From 52fbf6d4302d9144a9f32edab43ff87f57947d4a Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Fri, 25 Oct 2019 12:28:15 -0400 Subject: [PATCH 01/34] IBM20191025-122815 Added CVE-2019-4400, CVE-2019-4394, CVE-2019-4399, CVE-2019-4461, CVE-2019-4036, CVE-2019-4396, CVE-2019-4395 --- 2019/4xxx/CVE-2019-4036.json | 102 ++++++++++++++++++++---- 2019/4xxx/CVE-2019-4394.json | 147 +++++++++++++++++++++++++++++++---- 2019/4xxx/CVE-2019-4395.json | 147 +++++++++++++++++++++++++++++++---- 2019/4xxx/CVE-2019-4396.json | 147 +++++++++++++++++++++++++++++++---- 2019/4xxx/CVE-2019-4399.json | 147 +++++++++++++++++++++++++++++++---- 2019/4xxx/CVE-2019-4400.json | 147 +++++++++++++++++++++++++++++++---- 2019/4xxx/CVE-2019-4461.json | 147 +++++++++++++++++++++++++++++++---- 7 files changed, 879 insertions(+), 105 deletions(-) diff --git a/2019/4xxx/CVE-2019-4036.json b/2019/4xxx/CVE-2019-4036.json index b009e63d84b..7fc3f1687d6 100644 --- a/2019/4xxx/CVE-2019-4036.json +++ b/2019/4xxx/CVE-2019-4036.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4036", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Access Manager", + "version" : { + "version_data" : [ + { + "version_value" : " " + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4036", + "DATE_PUBLIC" : "2019-09-09T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "C" : "N", + "UI" : "N", + "A" : "H", + "PR" : "N", + "AV" : "N", + "SCORE" : "7.500", + "AC" : "L", + "I" : "N" + }, + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1072704", + "title" : "IBM Security Bulletin 1072704 (Security Access Manager)", + "url" : "https://www.ibm.com/support/pages/node/1072704" + }, + { + "refsource" : "XF", + "name" : "ibm-sam-cve20194036-dos (156159)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159" + } + ] + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0" +} diff --git a/2019/4xxx/CVE-2019-4394.json b/2019/4xxx/CVE-2019-4394.json index 5d059158dec..5296aa52372 100644 --- a/2019/4xxx/CVE-2019-4394.json +++ b/2019/4xxx/CVE-2019-4394.json @@ -1,18 +1,135 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4394", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "AV" : "L", + "SCORE" : "2.300", + "AC" : "L", + "I" : "L", + "PR" : "H", + "A" : "N", + "UI" : "N", + "S" : "U", + "C" : "N" + } + } + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Orchestrator", + "version" : { + "version_data" : [ + { + "version_value" : "2.4" + }, + { + "version_value" : "2.4.0.1" + }, + { + "version_value" : "2.4.0.2" + }, + { + "version_value" : "2.5" + }, + { + "version_value" : "2.5.0.1" + }, + { + "version_value" : "2.4.0.3" + }, + { + "version_value" : "2.5.0.2" + }, + { + "version_value" : "2.4.0.4" + }, + { + "version_value" : "2.5.0.3" + }, + { + "version_value" : "2.5.0.4" + }, + { + "version_value" : "2.4.0.5" + }, + { + "version_value" : "2.5.0.5" + }, + { + "version_value" : "2.5.0.6" + }, + { + "version_value" : "2.5.0.7" + }, + { + "version_value" : "2.5.0.8" + }, + { + "version_value" : "2.5.0.9" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-10-23T00:00:00", + "ID" : "CVE-2019-4394" + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1097301", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1097301", + "title" : "IBM Security Bulletin 1097301 (Cloud Orchestrator)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-co-cve20194394-sec-bypass (162232)", + "refsource" : "XF" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Bypass Security" + } + ] + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4395.json b/2019/4xxx/CVE-2019-4395.json index cbc5bd28eb1..7c7e54eea92 100644 --- a/2019/4xxx/CVE-2019-4395.json +++ b/2019/4xxx/CVE-2019-4395.json @@ -1,18 +1,135 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4395", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333." + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1097175", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1097175", + "title" : "IBM Security Bulletin 1097175 (Cloud Orchestrator)" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-co-cve20194395-info-disc (162233)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162233" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "C" : "L", + "A" : "N", + "UI" : "N", + "AC" : "L", + "SCORE" : "4.000", + "I" : "N", + "AV" : "L", + "PR" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "data_type" : "CVE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.4" + }, + { + "version_value" : "2.4.0.1" + }, + { + "version_value" : "2.4.0.2" + }, + { + "version_value" : "2.5" + }, + { + "version_value" : "2.5.0.1" + }, + { + "version_value" : "2.4.0.3" + }, + { + "version_value" : "2.5.0.2" + }, + { + "version_value" : "2.4.0.4" + }, + { + "version_value" : "2.5.0.3" + }, + { + "version_value" : "2.5.0.4" + }, + { + "version_value" : "2.4.0.5" + }, + { + "version_value" : "2.5.0.5" + }, + { + "version_value" : "2.5.0.6" + }, + { + "version_value" : "2.5.0.7" + }, + { + "version_value" : "2.5.0.8" + }, + { + "version_value" : "2.5.0.9" + } + ] + }, + "product_name" : "Cloud Orchestrator" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-10-23T00:00:00", + "ID" : "CVE-2019-4395" + } +} diff --git a/2019/4xxx/CVE-2019-4396.json b/2019/4xxx/CVE-2019-4396.json index 918d6103bd1..e5a80961d86 100644 --- a/2019/4xxx/CVE-2019-4396.json +++ b/2019/4xxx/CVE-2019-4396.json @@ -1,18 +1,135 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4396", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1096354", + "name" : "https://www.ibm.com/support/pages/node/1096354", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 1096354 (Cloud Orchestrator)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-co-cve20194396-http-response (162236)" + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.4" + }, + { + "version_value" : "2.4.0.1" + }, + { + "version_value" : "2.4.0.2" + }, + { + "version_value" : "2.5" + }, + { + "version_value" : "2.5.0.1" + }, + { + "version_value" : "2.4.0.3" + }, + { + "version_value" : "2.5.0.2" + }, + { + "version_value" : "2.4.0.4" + }, + { + "version_value" : "2.5.0.3" + }, + { + "version_value" : "2.5.0.4" + }, + { + "version_value" : "2.4.0.5" + }, + { + "version_value" : "2.5.0.5" + }, + { + "version_value" : "2.5.0.6" + }, + { + "version_value" : "2.5.0.7" + }, + { + "version_value" : "2.5.0.8" + }, + { + "version_value" : "2.5.0.9" + } + ] + }, + "product_name" : "Cloud Orchestrator" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2019-10-23T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4396" + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "SCORE" : "5.400", + "AC" : "L", + "I" : "L", + "PR" : "L", + "A" : "N", + "UI" : "R", + "C" : "L", + "S" : "C" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_type" : "CVE", + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.", + "lang" : "eng" + } + ] + }, + "data_version" : "4.0" +} diff --git a/2019/4xxx/CVE-2019-4399.json b/2019/4xxx/CVE-2019-4399.json index 6f078061242..50a0473aa17 100644 --- a/2019/4xxx/CVE-2019-4399.json +++ b/2019/4xxx/CVE-2019-4399.json @@ -1,18 +1,135 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4399", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.", + "lang" : "eng" + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/1097307", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 1097307 (Cloud Orchestrator)", + "url" : "https://www.ibm.com/support/pages/node/1097307" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162260", + "name" : "ibm-co-cve20194399-info-disc (162260)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "I" : "N", + "SCORE" : "5.900", + "AV" : "N", + "AC" : "H", + "PR" : "N", + "S" : "U", + "C" : "H", + "A" : "N", + "UI" : "N" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Orchestrator", + "version" : { + "version_data" : [ + { + "version_value" : "2.4" + }, + { + "version_value" : "2.4.0.1" + }, + { + "version_value" : "2.4.0.2" + }, + { + "version_value" : "2.5" + }, + { + "version_value" : "2.5.0.1" + }, + { + "version_value" : "2.4.0.3" + }, + { + "version_value" : "2.5.0.2" + }, + { + "version_value" : "2.4.0.4" + }, + { + "version_value" : "2.5.0.3" + }, + { + "version_value" : "2.5.0.4" + }, + { + "version_value" : "2.4.0.5" + }, + { + "version_value" : "2.5.0.5" + }, + { + "version_value" : "2.5.0.6" + }, + { + "version_value" : "2.5.0.7" + }, + { + "version_value" : "2.5.0.8" + }, + { + "version_value" : "2.5.0.9" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-10-23T00:00:00", + "ID" : "CVE-2019-4399" + } +} diff --git a/2019/4xxx/CVE-2019-4400.json b/2019/4xxx/CVE-2019-4400.json index 686a28068ef..a53967de840 100644 --- a/2019/4xxx/CVE-2019-4400.json +++ b/2019/4xxx/CVE-2019-4400.json @@ -1,18 +1,135 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4400", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1077129", + "title" : "IBM Security Bulletin 1077129 (Cloud Orchestrator)", + "name" : "https://www.ibm.com/support/pages/node/1077129", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162261", + "name" : "ibm-co-cve20194400-info-disc (162261)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Orchestrator", + "version" : { + "version_data" : [ + { + "version_value" : "2.4" + }, + { + "version_value" : "2.4.0.1" + }, + { + "version_value" : "2.4.0.2" + }, + { + "version_value" : "2.5" + }, + { + "version_value" : "2.5.0.1" + }, + { + "version_value" : "2.4.0.3" + }, + { + "version_value" : "2.5.0.2" + }, + { + "version_value" : "2.4.0.4" + }, + { + "version_value" : "2.5.0.3" + }, + { + "version_value" : "2.5.0.4" + }, + { + "version_value" : "2.4.0.5" + }, + { + "version_value" : "2.5.0.5" + }, + { + "version_value" : "2.5.0.6" + }, + { + "version_value" : "2.5.0.7" + }, + { + "version_value" : "2.5.0.8" + }, + { + "version_value" : "2.5.0.9" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-10-23T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4400" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "SCORE" : "4.300", + "AC" : "L", + "AV" : "N", + "I" : "N", + "PR" : "L", + "C" : "L", + "S" : "U", + "A" : "N", + "UI" : "N" + } + } + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261." + } + ] + } +} diff --git a/2019/4xxx/CVE-2019-4461.json b/2019/4xxx/CVE-2019-4461.json index dd6f6112786..00bc5b2bd92 100644 --- a/2019/4xxx/CVE-2019-4461.json +++ b/2019/4xxx/CVE-2019-4461.json @@ -1,18 +1,135 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4461", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Cloud Orchestrator", + "version" : { + "version_data" : [ + { + "version_value" : "2.4" + }, + { + "version_value" : "2.4.0.1" + }, + { + "version_value" : "2.4.0.2" + }, + { + "version_value" : "2.5" + }, + { + "version_value" : "2.5.0.1" + }, + { + "version_value" : "2.4.0.3" + }, + { + "version_value" : "2.5.0.2" + }, + { + "version_value" : "2.4.0.4" + }, + { + "version_value" : "2.5.0.3" + }, + { + "version_value" : "2.5.0.4" + }, + { + "version_value" : "2.4.0.5" + }, + { + "version_value" : "2.5.0.5" + }, + { + "version_value" : "2.5.0.6" + }, + { + "version_value" : "2.5.0.7" + }, + { + "version_value" : "2.5.0.8" + }, + { + "version_value" : "2.5.0.9" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4461", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-10-23T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "AV" : "N", + "SCORE" : "5.400", + "AC" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "C" : "L", + "A" : "N", + "UI" : "R" + } + } + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/1072684", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/1072684", + "title" : "IBM Security Bulletin 1072684 (Cloud Orchestrator)" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-co-cve20194461-response-splitting (163682)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682" + } + ] + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.", + "lang" : "eng" + } + ] + } +} From ab965cf39b97e134b720bd9f843d7e0e7f89def0 Mon Sep 17 00:00:00 2001 From: zdi-team Date: Fri, 25 Oct 2019 11:52:32 -0500 Subject: [PATCH 02/34] ZDI assigns the following Foxit CVEs A 2019/17xxx/CVE-2019-17138.json A 2019/17xxx/CVE-2019-17139.json A 2019/17xxx/CVE-2019-17140.json A 2019/17xxx/CVE-2019-17141.json A 2019/17xxx/CVE-2019-17142.json A 2019/17xxx/CVE-2019-17143.json A 2019/17xxx/CVE-2019-17144.json A 2019/17xxx/CVE-2019-17145.json --- 2019/17xxx/CVE-2019-17138.json | 70 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17139.json | 70 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17140.json | 70 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17141.json | 70 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17142.json | 70 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17143.json | 67 ++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17144.json | 67 ++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17145.json | 67 ++++++++++++++++++++++++++++++++ 8 files changed, 551 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17138.json create mode 100644 2019/17xxx/CVE-2019-17139.json create mode 100644 2019/17xxx/CVE-2019-17140.json create mode 100644 2019/17xxx/CVE-2019-17141.json create mode 100644 2019/17xxx/CVE-2019-17142.json create mode 100644 2019/17xxx/CVE-2019-17143.json create mode 100644 2019/17xxx/CVE-2019-17144.json create mode 100644 2019/17xxx/CVE-2019-17145.json diff --git a/2019/17xxx/CVE-2019-17138.json b/2019/17xxx/CVE-2019-17138.json new file mode 100644 index 00000000000..000bcc57fbc --- /dev/null +++ b/2019/17xxx/CVE-2019-17138.json @@ -0,0 +1,70 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.909" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Steven Seeley (mr_me) of Source Incite", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/" + }, + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + } +} diff --git a/2019/17xxx/CVE-2019-17139.json b/2019/17xxx/CVE-2019-17139.json new file mode 100644 index 00000000000..fc2d0ef1279 --- /dev/null +++ b/2019/17xxx/CVE-2019-17139.json @@ -0,0 +1,70 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.5.0.20723" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/" + }, + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2019/17xxx/CVE-2019-17140.json b/2019/17xxx/CVE-2019-17140.json new file mode 100644 index 00000000000..fb07bf6c265 --- /dev/null +++ b/2019/17xxx/CVE-2019-17140.json @@ -0,0 +1,70 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/" + }, + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2019/17xxx/CVE-2019-17141.json b/2019/17xxx/CVE-2019-17141.json new file mode 100644 index 00000000000..90c2581e62c --- /dev/null +++ b/2019/17xxx/CVE-2019-17141.json @@ -0,0 +1,70 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/" + }, + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2019/17xxx/CVE-2019-17142.json b/2019/17xxx/CVE-2019-17142.json new file mode 100644 index 00000000000..4eac31523ff --- /dev/null +++ b/2019/17xxx/CVE-2019-17142.json @@ -0,0 +1,70 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/" + }, + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2019/17xxx/CVE-2019-17143.json b/2019/17xxx/CVE-2019-17143.json new file mode 100644 index 00000000000..97880b2e418 --- /dev/null +++ b/2019/17xxx/CVE-2019-17143.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + } +} diff --git a/2019/17xxx/CVE-2019-17144.json b/2019/17xxx/CVE-2019-17144.json new file mode 100644 index 00000000000..4668c5f8b5a --- /dev/null +++ b/2019/17xxx/CVE-2019-17144.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2019/17xxx/CVE-2019-17145.json b/2019/17xxx/CVE-2019-17145.json new file mode 100644 index 00000000000..78024b977ad --- /dev/null +++ b/2019/17xxx/CVE-2019-17145.