/directus/api/issues/981", + "refsource": "MISC", + "name": "https://github.com/directus/api/issues/981" + }, + { + "url": "https://github.com/directus/api/projects/44", + "refsource": "MISC", + "name": "https://github.com/directus/api/projects/44" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1068.json b/2019/1xxx/CVE-2019-1068.json index ee7b025ffae..0ced09d44d0 100644 --- a/2019/1xxx/CVE-2019-1068.json +++ b/2019/1xxx/CVE-2019-1068.json @@ -1,162 +1,164 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1068", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (GDR)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server", - "version": { - "version_data": [ - { - "version_value": "2014 Service Pack 2 for 32-bit Systems (CU)" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server", + "version": { + "version_data": [ + { + "version_value": "2014 Service Pack 2 for 32-bit Systems (CU)" + }, + { + "version_value": "2014 Service Pack 2 for x64-based Systems (CU)" + }, + { + "version_value": "2016 for x64-based Systems Service Pack 1 (CU)" + }, + { + "version_value": "2017 for x64-based Systems (CU)" + }, + { + "version_value": "2016 for x64-based Systems Service Pack 2 (CU)" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 for x64-based Systems (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "2014 Service Pack 2 for x64-based Systems (CU)" - }, - { - "version_value": "2016 for x64-based Systems Service Pack 1 (CU)" - }, - { - "version_value": "2017 for x64-based Systems (CU)" - }, - { - "version_value": "2016 for x64-based Systems Service Pack 2 (CU)" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (GDR)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server 2017 for x64-based Systems (GDR)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka \u0027Microsoft SQL Server Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1082.json b/2019/1xxx/CVE-2019-1082.json index 8bfee0a1786..13756544372 100644 --- a/2019/1xxx/CVE-2019-1082.json +++ b/2019/1xxx/CVE-2019-1082.json @@ -1,118 +1,120 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1082", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "7 for 32-bit Systems Service Pack 1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1074." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1074." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1167.json b/2019/1xxx/CVE-2019-1167.json index 0ded07cd7b4..a1ec3e83a2c 100644 --- a/2019/1xxx/CVE-2019-1167.json +++ b/2019/1xxx/CVE-2019-1167.json @@ -1,63 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-1167", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PowerShell Core", - "version": { - "version_data": [ - { - "version_value": "6.1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerShell Core", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + } + ] + } + } + ] }, - { - "version_value": "6.2" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka \u0027Windows Defender Application Control Security Feature Bypass Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Security Feature Bypass" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167" + } + ] + } +} \ No newline at end of file