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "mrpowell", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} From 813e86eb818e6409b94e55e4ac5646cbc9b5d856 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Oct 2019 17:01:12 +0000 Subject: [PATCH 03/34] "-Synchronized-Data." --- 2013/4xxx/CVE-2013-4658.json | 58 ++++++- 2013/4xxx/CVE-2013-4848.json | 68 ++++++++- 2019/14xxx/CVE-2019-14451.json | 67 +++++++++ 2019/16xxx/CVE-2019-16265.json | 67 +++++++++ 2019/4xxx/CVE-2019-4036.json | 176 +++++++++++----------- 2019/4xxx/CVE-2019-4394.json | 262 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4395.json | 264 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4396.json | 264 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4399.json | 264 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4400.json | 264 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4461.json | 266 ++++++++++++++++----------------- 11 files changed, 1136 insertions(+), 884 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14451.json create mode 100644 2019/16xxx/CVE-2019-16265.json diff --git a/2013/4xxx/CVE-2013-4658.json b/2013/4xxx/CVE-2013-4658.json index 45c43f3cea9..953a52d073a 100644 --- a/2013/4xxx/CVE-2013-4658.json +++ b/2013/4xxx/CVE-2013-4658.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4658", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", + "url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf" } ] } diff --git a/2013/4xxx/CVE-2013-4848.json b/2013/4xxx/CVE-2013-4848.json index e2a76e3f7a1..76e72fa2793 100644 --- a/2013/4xxx/CVE-2013-4848.json +++ b/2013/4xxx/CVE-2013-4848.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4848", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", + "url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/62884/info", + "url": "https://www.securityfocus.com/bid/62884/info" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.10495", + "url": "https://vuldb.com/?id.10495" } ] } diff --git a/2019/14xxx/CVE-2019-14451.json b/2019/14xxx/CVE-2019-14451.json new file mode 100644 index 00000000000..9aeda5f9393 --- /dev/null +++ b/2019/14xxx/CVE-2019-14451.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an \"external command\" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.repetier-server.com/manuals/0.91/index.html", + "refsource": "MISC", + "name": "https://www.repetier-server.com/manuals/0.91/index.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.repetier-server.com/knowledgebase/security-advisory/", + "url": "https://www.repetier-server.com/knowledgebase/security-advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16265.json b/2019/16xxx/CVE-2019-16265.json new file mode 100644 index 00000000000..caf7b680408 --- /dev/null +++ b/2019/16xxx/CVE-2019-16265.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.codesys.com", + "refsource": "MISC", + "name": "https://www.codesys.com" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf", + "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4036.json b/2019/4xxx/CVE-2019-4036.json index 7fc3f1687d6..5172fbef791 100644 --- a/2019/4xxx/CVE-2019-4036.json +++ b/2019/4xxx/CVE-2019-4036.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : " " - } - ] - } - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4036", - "DATE_PUBLIC" : "2019-09-09T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "C" : "N", - "UI" : "N", - "A" : "H", - "PR" : "N", - "AV" : "N", - "SCORE" : "7.500", - "AC" : "L", - "I" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Access Manager", + "version": { + "version_data": [ + { + "version_value": " " + } + ] + } + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1072704", - "title" : "IBM Security Bulletin 1072704 (Security Access Manager)", - "url" : "https://www.ibm.com/support/pages/node/1072704" - }, - { - "refsource" : "XF", - "name" : "ibm-sam-cve20194036-dos (156159)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159" - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0" -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4036", + "DATE_PUBLIC": "2019-09-09T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "C": "N", + "UI": "N", + "A": "H", + "PR": "N", + "AV": "N", + "SCORE": "7.500", + "AC": "L", + "I": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1072704", + "title": "IBM Security Bulletin 1072704 (Security Access Manager)", + "url": "https://www.ibm.com/support/pages/node/1072704" + }, + { + "refsource": "XF", + "name": "ibm-sam-cve20194036-dos (156159)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159" + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", + "lang": "eng" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4394.json b/2019/4xxx/CVE-2019-4394.json index 5296aa52372..bdc1fbc2e81 100644 --- a/2019/4xxx/CVE-2019-4394.json +++ b/2019/4xxx/CVE-2019-4394.json @@ -1,135 +1,135 @@ { - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "AV" : "L", - "SCORE" : "2.300", - "AC" : "L", - "I" : "L", - "PR" : "H", - "A" : "N", - "UI" : "N", - "S" : "U", - "C" : "N" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - } + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.", + "lang": "eng" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ID" : "CVE-2019-4394" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1097301", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1097301", - "title" : "IBM Security Bulletin 1097301 (Cloud Orchestrator)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-co-cve20194394-sec-bypass (162232)", - "refsource" : "XF" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "AV": "L", + "SCORE": "2.300", + "AC": "L", + "I": "L", + "PR": "H", + "A": "N", + "UI": "N", + "S": "U", + "C": "N" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ID": "CVE-2019-4394" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1097301", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1097301", + "title": "IBM Security Bulletin 1097301 (Cloud Orchestrator)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232", + "title": "X-Force Vulnerability Report", + "name": "ibm-co-cve20194394-sec-bypass (162232)", + "refsource": "XF" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4395.json b/2019/4xxx/CVE-2019-4395.json index 7c7e54eea92..b084d366a26 100644 --- a/2019/4xxx/CVE-2019-4395.json +++ b/2019/4xxx/CVE-2019-4395.json @@ -1,135 +1,135 @@ { - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333." - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1097175", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1097175", - "title" : "IBM Security Bulletin 1097175 (Cloud Orchestrator)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-co-cve20194395-info-disc (162233)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162233" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "C" : "L", - "A" : "N", - "UI" : "N", - "AC" : "L", - "SCORE" : "4.000", - "I" : "N", - "AV" : "L", - "PR" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - }, - "product_name" : "Cloud Orchestrator" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333." } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ID" : "CVE-2019-4395" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1097175", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1097175", + "title": "IBM Security Bulletin 1097175 (Cloud Orchestrator)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-co-cve20194395-info-disc (162233)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162233" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "C": "L", + "A": "N", + "UI": "N", + "AC": "L", + "SCORE": "4.000", + "I": "N", + "AV": "L", + "PR": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + }, + "product_name": "Cloud Orchestrator" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ID": "CVE-2019-4395" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4396.json b/2019/4xxx/CVE-2019-4396.json index e5a80961d86..7d607d506c3 100644 --- a/2019/4xxx/CVE-2019-4396.json +++ b/2019/4xxx/CVE-2019-4396.json @@ -1,135 +1,135 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1096354", - "name" : "https://www.ibm.com/support/pages/node/1096354", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1096354 (Cloud Orchestrator)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-co-cve20194396-http-response (162236)" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - }, - "product_name" : "Cloud Orchestrator" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4396" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "SCORE" : "5.400", - "AC" : "L", - "I" : "L", - "PR" : "L", - "A" : "N", - "UI" : "R", - "C" : "L", - "S" : "C" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1096354", + "name": "https://www.ibm.com/support/pages/node/1096354", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1096354 (Cloud Orchestrator)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162236", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-co-cve20194396-http-response (162236)" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + }, + "product_name": "Cloud Orchestrator" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-10-23T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4396" + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "SCORE": "5.400", + "AC": "L", + "I": "L", + "PR": "L", + "A": "N", + "UI": "R", + "C": "L", + "S": "C" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.", + "lang": "eng" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4399.json b/2019/4xxx/CVE-2019-4399.json index 50a0473aa17..af50950d2e0 100644 --- a/2019/4xxx/CVE-2019-4399.json +++ b/2019/4xxx/CVE-2019-4399.json @@ -1,135 +1,135 @@ { - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1097307", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1097307 (Cloud Orchestrator)", - "url" : "https://www.ibm.com/support/pages/node/1097307" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162260", - "name" : "ibm-co-cve20194399-info-disc (162260)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "I" : "N", - "SCORE" : "5.900", - "AV" : "N", - "AC" : "H", - "PR" : "N", - "S" : "U", - "C" : "H", - "A" : "N", - "UI" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - } + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.", + "lang": "eng" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ID" : "CVE-2019-4399" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1097307", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1097307 (Cloud Orchestrator)", + "url": "https://www.ibm.com/support/pages/node/1097307" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162260", + "name": "ibm-co-cve20194399-info-disc (162260)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "I": "N", + "SCORE": "5.900", + "AV": "N", + "AC": "H", + "PR": "N", + "S": "U", + "C": "H", + "A": "N", + "UI": "N" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ID": "CVE-2019-4399" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4400.json b/2019/4xxx/CVE-2019-4400.json index a53967de840..5ca8db99e5d 100644 --- a/2019/4xxx/CVE-2019-4400.json +++ b/2019/4xxx/CVE-2019-4400.json @@ -1,135 +1,135 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1077129", - "title" : "IBM Security Bulletin 1077129 (Cloud Orchestrator)", - "name" : "https://www.ibm.com/support/pages/node/1077129", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162261", - "name" : "ibm-co-cve20194400-info-disc (162261)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4400" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "SCORE" : "4.300", - "AC" : "L", - "AV" : "N", - "I" : "N", - "PR" : "L", - "C" : "L", - "S" : "U", - "A" : "N", - "UI" : "N" - } - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261." - } - ] - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1077129", + "title": "IBM Security Bulletin 1077129 (Cloud Orchestrator)", + "name": "https://www.ibm.com/support/pages/node/1077129", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162261", + "name": "ibm-co-cve20194400-info-disc (162261)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4400" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "SCORE": "4.300", + "AC": "L", + "AV": "N", + "I": "N", + "PR": "L", + "C": "L", + "S": "U", + "A": "N", + "UI": "N" + } + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4461.json b/2019/4xxx/CVE-2019-4461.json index 00bc5b2bd92..bbe5a0dbf84 100644 --- a/2019/4xxx/CVE-2019-4461.json +++ b/2019/4xxx/CVE-2019-4461.json @@ -1,135 +1,135 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4461", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "N", - "SCORE" : "5.400", - "AC" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "C" : "L", - "A" : "N", - "UI" : "R" - } - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1072684", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1072684", - "title" : "IBM Security Bulletin 1072684 (Cloud Orchestrator)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-co-cve20194461-response-splitting (163682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4461", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AV": "N", + "SCORE": "5.400", + "AC": "L", + "I": "L", + "PR": "L", + "S": "C", + "C": "L", + "A": "N", + "UI": "R" + } + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1072684", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1072684", + "title": "IBM Security Bulletin 1072684 (Cloud Orchestrator)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-co-cve20194461-response-splitting (163682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682" + } + ] + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.", + "lang": "eng" + } + ] + } +} \ No newline at end of file From 6bc33dd42497f4eeb8d30e234ebd13bade7d70f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Oct 2019 18:01:02 +0000 Subject: [PATCH 04/34] "-Synchronized-Data." --- 2018/5xxx/CVE-2018-5390.json | 5 +++ 2019/13xxx/CVE-2019-13525.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13546.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13549.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13553.json | 62 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15587.json | 5 +++ 2019/5xxx/CVE-2019-5114.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5116.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5117.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5119.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5120.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5121.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5122.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5123.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5127.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5128.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5129.json | 58 +++++++++++++++++++++++++++---- 17 files changed, 819 insertions(+), 77 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13525.json create mode 100644 2019/13xxx/CVE-2019-13546.json create mode 100644 2019/13xxx/CVE-2019-13549.json create mode 100644 2019/13xxx/CVE-2019-13553.json diff --git a/2018/5xxx/CVE-2018-5390.json b/2018/5xxx/CVE-2018-5390.json index 685d21ba370..b6df957bf07 100644 --- a/2018/5xxx/CVE-2018-5390.json +++ b/2018/5xxx/CVE-2018-5390.json @@ -244,6 +244,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K95343321?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support&utm_medium=RSS" } ] }, diff --git a/2019/13xxx/CVE-2019-13525.json b/2019/13xxx/CVE-2019-13525.json new file mode 100644 index 00000000000..cfe66a42e9f --- /dev/null +++ b/2019/13xxx/CVE-2019-13525.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13525", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honeywell IP-AK2", + "version": { + "version_data": [ + { + "version_value": "IP-AK2 Access Control Panel Version 1.04.07 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-297-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-297-02" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13546.json b/2019/13xxx/CVE-2019-13546.json new file mode 100644 index 00000000000..407b9557ba4 --- /dev/null +++ b/2019/13xxx/CVE-2019-13546.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13546", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IntelliSpace Perinatal", + "version": { + "version_data": [ + { + "version_value": "Versions K and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13549.json b/2019/13xxx/CVE-2019-13549.json new file mode 100644 index 00000000000..23963b636a1 --- /dev/null +++ b/2019/13xxx/CVE-2019-13549.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13549", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rittal Chiller SK 3232-Series", + "version": { + "version_data": [ + { + "version_value": "Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 \u2013 B1.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-297-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-297-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 \u2013 B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13553.json b/2019/13xxx/CVE-2019-13553.json new file mode 100644 index 00000000000..a6ec1231177 --- /dev/null +++ b/2019/13xxx/CVE-2019-13553.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13553", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rittal Chiller SK 3232-Series", + "version": { + "version_data": [ + { + "version_value": "Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 \u2013 B1.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-297-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-297-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 \u2013 B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15587.json b/2019/15xxx/CVE-2019-15587.json index 597292657b6..952187d7eac 100644 --- a/2019/15xxx/CVE-2019-15587.json +++ b/2019/15xxx/CVE-2019-15587.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/709009", "url": "https://hackerone.com/reports/709009" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/flavorjones/loofah/issues/171", + "url": "https://github.com/flavorjones/loofah/issues/171" } ] }, diff --git a/2019/5xxx/CVE-2019-5114.json b/2019/5xxx/CVE-2019-5114.json index 9b14983f245..3fe7f032179 100644 --- a/2019/5xxx/CVE-2019-5114.json +++ b/2019/5xxx/CVE-2019-5114.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5114", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5114", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 , YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0906", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0906" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system." } ] } diff --git a/2019/5xxx/CVE-2019-5116.json b/2019/5xxx/CVE-2019-5116.json index 6af5e9b9484..cdaec3cfa33 100644 --- a/2019/5xxx/CVE-2019-5116.json +++ b/2019/5xxx/CVE-2019-5116.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5116", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5116", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 ,YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0907", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0907" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system." } ] } diff --git a/2019/5xxx/CVE-2019-5117.json b/2019/5xxx/CVE-2019-5117.json index 3d9af720ced..6b509d8e93f 100644 --- a/2019/5xxx/CVE-2019-5117.json +++ b/2019/5xxx/CVE-2019-5117.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5117", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5117", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 ,YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0908", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0908" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system." } ] } diff --git a/2019/5xxx/CVE-2019-5119.json b/2019/5xxx/CVE-2019-5119.json index 0ffcbebf908..33667647841 100644 --- a/2019/5xxx/CVE-2019-5119.json +++ b/2019/5xxx/CVE-2019-5119.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5119", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5119", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 , YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0909", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0909" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system." } ] } diff --git a/2019/5xxx/CVE-2019-5120.json b/2019/5xxx/CVE-2019-5120.json index 5467ecda0aa..bc5b33950c2 100644 --- a/2019/5xxx/CVE-2019-5120.json +++ b/2019/5xxx/CVE-2019-5120.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5120", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5120", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 ,YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0910", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0910" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system." } ] } diff --git a/2019/5xxx/CVE-2019-5121.json b/2019/5xxx/CVE-2019-5121.json index d7684da14dd..0d1fde1dedc 100644 --- a/2019/5xxx/CVE-2019-5121.json +++ b/2019/5xxx/CVE-2019-5121.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5121", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5121", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 , YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0911", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0911" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php" } ] } diff --git a/2019/5xxx/CVE-2019-5122.json b/2019/5xxx/CVE-2019-5122.json index 34af1fdb180..e71c38a941d 100644 --- a/2019/5xxx/CVE-2019-5122.json +++ b/2019/5xxx/CVE-2019-5122.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5122", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5122", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 , YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0911", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0911" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php." } ] } diff --git a/2019/5xxx/CVE-2019-5123.json b/2019/5xxx/CVE-2019-5123.json index 9258e7c8673..bb69a9d9066 100644 --- a/2019/5xxx/CVE-2019-5123.json +++ b/2019/5xxx/CVE-2019-5123.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5123", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5123", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube 6.2 ,YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0911", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0911" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php." } ] } diff --git a/2019/5xxx/CVE-2019-5127.json b/2019/5xxx/CVE-2019-5127.json index c8be4aeef5b..dfc1798003a 100644 --- a/2019/5xxx/CVE-2019-5127.json +++ b/2019/5xxx/CVE-2019-5127.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5127", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5127", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube\"", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube Encoder 2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack." } ] } diff --git a/2019/5xxx/CVE-2019-5128.json b/2019/5xxx/CVE-2019-5128.json index f45f40ba8b0..1b2464ff875 100644 --- a/2019/5xxx/CVE-2019-5128.json +++ b/2019/5xxx/CVE-2019-5128.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5128", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5128", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube Encoder 2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack." } ] } diff --git a/2019/5xxx/CVE-2019-5129.json b/2019/5xxx/CVE-2019-5129.json index a2578e36f29..f0cba6530c5 100644 --- a/2019/5xxx/CVE-2019-5129.json +++ b/2019/5xxx/CVE-2019-5129.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5129", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5129", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YouPHPTube", + "version": { + "version_data": [ + { + "version_value": "YouPHPTube Encoder 2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack." } ] } From e5bf483a837c9c4c5f735d0f201303e64f465342 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Oct 2019 19:01:11 +0000 Subject: [PATCH 05/34] "-Synchronized-Data." --- 2017/6xxx/CVE-2017-6059.json | 5 ++ 2017/6xxx/CVE-2017-6062.json | 5 ++ 2017/6xxx/CVE-2017-6413.json | 5 ++ 2019/12xxx/CVE-2019-12402.json | 5 ++ 2019/12xxx/CVE-2019-12493.json | 5 ++ 2019/12xxx/CVE-2019-12515.json | 5 ++ 2019/12xxx/CVE-2019-12957.json | 5 ++ 2019/12xxx/CVE-2019-12958.json | 5 ++ 2019/13xxx/CVE-2019-13281.json | 5 ++ 2019/13xxx/CVE-2019-13282.json | 5 ++ 2019/13xxx/CVE-2019-13283.json | 5 ++ 2019/13xxx/CVE-2019-13286.json | 5 ++ 2019/14xxx/CVE-2019-14823.json | 5 ++ 2019/15xxx/CVE-2019-15903.json | 5 ++ 2019/17xxx/CVE-2019-17109.json | 5 ++ 2019/17xxx/CVE-2019-17138.json | 132 +++++++++++++++++---------------- 2019/17xxx/CVE-2019-17139.json | 132 +++++++++++++++++---------------- 2019/17xxx/CVE-2019-17140.json | 132 +++++++++++++++++---------------- 2019/17xxx/CVE-2019-17141.json | 132 +++++++++++++++++---------------- 2019/17xxx/CVE-2019-17142.json | 132 +++++++++++++++++---------------- 2019/17xxx/CVE-2019-17143.json | 124 ++++++++++++++++--------------- 2019/17xxx/CVE-2019-17144.json | 124 ++++++++++++++++--------------- 2019/17xxx/CVE-2019-17145.json | 124 ++++++++++++++++--------------- 2019/2xxx/CVE-2019-2114.json | 5 ++ 2019/5xxx/CVE-2019-5508.json | 58 +++++++++++++-- 25 files changed, 660 insertions(+), 510 deletions(-) diff --git a/2017/6xxx/CVE-2017-6059.json b/2017/6xxx/CVE-2017-6059.json index 97f78188d15..414826447eb 100644 --- a/2017/6xxx/CVE-2017-6059.json +++ b/2017/6xxx/CVE-2017-6059.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2112", "url": "https://access.redhat.com/errata/RHSA-2019:2112" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7b06f18a10", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" } ] } diff --git a/2017/6xxx/CVE-2017-6062.json b/2017/6xxx/CVE-2017-6062.json index 2e83b4e6e9c..247b986ad69 100644 --- a/2017/6xxx/CVE-2017-6062.json +++ b/2017/6xxx/CVE-2017-6062.json @@ -66,6 +66,11 @@ "name": "https://github.com/pingidentity/mod_auth_openidc/issues/222", "refsource": "CONFIRM", "url": "https://github.com/pingidentity/mod_auth_openidc/issues/222" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7b06f18a10", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" } ] } diff --git a/2017/6xxx/CVE-2017-6413.json b/2017/6xxx/CVE-2017-6413.json index 46b31ce4102..5a146d3ba8c 100644 --- a/2017/6xxx/CVE-2017-6413.json +++ b/2017/6xxx/CVE-2017-6413.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2112", "url": "https://access.redhat.com/errata/RHSA-2019:2112" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7b06f18a10", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 805b81e622f..4b8cb4a9ddd 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402", "url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea@%3Ccommits.creadur.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-c96a8d12b0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/" } ] }, diff --git a/2019/12xxx/CVE-2019-12493.json b/2019/12xxx/CVE-2019-12493.json index c0fab1efecc..2f18b2d540d 100644 --- a/2019/12xxx/CVE-2019-12493.json +++ b/2019/12xxx/CVE-2019-12493.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/12xxx/CVE-2019-12515.json b/2019/12xxx/CVE-2019-12515.json index 0fcabb67856..e2650e022ae 100644 --- a/2019/12xxx/CVE-2019-12515.json +++ b/2019/12xxx/CVE-2019-12515.json @@ -56,6 +56,11 @@ "url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar", "refsource": "MISC", "name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/12xxx/CVE-2019-12957.json b/2019/12xxx/CVE-2019-12957.json index 5d0dd4e3ca9..330ad69a449 100644 --- a/2019/12xxx/CVE-2019-12957.json +++ b/2019/12xxx/CVE-2019-12957.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/12xxx/CVE-2019-12958.json b/2019/12xxx/CVE-2019-12958.json index 2c0826eb000..92c174586ef 100644 --- a/2019/12xxx/CVE-2019-12958.json +++ b/2019/12xxx/CVE-2019-12958.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13281.json b/2019/13xxx/CVE-2019-13281.json index be8858facc2..e9fe2f3c000 100644 --- a/2019/13xxx/CVE-2019-13281.json +++ b/2019/13xxx/CVE-2019-13281.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13282.json b/2019/13xxx/CVE-2019-13282.json index 58460b0d65c..9ac1237475d 100644 --- a/2019/13xxx/CVE-2019-13282.json +++ b/2019/13xxx/CVE-2019-13282.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13283.json b/2019/13xxx/CVE-2019-13283.json index f2c1983aea3..d7518eb7070 100644 --- a/2019/13xxx/CVE-2019-13283.json +++ b/2019/13xxx/CVE-2019-13283.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13286.json b/2019/13xxx/CVE-2019-13286.json index 5b2903c60ca..044c4836388 100644 --- a/2019/13xxx/CVE-2019-13286.json +++ b/2019/13xxx/CVE-2019-13286.json @@ -56,6 +56,11 @@ "url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg", "refsource": "MISC", "name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/14xxx/CVE-2019-14823.json b/2019/14xxx/CVE-2019-14823.json index 18865798c97..45f94866ef1 100644 --- a/2019/14xxx/CVE-2019-14823.json +++ b/2019/14xxx/CVE-2019-14823.json @@ -59,6 +59,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3067", "url": "https://access.redhat.com/errata/RHSA-2019:3067" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-68c2fbcf82", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/" } ] }, diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index c367c3626bf..0c1f6a57502 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -151,6 +151,11 @@ "refsource": "UBUNTU", "name": "USN-4165-1", "url": "https://usn.ubuntu.com/4165-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4549", + "url": "https://www.debian.org/security/2019/dsa-4549" } ] } diff --git a/2019/17xxx/CVE-2019-17109.json b/2019/17xxx/CVE-2019-17109.json index 9e2ca68bec0..0ebed42f85f 100644 --- a/2019/17xxx/CVE-2019-17109.json +++ b/2019/17xxx/CVE-2019-17109.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://pagure.io/koji/commits/master", "url": "https://pagure.io/koji/commits/master" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-adf618865f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/" } ] } diff --git a/2019/17xxx/CVE-2019-17138.json b/2019/17xxx/CVE-2019-17138.json index 000bcc57fbc..6db5999c22f 100644 --- a/2019/17xxx/CVE-2019-17138.json +++ b/2019/17xxx/CVE-2019-17138.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17138", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.909" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.909" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Steven Seeley (mr_me) of Source Incite", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Steven Seeley (mr_me) of Source Incite", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17139.json b/2019/17xxx/CVE-2019-17139.json index fc2d0ef1279..95283dca943 100644 --- a/2019/17xxx/CVE-2019-17139.json +++ b/2019/17xxx/CVE-2019-17139.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17139", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.5.0.20723" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.5.0.20723" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17140.json b/2019/17xxx/CVE-2019-17140.json index fb07bf6c265..eac36d457a8 100644 --- a/2019/17xxx/CVE-2019-17140.json +++ b/2019/17xxx/CVE-2019-17140.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17140", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17141.json b/2019/17xxx/CVE-2019-17141.json index 90c2581e62c..ce325ecd71e 100644 --- a/2019/17xxx/CVE-2019-17141.json +++ b/2019/17xxx/CVE-2019-17141.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17141", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17142.json b/2019/17xxx/CVE-2019-17142.json index 4eac31523ff..e49e28d8e9f 100644 --- a/2019/17xxx/CVE-2019-17142.json +++ b/2019/17xxx/CVE-2019-17142.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17142", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17143.json b/2019/17xxx/CVE-2019-17143.json index 97880b2e418..a300781b77e 100644 --- a/2019/17xxx/CVE-2019-17143.json +++ b/2019/17xxx/CVE-2019-17143.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17143", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17144.json b/2019/17xxx/CVE-2019-17144.json index 4668c5f8b5a..91e9d6b5b96 100644 --- a/2019/17xxx/CVE-2019-17144.json +++ b/2019/17xxx/CVE-2019-17144.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17144", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17145.json b/2019/17xxx/CVE-2019-17145.json index 78024b977ad..61524c87b99 100644 --- a/2019/17xxx/CVE-2019-17145.json +++ b/2019/17xxx/CVE-2019-17145.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17145", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "mrpowell", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "credit": "mrpowell", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2114.json b/2019/2xxx/CVE-2019-2114.json index 43535c2598d..7a1f849858c 100644 --- a/2019/2xxx/CVE-2019-2114.json +++ b/2019/2xxx/CVE-2019-2114.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://source.android.com/security/bulletin/2019-10-01", "url": "https://source.android.com/security/bulletin/2019-10-01" + }, + { + "refsource": "MISC", + "name": "https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/", + "url": "https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/" } ] }, diff --git a/2019/5xxx/CVE-2019-5508.json b/2019/5xxx/CVE-2019-5508.json index 4d709ecd684..3e7cd3be82e 100644 --- a/2019/5xxx/CVE-2019-5508.json +++ b/2019/5xxx/CVE-2019-5508.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5508", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5508", + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "9.2 and higher" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20191024-0001/", + "url": "https://security.netapp.com/advisory/ntap-20191024-0001/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS)." } ] } From 7191f8ed01c7d49ba4a22c720c7de5b3af8d0508 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Oct 2019 20:01:08 +0000 Subject: [PATCH 06/34] "-Synchronized-Data." --- 2017/16xxx/CVE-2017-16808.json | 5 +++++ 2017/6xxx/CVE-2017-6059.json | 5 +++++ 2017/6xxx/CVE-2017-6062.json | 5 +++++ 2017/6xxx/CVE-2017-6413.json | 5 +++++ 2018/10xxx/CVE-2018-10103.json | 5 +++++ 2018/10xxx/CVE-2018-10105.json | 5 +++++ 2018/14xxx/CVE-2018-14461.json | 5 +++++ 2018/14xxx/CVE-2018-14462.json | 5 +++++ 2018/14xxx/CVE-2018-14463.json | 5 +++++ 2018/14xxx/CVE-2018-14464.json | 5 +++++ 2018/14xxx/CVE-2018-14465.json | 5 +++++ 2018/14xxx/CVE-2018-14466.json | 5 +++++ 2018/14xxx/CVE-2018-14467.json | 5 +++++ 2018/14xxx/CVE-2018-14468.json | 5 +++++ 2018/14xxx/CVE-2018-14469.json | 5 +++++ 2018/14xxx/CVE-2018-14470.json | 5 +++++ 2018/14xxx/CVE-2018-14879.json | 5 +++++ 2018/14xxx/CVE-2018-14880.json | 5 +++++ 2018/14xxx/CVE-2018-14881.json | 5 +++++ 2018/14xxx/CVE-2018-14882.json | 5 +++++ 2018/16xxx/CVE-2018-16227.json | 5 +++++ 2018/16xxx/CVE-2018-16228.json | 5 +++++ 2018/16xxx/CVE-2018-16229.json | 5 +++++ 2018/16xxx/CVE-2018-16230.json | 5 +++++ 2018/16xxx/CVE-2018-16300.json | 5 +++++ 2018/16xxx/CVE-2018-16301.json | 5 +++++ 2018/16xxx/CVE-2018-16451.json | 5 +++++ 2018/16xxx/CVE-2018-16452.json | 5 +++++ 2018/19xxx/CVE-2018-19519.json | 5 +++++ 2019/1010xxx/CVE-2019-1010220.json | 5 +++++ 2019/12xxx/CVE-2019-12493.json | 5 +++++ 2019/12xxx/CVE-2019-12515.json | 5 +++++ 2019/12xxx/CVE-2019-12957.json | 5 +++++ 2019/12xxx/CVE-2019-12958.json | 5 +++++ 2019/13xxx/CVE-2019-13281.json | 5 +++++ 2019/13xxx/CVE-2019-13282.json | 5 +++++ 2019/13xxx/CVE-2019-13283.json | 5 +++++ 2019/13xxx/CVE-2019-13286.json | 5 +++++ 2019/14xxx/CVE-2019-14823.json | 5 +++++ 2019/15xxx/CVE-2019-15166.json | 5 +++++ 2019/17xxx/CVE-2019-17052.json | 5 +++++ 2019/17xxx/CVE-2019-17053.json | 5 +++++ 2019/17xxx/CVE-2019-17054.json | 5 +++++ 2019/17xxx/CVE-2019-17055.json | 5 +++++ 2019/17xxx/CVE-2019-17056.json | 5 +++++ 45 files changed, 225 insertions(+) diff --git a/2017/16xxx/CVE-2017-16808.json b/2017/16xxx/CVE-2017-16808.json index 18cbbf4e4c9..0af36840854 100644 --- a/2017/16xxx/CVE-2017-16808.json +++ b/2017/16xxx/CVE-2017-16808.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2348", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2017/6xxx/CVE-2017-6059.json b/2017/6xxx/CVE-2017-6059.json index 414826447eb..09860822ad9 100644 --- a/2017/6xxx/CVE-2017-6059.json +++ b/2017/6xxx/CVE-2017-6059.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7b06f18a10", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-23638d42f3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/" } ] } diff --git a/2017/6xxx/CVE-2017-6062.json b/2017/6xxx/CVE-2017-6062.json index 247b986ad69..5aaf8ba5e5a 100644 --- a/2017/6xxx/CVE-2017-6062.json +++ b/2017/6xxx/CVE-2017-6062.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7b06f18a10", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-23638d42f3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/" } ] } diff --git a/2017/6xxx/CVE-2017-6413.json b/2017/6xxx/CVE-2017-6413.json index 5a146d3ba8c..afbc51de95a 100644 --- a/2017/6xxx/CVE-2017-6413.json +++ b/2017/6xxx/CVE-2017-6413.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7b06f18a10", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-23638d42f3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/" } ] } diff --git a/2018/10xxx/CVE-2018-10103.json b/2018/10xxx/CVE-2018-10103.json index 33b3a99b888..9f09c909785 100644 --- a/2018/10xxx/CVE-2018-10103.json +++ b/2018/10xxx/CVE-2018-10103.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/10xxx/CVE-2018-10105.json b/2018/10xxx/CVE-2018-10105.json index 20b3660db39..5f18b434557 100644 --- a/2018/10xxx/CVE-2018-10105.json +++ b/2018/10xxx/CVE-2018-10105.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14461.json b/2018/14xxx/CVE-2018-14461.json index 9655a29e1d6..cecf6af19db 100644 --- a/2018/14xxx/CVE-2018-14461.json +++ b/2018/14xxx/CVE-2018-14461.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14462.json b/2018/14xxx/CVE-2018-14462.json index 607f5b0a5cb..7cf76fb9651 100644 --- a/2018/14xxx/CVE-2018-14462.json +++ b/2018/14xxx/CVE-2018-14462.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14463.json b/2018/14xxx/CVE-2018-14463.json index 44805b6a2dd..d730be6747f 100644 --- a/2018/14xxx/CVE-2018-14463.json +++ b/2018/14xxx/CVE-2018-14463.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14464.json b/2018/14xxx/CVE-2018-14464.json index 5040fc8cafc..6e4a56173e9 100644 --- a/2018/14xxx/CVE-2018-14464.json +++ b/2018/14xxx/CVE-2018-14464.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14465.json b/2018/14xxx/CVE-2018-14465.json index b8fa7d9eb37..457235c66d6 100644 --- a/2018/14xxx/CVE-2018-14465.json +++ b/2018/14xxx/CVE-2018-14465.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14466.json b/2018/14xxx/CVE-2018-14466.json index 8c669f8446e..f501ac2bde4 100644 --- a/2018/14xxx/CVE-2018-14466.json +++ b/2018/14xxx/CVE-2018-14466.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14467.json b/2018/14xxx/CVE-2018-14467.json index 9641a6971a1..1aad64b7d9a 100644 --- a/2018/14xxx/CVE-2018-14467.json +++ b/2018/14xxx/CVE-2018-14467.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14468.json b/2018/14xxx/CVE-2018-14468.json index ccb56d6401e..46435b69538 100644 --- a/2018/14xxx/CVE-2018-14468.json +++ b/2018/14xxx/CVE-2018-14468.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14469.json b/2018/14xxx/CVE-2018-14469.json index b6a8137a994..bcf69368d83 100644 --- a/2018/14xxx/CVE-2018-14469.json +++ b/2018/14xxx/CVE-2018-14469.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14470.json b/2018/14xxx/CVE-2018-14470.json index a338df473c4..ec660ae4898 100644 --- a/2018/14xxx/CVE-2018-14470.json +++ b/2018/14xxx/CVE-2018-14470.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14879.json b/2018/14xxx/CVE-2018-14879.json index ef872623cd4..5a8ce726172 100644 --- a/2018/14xxx/CVE-2018-14879.json +++ b/2018/14xxx/CVE-2018-14879.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14880.json b/2018/14xxx/CVE-2018-14880.json index 36d79fdc029..de4c04e7602 100644 --- a/2018/14xxx/CVE-2018-14880.json +++ b/2018/14xxx/CVE-2018-14880.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14881.json b/2018/14xxx/CVE-2018-14881.json index 06cb761a48b..5703d5ae970 100644 --- a/2018/14xxx/CVE-2018-14881.json +++ b/2018/14xxx/CVE-2018-14881.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/14xxx/CVE-2018-14882.json b/2018/14xxx/CVE-2018-14882.json index dcb83fef845..43739e5389f 100644 --- a/2018/14xxx/CVE-2018-14882.json +++ b/2018/14xxx/CVE-2018-14882.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16227.json b/2018/16xxx/CVE-2018-16227.json index 0b0fdd04a46..6f4523616dc 100644 --- a/2018/16xxx/CVE-2018-16227.json +++ b/2018/16xxx/CVE-2018-16227.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16228.json b/2018/16xxx/CVE-2018-16228.json index 45b1a4685c5..1fe04b248bc 100644 --- a/2018/16xxx/CVE-2018-16228.json +++ b/2018/16xxx/CVE-2018-16228.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16229.json b/2018/16xxx/CVE-2018-16229.json index 9789f826d4b..8447db7c467 100644 --- a/2018/16xxx/CVE-2018-16229.json +++ b/2018/16xxx/CVE-2018-16229.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16230.json b/2018/16xxx/CVE-2018-16230.json index 754ef7288a2..bb686cd1fa0 100644 --- a/2018/16xxx/CVE-2018-16230.json +++ b/2018/16xxx/CVE-2018-16230.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16300.json b/2018/16xxx/CVE-2018-16300.json index d65974d091b..9a6043c16b8 100644 --- a/2018/16xxx/CVE-2018-16300.json +++ b/2018/16xxx/CVE-2018-16300.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16301.json b/2018/16xxx/CVE-2018-16301.json index b533dedecb6..7d4e267e811 100644 --- a/2018/16xxx/CVE-2018-16301.json +++ b/2018/16xxx/CVE-2018-16301.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2345", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16451.json b/2018/16xxx/CVE-2018-16451.json index cc42ba3f9f0..8f1fe0fcbaf 100644 --- a/2018/16xxx/CVE-2018-16451.json +++ b/2018/16xxx/CVE-2018-16451.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/16xxx/CVE-2018-16452.json b/2018/16xxx/CVE-2018-16452.json index b028f203333..3647fe525be 100644 --- a/2018/16xxx/CVE-2018-16452.json +++ b/2018/16xxx/CVE-2018-16452.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2018/19xxx/CVE-2018-19519.json b/2018/19xxx/CVE-2018-19519.json index 00b29d7fffe..0282e382b9d 100644 --- a/2018/19xxx/CVE-2018-19519.json +++ b/2018/19xxx/CVE-2018-19519.json @@ -61,6 +61,11 @@ "name": "https://github.com/zyingp/temp/blob/master/tcpdump.md", "refsource": "MISC", "url": "https://github.com/zyingp/temp/blob/master/tcpdump.md" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010220.json b/2019/1010xxx/CVE-2019-1010220.json index 34ea0d36166..e5d8621d76c 100644 --- a/2019/1010xxx/CVE-2019-1010220.json +++ b/2019/1010xxx/CVE-2019-1010220.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2348", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2019/12xxx/CVE-2019-12493.json b/2019/12xxx/CVE-2019-12493.json index 2f18b2d540d..ef67440f5a4 100644 --- a/2019/12xxx/CVE-2019-12493.json +++ b/2019/12xxx/CVE-2019-12493.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/12xxx/CVE-2019-12515.json b/2019/12xxx/CVE-2019-12515.json index e2650e022ae..b366c186fbf 100644 --- a/2019/12xxx/CVE-2019-12515.json +++ b/2019/12xxx/CVE-2019-12515.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/12xxx/CVE-2019-12957.json b/2019/12xxx/CVE-2019-12957.json index 330ad69a449..247b055d5c3 100644 --- a/2019/12xxx/CVE-2019-12957.json +++ b/2019/12xxx/CVE-2019-12957.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/12xxx/CVE-2019-12958.json b/2019/12xxx/CVE-2019-12958.json index 92c174586ef..f436b9bf269 100644 --- a/2019/12xxx/CVE-2019-12958.json +++ b/2019/12xxx/CVE-2019-12958.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/13xxx/CVE-2019-13281.json b/2019/13xxx/CVE-2019-13281.json index e9fe2f3c000..031d1b27af8 100644 --- a/2019/13xxx/CVE-2019-13281.json +++ b/2019/13xxx/CVE-2019-13281.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/13xxx/CVE-2019-13282.json b/2019/13xxx/CVE-2019-13282.json index 9ac1237475d..f3ce29514d6 100644 --- a/2019/13xxx/CVE-2019-13282.json +++ b/2019/13xxx/CVE-2019-13282.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/13xxx/CVE-2019-13283.json b/2019/13xxx/CVE-2019-13283.json index d7518eb7070..92d6c373cd9 100644 --- a/2019/13xxx/CVE-2019-13283.json +++ b/2019/13xxx/CVE-2019-13283.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/13xxx/CVE-2019-13286.json b/2019/13xxx/CVE-2019-13286.json index 044c4836388..426b4c69f7a 100644 --- a/2019/13xxx/CVE-2019-13286.json +++ b/2019/13xxx/CVE-2019-13286.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a457286734", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-01da705767", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" } ] } diff --git a/2019/14xxx/CVE-2019-14823.json b/2019/14xxx/CVE-2019-14823.json index 45f94866ef1..560794a938f 100644 --- a/2019/14xxx/CVE-2019-14823.json +++ b/2019/14xxx/CVE-2019-14823.json @@ -64,6 +64,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-68c2fbcf82", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4d33c62860", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/" } ] }, diff --git a/2019/15xxx/CVE-2019-15166.json b/2019/15xxx/CVE-2019-15166.json index f7b46f696cf..ebcdee9cf49 100644 --- a/2019/15xxx/CVE-2019-15166.json +++ b/2019/15xxx/CVE-2019-15166.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4547", "url": "https://www.debian.org/security/2019/dsa-4547" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-85d92df70f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" } ] } diff --git a/2019/17xxx/CVE-2019-17052.json b/2019/17xxx/CVE-2019-17052.json index 0b9b1beec8b..601ea874072 100644 --- a/2019/17xxx/CVE-2019-17052.json +++ b/2019/17xxx/CVE-2019-17052.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-41e28660ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/" } ] } diff --git a/2019/17xxx/CVE-2019-17053.json b/2019/17xxx/CVE-2019-17053.json index c8cd0d7abe2..08769fdaf00 100644 --- a/2019/17xxx/CVE-2019-17053.json +++ b/2019/17xxx/CVE-2019-17053.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-41e28660ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/" } ] } diff --git a/2019/17xxx/CVE-2019-17054.json b/2019/17xxx/CVE-2019-17054.json index baf20b7f5af..13fef3bb300 100644 --- a/2019/17xxx/CVE-2019-17054.json +++ b/2019/17xxx/CVE-2019-17054.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-41e28660ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/" } ] } diff --git a/2019/17xxx/CVE-2019-17055.json b/2019/17xxx/CVE-2019-17055.json index 7fcf17a04b2..90f264c0888 100644 --- a/2019/17xxx/CVE-2019-17055.json +++ b/2019/17xxx/CVE-2019-17055.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-41e28660ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/" } ] } diff --git a/2019/17xxx/CVE-2019-17056.json b/2019/17xxx/CVE-2019-17056.json index e328de4aca2..113ac6f28a6 100644 --- a/2019/17xxx/CVE-2019-17056.json +++ b/2019/17xxx/CVE-2019-17056.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a359798b176183ef09efb7a3dc59abad1cc7104", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a359798b176183ef09efb7a3dc59abad1cc7104" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-41e28660ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/" } ] } From 45bdeaa609c9c65a4355f5391049862866932baa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Oct 2019 22:01:02 +0000 Subject: [PATCH 07/34] "-Synchronized-Data." --- 2017/14xxx/CVE-2017-14742.json | 48 +++++++++++++++++++++++- 2019/18xxx/CVE-2019-18221.json | 67 ++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18221.json diff --git a/2017/14xxx/CVE-2017-14742.json b/2017/14xxx/CVE-2017-14742.json index 24e7f195c63..e5b1b4f59b0 100644 --- a/2017/14xxx/CVE-2017-14742.json +++ b/2017/14xxx/CVE-2017-14742.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14742", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "43236", + "url": "https://www.exploit-db.com/exploits/43236/" } ] } diff --git a/2019/18xxx/CVE-2019-18221.json b/2019/18xxx/CVE-2019-18221.json new file mode 100644 index 00000000000..ae48f68a147 --- /dev/null +++ b/2019/18xxx/CVE-2019-18221.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreHR Core Portal before 27.0.7 allows stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.corehr.com", + "refsource": "MISC", + "name": "https://www.corehr.com" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.144170", + "url": "https://vuldb.com/?id.144170" + } + ] + } +} \ No newline at end of file From 04c9d9ee930be2ff1333c6befa988f7b854d6633 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 26 Oct 2019 00:01:08 +0000 Subject: [PATCH 08/34] "-Synchronized-Data." --- 2019/9xxx/CVE-2019-9232.json | 5 +++++ 2019/9xxx/CVE-2019-9278.json | 5 +++++ 2019/9xxx/CVE-2019-9325.json | 5 +++++ 2019/9xxx/CVE-2019-9371.json | 5 +++++ 2019/9xxx/CVE-2019-9423.json | 5 +++++ 2019/9xxx/CVE-2019-9433.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2019/9xxx/CVE-2019-9232.json b/2019/9xxx/CVE-2019-9232.json index f1513353042..04ffb968c4f 100644 --- a/2019/9xxx/CVE-2019-9232.json +++ b/2019/9xxx/CVE-2019-9232.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" } ] }, diff --git a/2019/9xxx/CVE-2019-9278.json b/2019/9xxx/CVE-2019-9278.json index 4475d35df28..3d3534d4b30 100644 --- a/2019/9xxx/CVE-2019-9278.json +++ b/2019/9xxx/CVE-2019-9278.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" } ] }, diff --git a/2019/9xxx/CVE-2019-9325.json b/2019/9xxx/CVE-2019-9325.json index 3812b2a4d60..4d2c41d39db 100644 --- a/2019/9xxx/CVE-2019-9325.json +++ b/2019/9xxx/CVE-2019-9325.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" } ] }, diff --git a/2019/9xxx/CVE-2019-9371.json b/2019/9xxx/CVE-2019-9371.json index 8ea869b193f..28ebec69394 100644 --- a/2019/9xxx/CVE-2019-9371.json +++ b/2019/9xxx/CVE-2019-9371.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" } ] }, diff --git a/2019/9xxx/CVE-2019-9423.json b/2019/9xxx/CVE-2019-9423.json index bd4ace119a3..979446b9543 100644 --- a/2019/9xxx/CVE-2019-9423.json +++ b/2019/9xxx/CVE-2019-9423.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" } ] }, diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index 4c48a8fde5f..c11093042be 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" } ] }, From b0522c2cf92786c339cf15e2c1640c6dc910df6b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 26 Oct 2019 05:01:00 +0000 Subject: [PATCH 09/34] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17340.json | 5 +++++ 2019/17xxx/CVE-2019-17341.json | 5 +++++ 2019/17xxx/CVE-2019-17342.json | 5 +++++ 2019/17xxx/CVE-2019-17343.json | 5 +++++ 2019/17xxx/CVE-2019-17344.json | 5 +++++ 2019/17xxx/CVE-2019-17345.json | 5 +++++ 2019/17xxx/CVE-2019-17346.json | 5 +++++ 2019/17xxx/CVE-2019-17347.json | 5 +++++ 2019/17xxx/CVE-2019-17348.json | 5 +++++ 2019/17xxx/CVE-2019-17349.json | 5 +++++ 2019/17xxx/CVE-2019-17350.json | 5 +++++ 2019/17xxx/CVE-2019-17351.json | 5 +++++ 12 files changed, 60 insertions(+) diff --git a/2019/17xxx/CVE-2019-17340.json b/2019/17xxx/CVE-2019-17340.json index 0a1b396d981..d2fd6c97a67 100644 --- a/2019/17xxx/CVE-2019-17340.json +++ b/2019/17xxx/CVE-2019-17340.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-284.html", + "url": "http://xenbits.xen.org/xsa/advisory-284.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-284.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17341.json b/2019/17xxx/CVE-2019-17341.json index 7cb5e795d7f..755c87dad82 100644 --- a/2019/17xxx/CVE-2019-17341.json +++ b/2019/17xxx/CVE-2019-17341.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-285.html", + "url": "http://xenbits.xen.org/xsa/advisory-285.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-285.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17342.json b/2019/17xxx/CVE-2019-17342.json index bbe3c1f0ba2..6b7096dab9e 100644 --- a/2019/17xxx/CVE-2019-17342.json +++ b/2019/17xxx/CVE-2019-17342.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-287.html", + "url": "http://xenbits.xen.org/xsa/advisory-287.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-287.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17343.json b/2019/17xxx/CVE-2019-17343.json index 8657ca20244..fe726e08cfd 100644 --- a/2019/17xxx/CVE-2019-17343.json +++ b/2019/17xxx/CVE-2019-17343.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-288.html", + "url": "http://xenbits.xen.org/xsa/advisory-288.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-288.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17344.json b/2019/17xxx/CVE-2019-17344.json index f1ec0813d08..55b2c503218 100644 --- a/2019/17xxx/CVE-2019-17344.json +++ b/2019/17xxx/CVE-2019-17344.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-290.html", + "url": "http://xenbits.xen.org/xsa/advisory-290.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-290.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17345.json b/2019/17xxx/CVE-2019-17345.json index ffe3692b5e3..754d43c413c 100644 --- a/2019/17xxx/CVE-2019-17345.json +++ b/2019/17xxx/CVE-2019-17345.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-291.html", + "url": "http://xenbits.xen.org/xsa/advisory-291.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-291.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17346.json b/2019/17xxx/CVE-2019-17346.json index cf87847b465..06f29539e2f 100644 --- a/2019/17xxx/CVE-2019-17346.json +++ b/2019/17xxx/CVE-2019-17346.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-292.html", + "url": "http://xenbits.xen.org/xsa/advisory-292.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-292.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17347.json b/2019/17xxx/CVE-2019-17347.json index a08d60f108d..f65dc8b9633 100644 --- a/2019/17xxx/CVE-2019-17347.json +++ b/2019/17xxx/CVE-2019-17347.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-293.html", + "url": "http://xenbits.xen.org/xsa/advisory-293.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-293.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17348.json b/2019/17xxx/CVE-2019-17348.json index bf6998a336c..7cab3c29b11 100644 --- a/2019/17xxx/CVE-2019-17348.json +++ b/2019/17xxx/CVE-2019-17348.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-294.html", + "url": "http://xenbits.xen.org/xsa/advisory-294.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-294.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17349.json b/2019/17xxx/CVE-2019-17349.json index 313503d933c..55200ae8284 100644 --- a/2019/17xxx/CVE-2019-17349.json +++ b/2019/17xxx/CVE-2019-17349.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-295.html", + "url": "http://xenbits.xen.org/xsa/advisory-295.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-295.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17350.json b/2019/17xxx/CVE-2019-17350.json index 25dd6d96388..e2daf6c3c00 100644 --- a/2019/17xxx/CVE-2019-17350.json +++ b/2019/17xxx/CVE-2019-17350.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-295.html", + "url": "http://xenbits.xen.org/xsa/advisory-295.html" + }, { "url": "https://xenbits.xen.org/xsa/advisory-295.html", "refsource": "MISC", diff --git a/2019/17xxx/CVE-2019-17351.json b/2019/17xxx/CVE-2019-17351.json index 1c1ab440a14..46fa415c510 100644 --- a/2019/17xxx/CVE-2019-17351.json +++ b/2019/17xxx/CVE-2019-17351.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://xenbits.xen.org/xsa/advisory-300.html", + "url": "http://xenbits.xen.org/xsa/advisory-300.html" + }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3", "refsource": "MISC", From 87789b0c4897d941b96a6f434af8eadeb9ebf293 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 26 Oct 2019 11:01:05 +0000 Subject: [PATCH 10/34] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17596.json | 5 +++++ 2019/18xxx/CVE-2019-18218.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2019/17xxx/CVE-2019-17596.json b/2019/17xxx/CVE-2019-17596.json index b7fd31453e9..89ac88e7387 100644 --- a/2019/17xxx/CVE-2019-17596.json +++ b/2019/17xxx/CVE-2019-17596.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://github.com/golang/go/issues/34960", "url": "https://github.com/golang/go/issues/34960" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4551", + "url": "https://www.debian.org/security/2019/dsa-4551" } ] } diff --git a/2019/18xxx/CVE-2019-18218.json b/2019/18xxx/CVE-2019-18218.json index 72857d84561..402ced1f1a9 100644 --- a/2019/18xxx/CVE-2019-18218.json +++ b/2019/18xxx/CVE-2019-18218.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191023 [SECURITY] [DLA 1969-1] file security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4550", + "url": "https://www.debian.org/security/2019/dsa-4550" } ] } From 148f02cbdce98792c87213a465c00705a27169f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 26 Oct 2019 20:00:58 +0000 Subject: [PATCH 11/34] "-Synchronized-Data." --- 2018/7xxx/CVE-2018-7866.json | 5 +++++ 2018/7xxx/CVE-2018-7873.json | 5 +++++ 2018/7xxx/CVE-2018-7876.json | 5 +++++ 2018/9xxx/CVE-2018-9009.json | 5 +++++ 2018/9xxx/CVE-2018-9132.json | 5 +++++ 2019/14xxx/CVE-2019-14540.json | 5 +++++ 2019/16xxx/CVE-2019-16335.json | 5 +++++ 2019/16xxx/CVE-2019-16378.json | 5 +++++ 2019/16xxx/CVE-2019-16738.json | 5 +++++ 2019/16xxx/CVE-2019-16942.json | 10 ++++++++++ 2019/16xxx/CVE-2019-16943.json | 5 +++++ 2019/17xxx/CVE-2019-17109.json | 5 +++++ 12 files changed, 65 insertions(+) diff --git a/2018/7xxx/CVE-2018-7866.json b/2018/7xxx/CVE-2018-7866.json index 3e9f26c7693..37b1626e88a 100644 --- a/2018/7xxx/CVE-2018-7866.json +++ b/2018/7xxx/CVE-2018-7866.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5139453028", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a1b6fc5274", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/" } ] } diff --git a/2018/7xxx/CVE-2018-7873.json b/2018/7xxx/CVE-2018-7873.json index 95c5fa991f1..f30eb2e3bab 100644 --- a/2018/7xxx/CVE-2018-7873.json +++ b/2018/7xxx/CVE-2018-7873.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5139453028", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a1b6fc5274", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/" } ] } diff --git a/2018/7xxx/CVE-2018-7876.json b/2018/7xxx/CVE-2018-7876.json index 4b13692d4f9..8d0dad9f4c1 100644 --- a/2018/7xxx/CVE-2018-7876.json +++ b/2018/7xxx/CVE-2018-7876.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5139453028", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a1b6fc5274", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/" } ] } diff --git a/2018/9xxx/CVE-2018-9009.json b/2018/9xxx/CVE-2018-9009.json index cc057ebef57..dee3ff516a4 100644 --- a/2018/9xxx/CVE-2018-9009.json +++ b/2018/9xxx/CVE-2018-9009.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5139453028", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a1b6fc5274", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/" } ] } diff --git a/2018/9xxx/CVE-2018-9132.json b/2018/9xxx/CVE-2018-9132.json index 5795b51c08e..f0714354dcf 100644 --- a/2018/9xxx/CVE-2018-9132.json +++ b/2018/9xxx/CVE-2018-9132.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5139453028", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a1b6fc5274", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP/" } ] } diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index 162df1a44cb..db1ae915220 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -151,6 +151,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3200", "url": "https://access.redhat.com/errata/RHSA-2019:3200" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index 99aa745a11e..38537d79f7d 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -136,6 +136,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3200", "url": "https://access.redhat.com/errata/RHSA-2019:3200" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" } ] } diff --git a/2019/16xxx/CVE-2019-16378.json b/2019/16xxx/CVE-2019-16378.json index a3a96986e31..18a94e39fa5 100644 --- a/2019/16xxx/CVE-2019-16378.json +++ b/2019/16xxx/CVE-2019-16378.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-24b3f84f6e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-6a2ca74e55", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HEWDFGRKQHIWKFZH5BNWQDGUPNR7VH3/" } ] } diff --git a/2019/16xxx/CVE-2019-16738.json b/2019/16xxx/CVE-2019-16738.json index 8d3de127dd1..06162ef1bfc 100644 --- a/2019/16xxx/CVE-2019-16738.json +++ b/2019/16xxx/CVE-2019-16738.json @@ -71,6 +71,11 @@ "refsource": "BUGTRAQ", "name": "20191021 [SECURITY] [DSA 4545-1] mediawiki security update", "url": "https://seclists.org/bugtraq/2019/Oct/32" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-3ba38e1cdb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/" } ] } diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index 8d74e003b94..4e286bc7996 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -111,6 +111,16 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 1db9379a98e..f71d4ef9ee5 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cf87377f5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" } ] } diff --git a/2019/17xxx/CVE-2019-17109.json b/2019/17xxx/CVE-2019-17109.json index 0ebed42f85f..5ed6045dff3 100644 --- a/2019/17xxx/CVE-2019-17109.json +++ b/2019/17xxx/CVE-2019-17109.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-adf618865f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-caff41caf8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/" } ] } From 8be25ff17b6c063864bb0ec98752bbce5ffd25de Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 26 Oct 2019 21:01:00 +0000 Subject: [PATCH 12/34] "-Synchronized-Data." --- 2017/6xxx/CVE-2017-6059.json | 5 +++++ 2017/6xxx/CVE-2017-6062.json | 5 +++++ 2017/6xxx/CVE-2017-6413.json | 5 +++++ 2018/1xxx/CVE-2018-1122.json | 5 +++++ 2018/1xxx/CVE-2018-1123.json | 5 +++++ 2018/1xxx/CVE-2018-1124.json | 5 +++++ 2018/1xxx/CVE-2018-1125.json | 5 +++++ 2018/1xxx/CVE-2018-1126.json | 5 +++++ 2019/12xxx/CVE-2019-12402.json | 5 +++++ 2019/12xxx/CVE-2019-12493.json | 5 +++++ 2019/12xxx/CVE-2019-12515.json | 5 +++++ 2019/12xxx/CVE-2019-12957.json | 5 +++++ 2019/12xxx/CVE-2019-12958.json | 5 +++++ 2019/13xxx/CVE-2019-13281.json | 5 +++++ 2019/13xxx/CVE-2019-13282.json | 5 +++++ 2019/13xxx/CVE-2019-13283.json | 5 +++++ 2019/13xxx/CVE-2019-13286.json | 5 +++++ 2019/14xxx/CVE-2019-14823.json | 5 +++++ 18 files changed, 90 insertions(+) diff --git a/2017/6xxx/CVE-2017-6059.json b/2017/6xxx/CVE-2017-6059.json index 09860822ad9..875440541b9 100644 --- a/2017/6xxx/CVE-2017-6059.json +++ b/2017/6xxx/CVE-2017-6059.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-23638d42f3", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a25d5df3b4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/" } ] } diff --git a/2017/6xxx/CVE-2017-6062.json b/2017/6xxx/CVE-2017-6062.json index 5aaf8ba5e5a..07f556a47c9 100644 --- a/2017/6xxx/CVE-2017-6062.json +++ b/2017/6xxx/CVE-2017-6062.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-23638d42f3", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a25d5df3b4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/" } ] } diff --git a/2017/6xxx/CVE-2017-6413.json b/2017/6xxx/CVE-2017-6413.json index afbc51de95a..07f8176342c 100644 --- a/2017/6xxx/CVE-2017-6413.json +++ b/2017/6xxx/CVE-2017-6413.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-23638d42f3", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a25d5df3b4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/" } ] } diff --git a/2018/1xxx/CVE-2018-1122.json b/2018/1xxx/CVE-2018-1122.json index a604f3a581a..7ffbd3e298e 100644 --- a/2018/1xxx/CVE-2018-1122.json +++ b/2018/1xxx/CVE-2018-1122.json @@ -116,6 +116,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2189", "url": "https://access.redhat.com/errata/RHSA-2019:2189" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2376", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" } ] } diff --git a/2018/1xxx/CVE-2018-1123.json b/2018/1xxx/CVE-2018-1123.json index 1c0d19e1512..ccd80e99e7f 100644 --- a/2018/1xxx/CVE-2018-1123.json +++ b/2018/1xxx/CVE-2018-1123.json @@ -111,6 +111,11 @@ "name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", "refsource": "MISC", "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2376", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" } ] } diff --git a/2018/1xxx/CVE-2018-1124.json b/2018/1xxx/CVE-2018-1124.json index e681dfcf344..9612916a9d9 100644 --- a/2018/1xxx/CVE-2018-1124.json +++ b/2018/1xxx/CVE-2018-1124.json @@ -169,6 +169,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2401", "url": "https://access.redhat.com/errata/RHSA-2019:2401" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2376", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" } ] } diff --git a/2018/1xxx/CVE-2018-1125.json b/2018/1xxx/CVE-2018-1125.json index 44f52de6cfc..cbd222aa1d8 100644 --- a/2018/1xxx/CVE-2018-1125.json +++ b/2018/1xxx/CVE-2018-1125.json @@ -101,6 +101,11 @@ "name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", "refsource": "MISC", "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2376", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" } ] } diff --git a/2018/1xxx/CVE-2018-1126.json b/2018/1xxx/CVE-2018-1126.json index 61e6453e62f..acfa4314aae 100644 --- a/2018/1xxx/CVE-2018-1126.json +++ b/2018/1xxx/CVE-2018-1126.json @@ -141,6 +141,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1944", "url": "https://access.redhat.com/errata/RHSA-2019:1944" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2376", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 4b8cb4a9ddd..5430964e93a 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-c96a8d12b0", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-da0eac1eb6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/" } ] }, diff --git a/2019/12xxx/CVE-2019-12493.json b/2019/12xxx/CVE-2019-12493.json index ef67440f5a4..39ebc1258b7 100644 --- a/2019/12xxx/CVE-2019-12493.json +++ b/2019/12xxx/CVE-2019-12493.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/12xxx/CVE-2019-12515.json b/2019/12xxx/CVE-2019-12515.json index b366c186fbf..13a1e30bb01 100644 --- a/2019/12xxx/CVE-2019-12515.json +++ b/2019/12xxx/CVE-2019-12515.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/12xxx/CVE-2019-12957.json b/2019/12xxx/CVE-2019-12957.json index 247b055d5c3..6773563ea8f 100644 --- a/2019/12xxx/CVE-2019-12957.json +++ b/2019/12xxx/CVE-2019-12957.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/12xxx/CVE-2019-12958.json b/2019/12xxx/CVE-2019-12958.json index f436b9bf269..81a749d7c21 100644 --- a/2019/12xxx/CVE-2019-12958.json +++ b/2019/12xxx/CVE-2019-12958.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/13xxx/CVE-2019-13281.json b/2019/13xxx/CVE-2019-13281.json index 031d1b27af8..26f9e17728a 100644 --- a/2019/13xxx/CVE-2019-13281.json +++ b/2019/13xxx/CVE-2019-13281.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/13xxx/CVE-2019-13282.json b/2019/13xxx/CVE-2019-13282.json index f3ce29514d6..6d6188b6a26 100644 --- a/2019/13xxx/CVE-2019-13282.json +++ b/2019/13xxx/CVE-2019-13282.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/13xxx/CVE-2019-13283.json b/2019/13xxx/CVE-2019-13283.json index 92d6c373cd9..856114dbe72 100644 --- a/2019/13xxx/CVE-2019-13283.json +++ b/2019/13xxx/CVE-2019-13283.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/13xxx/CVE-2019-13286.json b/2019/13xxx/CVE-2019-13286.json index 426b4c69f7a..636cf9ce18c 100644 --- a/2019/13xxx/CVE-2019-13286.json +++ b/2019/13xxx/CVE-2019-13286.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-01da705767", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-759ba8202b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/" } ] } diff --git a/2019/14xxx/CVE-2019-14823.json b/2019/14xxx/CVE-2019-14823.json index 560794a938f..512b79f620d 100644 --- a/2019/14xxx/CVE-2019-14823.json +++ b/2019/14xxx/CVE-2019-14823.json @@ -69,6 +69,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-4d33c62860", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-24a0a2f24e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/" } ] }, From 6f480cfd968af790332b5a96a67e9588f4995192 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 00:01:02 +0000 Subject: [PATCH 13/34] "-Synchronized-Data." --- 2017/7xxx/CVE-2017-7655.json | 5 +++++ 2018/12xxx/CVE-2018-12550.json | 5 +++++ 2018/12xxx/CVE-2018-12551.json | 5 +++++ 2018/1xxx/CVE-2018-1122.json | 5 +++++ 2018/1xxx/CVE-2018-1123.json | 5 +++++ 2018/1xxx/CVE-2018-1124.json | 5 +++++ 2018/1xxx/CVE-2018-1125.json | 5 +++++ 2018/1xxx/CVE-2018-1126.json | 5 +++++ 2019/11xxx/CVE-2019-11779.json | 5 +++++ 2019/18xxx/CVE-2019-18408.json | 5 +++++ 10 files changed, 50 insertions(+) diff --git a/2017/7xxx/CVE-2017-7655.json b/2017/7xxx/CVE-2017-7655.json index 787ba9ed611..1e0522ac92e 100644 --- a/2017/7xxx/CVE-2017-7655.json +++ b/2017/7xxx/CVE-2017-7655.json @@ -61,6 +61,11 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html" } ] } diff --git a/2018/12xxx/CVE-2018-12550.json b/2018/12xxx/CVE-2018-12550.json index 2afb695d86c..6197b9f39f5 100644 --- a/2018/12xxx/CVE-2018-12550.json +++ b/2018/12xxx/CVE-2018-12550.json @@ -61,6 +61,11 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=541870", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=541870" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html" } ] } diff --git a/2018/12xxx/CVE-2018-12551.json b/2018/12xxx/CVE-2018-12551.json index 58fccb2a5c1..e692782bd52 100644 --- a/2018/12xxx/CVE-2018-12551.json +++ b/2018/12xxx/CVE-2018-12551.json @@ -61,6 +61,11 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html" } ] } diff --git a/2018/1xxx/CVE-2018-1122.json b/2018/1xxx/CVE-2018-1122.json index 7ffbd3e298e..7441acd1ec1 100644 --- a/2018/1xxx/CVE-2018-1122.json +++ b/2018/1xxx/CVE-2018-1122.json @@ -121,6 +121,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2376", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2379", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html" } ] } diff --git a/2018/1xxx/CVE-2018-1123.json b/2018/1xxx/CVE-2018-1123.json index ccd80e99e7f..d8b3999f14b 100644 --- a/2018/1xxx/CVE-2018-1123.json +++ b/2018/1xxx/CVE-2018-1123.json @@ -116,6 +116,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2376", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2379", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html" } ] } diff --git a/2018/1xxx/CVE-2018-1124.json b/2018/1xxx/CVE-2018-1124.json index 9612916a9d9..20e0ab274a3 100644 --- a/2018/1xxx/CVE-2018-1124.json +++ b/2018/1xxx/CVE-2018-1124.json @@ -174,6 +174,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2376", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2379", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html" } ] } diff --git a/2018/1xxx/CVE-2018-1125.json b/2018/1xxx/CVE-2018-1125.json index cbd222aa1d8..70699e43698 100644 --- a/2018/1xxx/CVE-2018-1125.json +++ b/2018/1xxx/CVE-2018-1125.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2376", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2379", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html" } ] } diff --git a/2018/1xxx/CVE-2018-1126.json b/2018/1xxx/CVE-2018-1126.json index acfa4314aae..f277fcbc8ad 100644 --- a/2018/1xxx/CVE-2018-1126.json +++ b/2018/1xxx/CVE-2018-1126.json @@ -146,6 +146,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2376", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2379", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html" } ] } diff --git a/2019/11xxx/CVE-2019-11779.json b/2019/11xxx/CVE-2019-11779.json index 3fe217d3023..a60c501dc0d 100644 --- a/2019/11xxx/CVE-2019-11779.json +++ b/2019/11xxx/CVE-2019-11779.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-d99e2329cb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html" } ] } diff --git a/2019/18xxx/CVE-2019-18408.json b/2019/18xxx/CVE-2019-18408.json index d1aab89f99f..7031cb38029 100644 --- a/2019/18xxx/CVE-2019-18408.json +++ b/2019/18xxx/CVE-2019-18408.json @@ -66,6 +66,11 @@ "url": "https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0", "refsource": "MISC", "name": "https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1971-1] libarchive security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html" } ] } From cdfec483ad687ffc1d7e8ce15d0441369559e488 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 03:01:04 +0000 Subject: [PATCH 14/34] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16301.json | 10 ++++++++++ 2019/15xxx/CVE-2019-15161.json | 10 ++++++++++ 2019/15xxx/CVE-2019-15162.json | 10 ++++++++++ 2019/15xxx/CVE-2019-15163.json | 10 ++++++++++ 2019/15xxx/CVE-2019-15164.json | 10 ++++++++++ 2019/15xxx/CVE-2019-15165.json | 10 ++++++++++ 6 files changed, 60 insertions(+) diff --git a/2018/16xxx/CVE-2018-16301.json b/2018/16xxx/CVE-2018-16301.json index 7d4e267e811..4d96052e271 100644 --- a/2018/16xxx/CVE-2018-16301.json +++ b/2018/16xxx/CVE-2018-16301.json @@ -86,6 +86,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-eaa681d33e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4fe461079f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" } ] } diff --git a/2019/15xxx/CVE-2019-15161.json b/2019/15xxx/CVE-2019-15161.json index 6196cba6afc..da4ae8c9c3f 100644 --- a/2019/15xxx/CVE-2019-15161.json +++ b/2019/15xxx/CVE-2019-15161.json @@ -66,6 +66,16 @@ "refsource": "CONFIRM", "name": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea", "url": "https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-eaa681d33e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4fe461079f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" } ] } diff --git a/2019/15xxx/CVE-2019-15162.json b/2019/15xxx/CVE-2019-15162.json index 45d6bcf32d5..b59a99bf388 100644 --- a/2019/15xxx/CVE-2019-15162.json +++ b/2019/15xxx/CVE-2019-15162.json @@ -66,6 +66,16 @@ "refsource": "CONFIRM", "name": "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58", "url": "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-eaa681d33e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4fe461079f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" } ] } diff --git a/2019/15xxx/CVE-2019-15163.json b/2019/15xxx/CVE-2019-15163.json index db8bb49f2ff..30ad7e48626 100644 --- a/2019/15xxx/CVE-2019-15163.json +++ b/2019/15xxx/CVE-2019-15163.json @@ -66,6 +66,16 @@ "refsource": "CONFIRM", "name": "https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31", "url": "https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-eaa681d33e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4fe461079f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" } ] } diff --git a/2019/15xxx/CVE-2019-15164.json b/2019/15xxx/CVE-2019-15164.json index 598641c5c35..153075da0f8 100644 --- a/2019/15xxx/CVE-2019-15164.json +++ b/2019/15xxx/CVE-2019-15164.json @@ -66,6 +66,16 @@ "refsource": "CONFIRM", "name": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a", "url": "https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-eaa681d33e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4fe461079f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" } ] } diff --git a/2019/15xxx/CVE-2019-15165.json b/2019/15xxx/CVE-2019-15165.json index 8c328a494c5..e38b1d2702c 100644 --- a/2019/15xxx/CVE-2019-15165.json +++ b/2019/15xxx/CVE-2019-15165.json @@ -86,6 +86,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1967-1] libpcap security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-eaa681d33e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-4fe461079f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" } ] } From f25505d05e7d8d992f0ee72096e1fb0649c2be61 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 05:01:02 +0000 Subject: [PATCH 15/34] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16301.json | 5 +++++ 2019/15xxx/CVE-2019-15161.json | 5 +++++ 2019/15xxx/CVE-2019-15162.json | 5 +++++ 2019/15xxx/CVE-2019-15163.json | 5 +++++ 2019/15xxx/CVE-2019-15164.json | 5 +++++ 2019/15xxx/CVE-2019-15165.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2018/16xxx/CVE-2018-16301.json b/2018/16xxx/CVE-2018-16301.json index 4d96052e271..1931276d783 100644 --- a/2018/16xxx/CVE-2018-16301.json +++ b/2018/16xxx/CVE-2018-16301.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-4fe461079f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-b92ce3144a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" } ] } diff --git a/2019/15xxx/CVE-2019-15161.json b/2019/15xxx/CVE-2019-15161.json index da4ae8c9c3f..b8ea961afd6 100644 --- a/2019/15xxx/CVE-2019-15161.json +++ b/2019/15xxx/CVE-2019-15161.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-4fe461079f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-b92ce3144a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" } ] } diff --git a/2019/15xxx/CVE-2019-15162.json b/2019/15xxx/CVE-2019-15162.json index b59a99bf388..ee0d4b77339 100644 --- a/2019/15xxx/CVE-2019-15162.json +++ b/2019/15xxx/CVE-2019-15162.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-4fe461079f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-b92ce3144a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" } ] } diff --git a/2019/15xxx/CVE-2019-15163.json b/2019/15xxx/CVE-2019-15163.json index 30ad7e48626..0c88b832325 100644 --- a/2019/15xxx/CVE-2019-15163.json +++ b/2019/15xxx/CVE-2019-15163.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-4fe461079f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-b92ce3144a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" } ] } diff --git a/2019/15xxx/CVE-2019-15164.json b/2019/15xxx/CVE-2019-15164.json index 153075da0f8..7f62c64b408 100644 --- a/2019/15xxx/CVE-2019-15164.json +++ b/2019/15xxx/CVE-2019-15164.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-4fe461079f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-b92ce3144a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" } ] } diff --git a/2019/15xxx/CVE-2019-15165.json b/2019/15xxx/CVE-2019-15165.json index e38b1d2702c..f3e6b81d52e 100644 --- a/2019/15xxx/CVE-2019-15165.json +++ b/2019/15xxx/CVE-2019-15165.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-4fe461079f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-b92ce3144a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" } ] } From d7616ae1701ac2e6de8cfe2414fc6d2aa210d32a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 12:01:14 +0000 Subject: [PATCH 16/34] "-Synchronized-Data." --- 2019/9xxx/CVE-2019-9232.json | 5 +++++ 2019/9xxx/CVE-2019-9278.json | 5 +++++ 2019/9xxx/CVE-2019-9325.json | 5 +++++ 2019/9xxx/CVE-2019-9371.json | 5 +++++ 2019/9xxx/CVE-2019-9423.json | 5 +++++ 2019/9xxx/CVE-2019-9433.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2019/9xxx/CVE-2019-9232.json b/2019/9xxx/CVE-2019-9232.json index 04ffb968c4f..f5a5db7f91f 100644 --- a/2019/9xxx/CVE-2019-9232.json +++ b/2019/9xxx/CVE-2019-9232.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9278.json b/2019/9xxx/CVE-2019-9278.json index 3d3534d4b30..2001ef35e27 100644 --- a/2019/9xxx/CVE-2019-9278.json +++ b/2019/9xxx/CVE-2019-9278.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9325.json b/2019/9xxx/CVE-2019-9325.json index 4d2c41d39db..0b09c9d532e 100644 --- a/2019/9xxx/CVE-2019-9325.json +++ b/2019/9xxx/CVE-2019-9325.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9371.json b/2019/9xxx/CVE-2019-9371.json index 28ebec69394..a4350bd9881 100644 --- a/2019/9xxx/CVE-2019-9371.json +++ b/2019/9xxx/CVE-2019-9371.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9423.json b/2019/9xxx/CVE-2019-9423.json index 979446b9543..05a76722c7a 100644 --- a/2019/9xxx/CVE-2019-9423.json +++ b/2019/9xxx/CVE-2019-9423.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index c11093042be..04262f09eac 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" } ] }, From 9fa0d25d8b1420c1c9759face6c618430a52ef1b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 19:01:06 +0000 Subject: [PATCH 17/34] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16239.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/16xxx/CVE-2019-16239.json b/2019/16xxx/CVE-2019-16239.json index 4934b139898..5b9782db20d 100644 --- a/2019/16xxx/CVE-2019-16239.json +++ b/2019/16xxx/CVE-2019-16239.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191004 [SECURITY] [DLA 1945-1] openconnect security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2385", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html" } ] } From 8152a7eb08af9e8d6dce3f59d983adc76df194c7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 21:01:05 +0000 Subject: [PATCH 18/34] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14379.json | 10 ++++++++++ 2019/16xxx/CVE-2019-16943.json | 5 +++++ 2019/18xxx/CVE-2019-18217.json | 5 +++++ 3 files changed, 20 insertions(+) diff --git a/2019/14xxx/CVE-2019-14379.json b/2019/14xxx/CVE-2019-14379.json index 79b614352e9..2bbdc604cc2 100644 --- a/2019/14xxx/CVE-2019-14379.json +++ b/2019/14xxx/CVE-2019-14379.json @@ -266,6 +266,16 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index f71d4ef9ee5..0435e9f6bd6 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -106,6 +106,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cf87377f5f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" + }, + { + "refsource": "MLIST", + "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", + "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" } ] } diff --git a/2019/18xxx/CVE-2019-18217.json b/2019/18xxx/CVE-2019-18217.json index 0be89ba72d3..aff8d27d9e1 100644 --- a/2019/18xxx/CVE-2019-18217.json +++ b/2019/18xxx/CVE-2019-18217.json @@ -76,6 +76,11 @@ "url": "https://github.com/proftpd/proftpd/blob/1.3.6/NEWS", "refsource": "MISC", "name": "https://github.com/proftpd/proftpd/blob/1.3.6/NEWS" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1974-1] proftpd-dfsg security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00036.html" } ] } From 1f278817e8e164fb567f2a85291765a39686bddd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 22:01:07 +0000 Subject: [PATCH 19/34] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16056.json | 5 +++++ 2019/16xxx/CVE-2019-16239.json | 5 +++++ 2019/16xxx/CVE-2019-16935.json | 5 +++++ 2019/9xxx/CVE-2019-9947.json | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/2019/16xxx/CVE-2019-16056.json b/2019/16xxx/CVE-2019-16056.json index df0e096a3b8..839fd4c5e4e 100644 --- a/2019/16xxx/CVE-2019-16056.json +++ b/2019/16xxx/CVE-2019-16056.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4151-2", "url": "https://usn.ubuntu.com/4151-2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2389", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html" } ] } diff --git a/2019/16xxx/CVE-2019-16239.json b/2019/16xxx/CVE-2019-16239.json index 5b9782db20d..ca05ac62456 100644 --- a/2019/16xxx/CVE-2019-16239.json +++ b/2019/16xxx/CVE-2019-16239.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2385", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2388", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html" } ] } diff --git a/2019/16xxx/CVE-2019-16935.json b/2019/16xxx/CVE-2019-16935.json index 0f8da86e568..b23b4ed355a 100644 --- a/2019/16xxx/CVE-2019-16935.json +++ b/2019/16xxx/CVE-2019-16935.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191017-0004/", "url": "https://security.netapp.com/advisory/ntap-20191017-0004/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2389", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html" } ] } diff --git a/2019/9xxx/CVE-2019-9947.json b/2019/9xxx/CVE-2019-9947.json index 1f9fa37ef8a..3f3cee79c30 100644 --- a/2019/9xxx/CVE-2019-9947.json +++ b/2019/9xxx/CVE-2019-9947.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4127-1", "url": "https://usn.ubuntu.com/4127-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2389", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html" } ] } From 2df444d515b34cfe14bbd9ccca1e162b384663d1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 27 Oct 2019 23:01:08 +0000 Subject: [PATCH 20/34] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18197.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/18xxx/CVE-2019-18197.json b/2019/18xxx/CVE-2019-18197.json index 827c38c4324..c5664ec95d6 100644 --- a/2019/18xxx/CVE-2019-18197.json +++ b/2019/18xxx/CVE-2019-18197.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4164-1", "url": "https://usn.ubuntu.com/4164-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html" } ] } From c6fdccf895cec1b153c3b4fc86d7c95dbfe523de Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 27 Oct 2019 16:11:44 -0700 Subject: [PATCH 21/34] Report CVE-2019-11043 --- 2019/11xxx/CVE-2019-11043.json | 118 +++++++++++++++++++++++++++++++-- 1 file changed, 111 insertions(+), 7 deletions(-) diff --git a/2019/11xxx/CVE-2019-11043.json b/2019/11xxx/CVE-2019-11043.json index 587aac93423..7526f08909d 100644 --- a/2019/11xxx/CVE-2019-11043.json +++ b/2019/11xxx/CVE-2019-11043.json @@ -1,18 +1,122 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2019-10-22T03:18:00.000Z", "ID": "CVE-2019-11043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Underflow in PHP-FPM can lead to RCE" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.1.x", + "version_value": "7.1.33" + }, + { + "version_affected": "<", + "version_name": "7.2.x", + "version_value": "7.2.24" + }, + { + "version_affected": "<", + "version_name": "7.3.x", + "version_value": "7.3.11" + } + ] + } + } + ] + }, + "vendor_name": "PHP" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reported by Emil Lerner. " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. " } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Exploit described at https://github.com/neex/phuip-fpizdam" + } + ], + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=78599" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/neex/phuip-fpizdam" + } + ] + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=78599" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Configuring nginx (or other server that implements the front-end part of the FPM protocol) to check for the existence of the target file before passing it to PHP FPM (e.g. \"try_files $uri =404\" or \"if (-f $uri)\" in nginx) for would prevent this vulnerability from happening. " + } + ] } \ No newline at end of file From 4e4602ea69f7727a689baab66c4ed278d901a926 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 01:01:06 +0000 Subject: [PATCH 22/34] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16056.json | 5 +++++ 2019/16xxx/CVE-2019-16232.json | 5 +++++ 2019/16xxx/CVE-2019-16234.json | 5 +++++ 2019/16xxx/CVE-2019-16935.json | 5 +++++ 2019/17xxx/CVE-2019-17056.json | 5 +++++ 2019/17xxx/CVE-2019-17133.json | 5 +++++ 2019/17xxx/CVE-2019-17666.json | 5 +++++ 2019/9xxx/CVE-2019-9947.json | 5 +++++ 8 files changed, 40 insertions(+) diff --git a/2019/16xxx/CVE-2019-16056.json b/2019/16xxx/CVE-2019-16056.json index 839fd4c5e4e..67e53ec8867 100644 --- a/2019/16xxx/CVE-2019-16056.json +++ b/2019/16xxx/CVE-2019-16056.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2389", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2393", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html" } ] } diff --git a/2019/16xxx/CVE-2019-16232.json b/2019/16xxx/CVE-2019-16232.json index 22203c6b6ea..cf06e0cd77b 100644 --- a/2019/16xxx/CVE-2019-16232.json +++ b/2019/16xxx/CVE-2019-16232.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191004-0001/", "url": "https://security.netapp.com/advisory/ntap-20191004-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2392", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html" } ] } diff --git a/2019/16xxx/CVE-2019-16234.json b/2019/16xxx/CVE-2019-16234.json index f864aa2ff2a..8095483d899 100644 --- a/2019/16xxx/CVE-2019-16234.json +++ b/2019/16xxx/CVE-2019-16234.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191004-0001/", "url": "https://security.netapp.com/advisory/ntap-20191004-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2392", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html" } ] } diff --git a/2019/16xxx/CVE-2019-16935.json b/2019/16xxx/CVE-2019-16935.json index b23b4ed355a..c0b8c3a70a6 100644 --- a/2019/16xxx/CVE-2019-16935.json +++ b/2019/16xxx/CVE-2019-16935.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2389", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2393", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html" } ] } diff --git a/2019/17xxx/CVE-2019-17056.json b/2019/17xxx/CVE-2019-17056.json index 113ac6f28a6..4dd832c6b39 100644 --- a/2019/17xxx/CVE-2019-17056.json +++ b/2019/17xxx/CVE-2019-17056.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-41e28660ae", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2392", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html" } ] } diff --git a/2019/17xxx/CVE-2019-17133.json b/2019/17xxx/CVE-2019-17133.json index e35d6934678..229b5022613 100644 --- a/2019/17xxx/CVE-2019-17133.json +++ b/2019/17xxx/CVE-2019-17133.json @@ -56,6 +56,11 @@ "url": "https://marc.info/?l=linux-wireless&m=157018270915487&w=2", "refsource": "MISC", "name": "https://marc.info/?l=linux-wireless&m=157018270915487&w=2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2392", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html" } ] } diff --git a/2019/17xxx/CVE-2019-17666.json b/2019/17xxx/CVE-2019-17666.json index c8b1fe838bc..d83248d0e74 100644 --- a/2019/17xxx/CVE-2019-17666.json +++ b/2019/17xxx/CVE-2019-17666.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-6a67ff8793", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2392", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html" } ] } diff --git a/2019/9xxx/CVE-2019-9947.json b/2019/9xxx/CVE-2019-9947.json index 3f3cee79c30..99166199d26 100644 --- a/2019/9xxx/CVE-2019-9947.json +++ b/2019/9xxx/CVE-2019-9947.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2389", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2393", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html" } ] } From 5433e052aa207a2fd14c3346275f4fe2056442fc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 03:00:59 +0000 Subject: [PATCH 23/34] "-Synchronized-Data." --- 2017/16xxx/CVE-2017-16808.json | 5 +++++ 2018/10xxx/CVE-2018-10103.json | 5 +++++ 2018/10xxx/CVE-2018-10105.json | 5 +++++ 2018/14xxx/CVE-2018-14461.json | 5 +++++ 2018/14xxx/CVE-2018-14462.json | 5 +++++ 2018/14xxx/CVE-2018-14463.json | 5 +++++ 2018/14xxx/CVE-2018-14464.json | 5 +++++ 2018/14xxx/CVE-2018-14465.json | 5 +++++ 2018/14xxx/CVE-2018-14466.json | 5 +++++ 2018/14xxx/CVE-2018-14467.json | 5 +++++ 2018/14xxx/CVE-2018-14468.json | 5 +++++ 2018/14xxx/CVE-2018-14469.json | 5 +++++ 2018/14xxx/CVE-2018-14470.json | 5 +++++ 2018/14xxx/CVE-2018-14879.json | 5 +++++ 2018/14xxx/CVE-2018-14880.json | 5 +++++ 2018/14xxx/CVE-2018-14881.json | 5 +++++ 2018/14xxx/CVE-2018-14882.json | 5 +++++ 2018/16xxx/CVE-2018-16227.json | 5 +++++ 2018/16xxx/CVE-2018-16228.json | 5 +++++ 2018/16xxx/CVE-2018-16229.json | 5 +++++ 2018/16xxx/CVE-2018-16230.json | 5 +++++ 2018/16xxx/CVE-2018-16300.json | 5 +++++ 2018/16xxx/CVE-2018-16301.json | 5 +++++ 2018/16xxx/CVE-2018-16451.json | 5 +++++ 2018/16xxx/CVE-2018-16452.json | 5 +++++ 2018/19xxx/CVE-2018-19519.json | 5 +++++ 2019/1010xxx/CVE-2019-1010220.json | 5 +++++ 2019/15xxx/CVE-2019-15166.json | 5 +++++ 28 files changed, 140 insertions(+) diff --git a/2017/16xxx/CVE-2017-16808.json b/2017/16xxx/CVE-2017-16808.json index 0af36840854..f690ea70a98 100644 --- a/2017/16xxx/CVE-2017-16808.json +++ b/2017/16xxx/CVE-2017-16808.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/10xxx/CVE-2018-10103.json b/2018/10xxx/CVE-2018-10103.json index 9f09c909785..9f93c968d0f 100644 --- a/2018/10xxx/CVE-2018-10103.json +++ b/2018/10xxx/CVE-2018-10103.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/10xxx/CVE-2018-10105.json b/2018/10xxx/CVE-2018-10105.json index 5f18b434557..f744af2b1e0 100644 --- a/2018/10xxx/CVE-2018-10105.json +++ b/2018/10xxx/CVE-2018-10105.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14461.json b/2018/14xxx/CVE-2018-14461.json index cecf6af19db..2fd87fc8c32 100644 --- a/2018/14xxx/CVE-2018-14461.json +++ b/2018/14xxx/CVE-2018-14461.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14462.json b/2018/14xxx/CVE-2018-14462.json index 7cf76fb9651..ff7627372a3 100644 --- a/2018/14xxx/CVE-2018-14462.json +++ b/2018/14xxx/CVE-2018-14462.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14463.json b/2018/14xxx/CVE-2018-14463.json index d730be6747f..d2630481aeb 100644 --- a/2018/14xxx/CVE-2018-14463.json +++ b/2018/14xxx/CVE-2018-14463.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14464.json b/2018/14xxx/CVE-2018-14464.json index 6e4a56173e9..ab09e880638 100644 --- a/2018/14xxx/CVE-2018-14464.json +++ b/2018/14xxx/CVE-2018-14464.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14465.json b/2018/14xxx/CVE-2018-14465.json index 457235c66d6..15012b4c63b 100644 --- a/2018/14xxx/CVE-2018-14465.json +++ b/2018/14xxx/CVE-2018-14465.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14466.json b/2018/14xxx/CVE-2018-14466.json index f501ac2bde4..e443a7af7cf 100644 --- a/2018/14xxx/CVE-2018-14466.json +++ b/2018/14xxx/CVE-2018-14466.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14467.json b/2018/14xxx/CVE-2018-14467.json index 1aad64b7d9a..52e9ddacaee 100644 --- a/2018/14xxx/CVE-2018-14467.json +++ b/2018/14xxx/CVE-2018-14467.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14468.json b/2018/14xxx/CVE-2018-14468.json index 46435b69538..76a8409c364 100644 --- a/2018/14xxx/CVE-2018-14468.json +++ b/2018/14xxx/CVE-2018-14468.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14469.json b/2018/14xxx/CVE-2018-14469.json index bcf69368d83..ed6d483b8c6 100644 --- a/2018/14xxx/CVE-2018-14469.json +++ b/2018/14xxx/CVE-2018-14469.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14470.json b/2018/14xxx/CVE-2018-14470.json index ec660ae4898..4a5278a889d 100644 --- a/2018/14xxx/CVE-2018-14470.json +++ b/2018/14xxx/CVE-2018-14470.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14879.json b/2018/14xxx/CVE-2018-14879.json index 5a8ce726172..05ca79c6586 100644 --- a/2018/14xxx/CVE-2018-14879.json +++ b/2018/14xxx/CVE-2018-14879.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14880.json b/2018/14xxx/CVE-2018-14880.json index de4c04e7602..8de73e5ff4d 100644 --- a/2018/14xxx/CVE-2018-14880.json +++ b/2018/14xxx/CVE-2018-14880.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14881.json b/2018/14xxx/CVE-2018-14881.json index 5703d5ae970..6e4acfcc739 100644 --- a/2018/14xxx/CVE-2018-14881.json +++ b/2018/14xxx/CVE-2018-14881.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/14xxx/CVE-2018-14882.json b/2018/14xxx/CVE-2018-14882.json index 43739e5389f..624c2036df2 100644 --- a/2018/14xxx/CVE-2018-14882.json +++ b/2018/14xxx/CVE-2018-14882.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16227.json b/2018/16xxx/CVE-2018-16227.json index 6f4523616dc..77d1b390f82 100644 --- a/2018/16xxx/CVE-2018-16227.json +++ b/2018/16xxx/CVE-2018-16227.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16228.json b/2018/16xxx/CVE-2018-16228.json index 1fe04b248bc..518fce86aa3 100644 --- a/2018/16xxx/CVE-2018-16228.json +++ b/2018/16xxx/CVE-2018-16228.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16229.json b/2018/16xxx/CVE-2018-16229.json index 8447db7c467..18072322a5d 100644 --- a/2018/16xxx/CVE-2018-16229.json +++ b/2018/16xxx/CVE-2018-16229.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16230.json b/2018/16xxx/CVE-2018-16230.json index bb686cd1fa0..fb8653d9a76 100644 --- a/2018/16xxx/CVE-2018-16230.json +++ b/2018/16xxx/CVE-2018-16230.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16300.json b/2018/16xxx/CVE-2018-16300.json index 9a6043c16b8..23346c06ca4 100644 --- a/2018/16xxx/CVE-2018-16300.json +++ b/2018/16xxx/CVE-2018-16300.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16301.json b/2018/16xxx/CVE-2018-16301.json index 1931276d783..0389193cc58 100644 --- a/2018/16xxx/CVE-2018-16301.json +++ b/2018/16xxx/CVE-2018-16301.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b92ce3144a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16451.json b/2018/16xxx/CVE-2018-16451.json index 8f1fe0fcbaf..1446aaf69ea 100644 --- a/2018/16xxx/CVE-2018-16451.json +++ b/2018/16xxx/CVE-2018-16451.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/16xxx/CVE-2018-16452.json b/2018/16xxx/CVE-2018-16452.json index 3647fe525be..c089bfe7b4b 100644 --- a/2018/16xxx/CVE-2018-16452.json +++ b/2018/16xxx/CVE-2018-16452.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2018/19xxx/CVE-2018-19519.json b/2018/19xxx/CVE-2018-19519.json index 0282e382b9d..eba7f96cd59 100644 --- a/2018/19xxx/CVE-2018-19519.json +++ b/2018/19xxx/CVE-2018-19519.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010220.json b/2019/1010xxx/CVE-2019-1010220.json index e5d8621d76c..321c448c644 100644 --- a/2019/1010xxx/CVE-2019-1010220.json +++ b/2019/1010xxx/CVE-2019-1010220.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } diff --git a/2019/15xxx/CVE-2019-15166.json b/2019/15xxx/CVE-2019-15166.json index ebcdee9cf49..0b442da91ac 100644 --- a/2019/15xxx/CVE-2019-15166.json +++ b/2019/15xxx/CVE-2019-15166.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-85d92df70f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d06bc63433", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" } ] } From 7a692d6303b095706d6ed274abe878b4e35dbe1c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 04:01:05 +0000 Subject: [PATCH 24/34] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18217.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/2019/18xxx/CVE-2019-18217.json b/2019/18xxx/CVE-2019-18217.json index aff8d27d9e1..9e7d2a21e1e 100644 --- a/2019/18xxx/CVE-2019-18217.json +++ b/2019/18xxx/CVE-2019-18217.json @@ -81,6 +81,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1974-1] proftpd-dfsg security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-ae019c7e9f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJDQRVZTILBX4BUCTIRKP2WBHDHDCJR5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-848e410cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/" } ] } From b16c173d959a0fcb2263100898b9555e5c04df61 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 12:01:22 +0000 Subject: [PATCH 25/34] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16662.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16663.json | 82 ++++++++++++++++++++++++++++++++++ 2 files changed, 164 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16662.json create mode 100644 2019/16xxx/CVE-2019-16663.json diff --git a/2019/16xxx/CVE-2019-16662.json b/2019/16xxx/CVE-2019-16662.json new file mode 100644 index 00000000000..a64a2b1e23e --- /dev/null +++ b/2019/16xxx/CVE-2019-16662.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/mhaskar/ceb65fa4ca57c3cdccc1edfe2390902e", + "refsource": "MISC", + "name": "https://gist.github.com/mhaskar/ceb65fa4ca57c3cdccc1edfe2390902e" + }, + { + "url": "https://drive.google.com/open?id=1OXI5cNuwWqc6y-7BgNCfYHgFPK2cpvnu", + "refsource": "MISC", + "name": "https://drive.google.com/open?id=1OXI5cNuwWqc6y-7BgNCfYHgFPK2cpvnu" + }, + { + "url": "https://drive.google.com/file/d/1bTpTn4-alJ8qGCEATLq-oVM6HbhE65iY/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1bTpTn4-alJ8qGCEATLq-oVM6HbhE65iY/view?usp=sharing" + }, + { + "url": "https://rconfig.com/download", + "refsource": "MISC", + "name": "https://rconfig.com/download" + }, + { + "refsource": "MISC", + "name": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/", + "url": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16663.json b/2019/16xxx/CVE-2019-16663.json new file mode 100644 index 00000000000..d02ff6a0bf9 --- /dev/null +++ b/2019/16xxx/CVE-2019-16663.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rconfig.com/download", + "refsource": "MISC", + "name": "https://rconfig.com/download" + }, + { + "url": "https://gist.github.com/mhaskar/e7e454c7cb0dd9a139b0a43691e258a0", + "refsource": "MISC", + "name": "https://gist.github.com/mhaskar/e7e454c7cb0dd9a139b0a43691e258a0" + }, + { + "url": "https://drive.google.com/open?id=1XmR2MSMb3cKARFk3XxmPkwz6GhAP1JxL", + "refsource": "MISC", + "name": "https://drive.google.com/open?id=1XmR2MSMb3cKARFk3XxmPkwz6GhAP1JxL" + }, + { + "url": "https://drive.google.com/open?id=1kQGmboKfwob4RwlMjnv6ER2Za1GUptOi", + "refsource": "MISC", + "name": "https://drive.google.com/open?id=1kQGmboKfwob4RwlMjnv6ER2Za1GUptOi" + }, + { + "refsource": "MISC", + "name": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/", + "url": "https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/" + } + ] + } +} \ No newline at end of file From 4f7ed772cfc1c4fabf2433ee07d28a490c890872 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 13:01:06 +0000 Subject: [PATCH 26/34] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14925.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14926.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14927.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14928.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14929.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14930.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14931.json | 67 +++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16265.json | 2 +- 2019/18xxx/CVE-2019-18466.json | 77 ++++++++++++++++++++++++++++++++++ 9 files changed, 547 insertions(+), 1 deletion(-) create mode 100644 2019/14xxx/CVE-2019-14925.json create mode 100644 2019/14xxx/CVE-2019-14926.json create mode 100644 2019/14xxx/CVE-2019-14927.json create mode 100644 2019/14xxx/CVE-2019-14928.json create mode 100644 2019/14xxx/CVE-2019-14929.json create mode 100644 2019/14xxx/CVE-2019-14930.json create mode 100644 2019/14xxx/CVE-2019-14931.json create mode 100644 2019/18xxx/CVE-2019-18466.json diff --git a/2019/14xxx/CVE-2019-14925.json b/2019/14xxx/CVE-2019-14925.json new file mode 100644 index 00000000000..35ecd94d54d --- /dev/null +++ b/2019/14xxx/CVE-2019-14925.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mogozobo.com/", + "refsource": "MISC", + "name": "https://www.mogozobo.com/" + }, + { + "refsource": "MISC", + "name": "https://www.mogozobo.com/?p=3593", + "url": "https://www.mogozobo.com/?p=3593" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14926.json b/2019/14xxx/CVE-2019-14926.json new file mode 100644 index 00000000000..0bea7f546c8 --- /dev/null +++ b/2019/14xxx/CVE-2019-14926.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mogozobo.com/", + "refsource": "MISC", + "name": "https://www.mogozobo.com/" + }, + { + "refsource": "MISC", + "name": "https://www.mogozobo.com/?p=3593", + "url": "https://www.mogozobo.com/?p=3593" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14927.json b/2019/14xxx/CVE-2019-14927.json new file mode 100644 index 00000000000..03c7f90a7f2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14927.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mogozobo.com/", + "refsource": "MISC", + "name": "https://www.mogozobo.com/" + }, + { + "refsource": "MISC", + "name": "https://www.mogozobo.com/?p=3593", + "url": "https://www.mogozobo.com/?p=3593" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14928.json b/2019/14xxx/CVE-2019-14928.json new file mode 100644 index 00000000000..f781d30aec5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14928.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mogozobo.com/", + "refsource": "MISC", + "name": "https://www.mogozobo.com/" + }, + { + "refsource": "MISC", + "name": "https://www.mogozobo.com/?p=3593", + "url": "https://www.mogozobo.com/?p=3593" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14929.json b/2019/14xxx/CVE-2019-14929.json new file mode 100644 index 00000000000..6916d6f330d --- /dev/null +++ b/2019/14xxx/CVE-2019-14929.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mogozobo.com/", + "refsource": "MISC", + "name": "https://www.mogozobo.com/" + }, + { + "refsource": "MISC", + "name": "https://www.mogozobo.com/?p=3593", + "url": "https://www.mogozobo.com/?p=3593" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14930.json b/2019/14xxx/CVE-2019-14930.json new file mode 100644 index 00000000000..bda7193abe0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14930.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mogozobo.com/", + "refsource": "MISC", + "name": "https://www.mogozobo.com/" + }, + { + "refsource": "MISC", + "name": "https://www.mogozobo.com/?p=3593", + "url": "https://www.mogozobo.com/?p=3593" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14931.json b/2019/14xxx/CVE-2019-14931.json new file mode 100644 index 00000000000..0090f52007c --- /dev/null +++ b/2019/14xxx/CVE-2019-14931.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mogozobo.com/", + "refsource": "MISC", + "name": "https://www.mogozobo.com/" + }, + { + "refsource": "MISC", + "name": "https://www.mogozobo.com/?p=3593", + "url": "https://www.mogozobo.com/?p=3593" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16265.json b/2019/16xxx/CVE-2019-16265.json index caf7b680408..fce03acd253 100644 --- a/2019/16xxx/CVE-2019-16265.json +++ b/2019/16xxx/CVE-2019-16265.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow." + "value": "CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow." } ] }, diff --git a/2019/18xxx/CVE-2019-18466.json b/2019/18xxx/CVE-2019-18466.json new file mode 100644 index 00000000000..ae8c034adb6 --- /dev/null +++ b/2019/18xxx/CVE-2019-18466.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588" + }, + { + "url": "https://github.com/containers/libpod/issues/3829", + "refsource": "MISC", + "name": "https://github.com/containers/libpod/issues/3829" + }, + { + "url": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e", + "refsource": "MISC", + "name": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e" + }, + { + "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0", + "refsource": "MISC", + "name": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0" + } + ] + } +} \ No newline at end of file From 46796c0cc237ddb545264a1997b38315dcb9cfe3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 14:01:08 +0000 Subject: [PATCH 27/34] "-Synchronized-Data." --- 2002/2xxx/CVE-2002-2444.json | 58 +++++++++++++++++++++++++++++-- 2005/2xxx/CVE-2005-2349.json | 55 ++++++++++++++++++++++++++++-- 2019/18xxx/CVE-2019-18195.json | 62 ++++++++++++++++++++++++++++++++++ 3 files changed, 170 insertions(+), 5 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18195.json diff --git a/2002/2xxx/CVE-2002-2444.json b/2002/2xxx/CVE-2002-2444.json index df1da88a9ba..a30c56e861b 100644 --- a/2002/2xxx/CVE-2002-2444.json +++ b/2002/2xxx/CVE-2002-2444.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2444", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Snoopy 2.0.0-1 has a security hole in exec cURL" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2014/07/18/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/07/18/2" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://security-tracker.debian.org/tracker/CVE-2002-2444" + }, + { + "refsource": "MISC", + "name": "https://sourceforge.net/p/snoopy/bugs/13/", + "url": "https://sourceforge.net/p/snoopy/bugs/13/" } ] } diff --git a/2005/2xxx/CVE-2005-2349.json b/2005/2xxx/CVE-2005-2349.json index 36969e865ca..8dbff4cf4b1 100644 --- a/2005/2xxx/CVE-2005-2349.json +++ b/2005/2xxx/CVE-2005-2349.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2005-2349", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoo", + "product": { + "product_data": [ + { + "product_name": "Zoo", + "version": { + "version_data": [ + { + "version_value": "2.10-27" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoo 2.10-27 has Directory traversal" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "traversal in zoo" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2005-2349", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2005-2349" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/01/03/1" } ] } diff --git a/2019/18xxx/CVE-2019-18195.json b/2019/18xxx/CVE-2019-18195.json new file mode 100644 index 00000000000..9f6ab9d71b3 --- /dev/null +++ b/2019/18xxx/CVE-2019-18195.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gusrmsdlrh/CVE-2019-18195", + "url": "https://github.com/gusrmsdlrh/CVE-2019-18195" + } + ] + } +} \ No newline at end of file From 38903ea0bc4ef76d93c5d4ae94b3810d8168b824 Mon Sep 17 00:00:00 2001 From: lordoxley <40054947+lordoxley@users.noreply.github.com> Date: Mon, 28 Oct 2019 14:08:03 +0000 Subject: [PATCH 28/34] Publish CVE-2019-3636 --- 2019/3xxx/CVE-2019-3636.json | 111 ++++++++++++++++++++++++++++++----- 1 file changed, 95 insertions(+), 16 deletions(-) diff --git a/2019/3xxx/CVE-2019-3636.json b/2019/3xxx/CVE-2019-3636.json index 0d38c7224fb..e9d05e05aff 100644 --- a/2019/3xxx/CVE-2019-3636.json +++ b/2019/3xxx/CVE-2019-3636.json @@ -1,18 +1,97 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3636", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "CVE_data_meta": { + "ID": "CVE-2019-3636", + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "", + "TITLE": "File masquerade attack vulnerability in McAfee Total Protection", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [], + "advisory": "", + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "McAfee, LCC", + "product": { + "product_data": [ + { + "product_name": "McAfee Total Protection", + "version": { + "version_data": [ + { + "version_name": "16", + "version_affected": "<", + "version_value": "16.0.R22", + "platform": "" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Masquerade Vulneraiblity" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982", + "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [] +} From 26431605bd08c1f055438f03d664c68b12fdef24 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 15:01:17 +0000 Subject: [PATCH 29/34] "-Synchronized-Data." --- 2009/4xxx/CVE-2009-4899.json | 60 ++++++++++++++++++++++++++++-- 2009/4xxx/CVE-2009-4900.json | 60 ++++++++++++++++++++++++++++-- 2010/3xxx/CVE-2010-3293.json | 65 +++++++++++++++++++++++++++++++-- 2010/4xxx/CVE-2010-4239.json | 65 +++++++++++++++++++++++++++++++-- 2010/4xxx/CVE-2010-4240.json | 65 +++++++++++++++++++++++++++++++-- 2010/4xxx/CVE-2010-4241.json | 65 +++++++++++++++++++++++++++++++-- 2010/4xxx/CVE-2010-4245.json | 65 +++++++++++++++++++++++++++++++-- 2017/5xxx/CVE-2017-5731.json | 14 +++---- 2017/5xxx/CVE-2017-5732.json | 14 +++---- 2017/5xxx/CVE-2017-5733.json | 14 +++---- 2017/5xxx/CVE-2017-5734.json | 14 +++---- 2017/5xxx/CVE-2017-5735.json | 14 +++---- 2018/3xxx/CVE-2018-3630.json | 14 +++---- 2019/10xxx/CVE-2019-10079.json | 16 ++++++-- 2019/11xxx/CVE-2019-11043.json | 10 +++-- 2019/16xxx/CVE-2019-16897.json | 62 +++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16943.json | 5 +++ 2019/17xxx/CVE-2019-17224.json | 67 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18467.json | 18 +++++++++ 2019/18xxx/CVE-2019-18468.json | 18 +++++++++ 2019/18xxx/CVE-2019-18469.json | 18 +++++++++ 2019/18xxx/CVE-2019-18470.json | 18 +++++++++ 2019/18xxx/CVE-2019-18471.json | 18 +++++++++ 2019/18xxx/CVE-2019-18472.json | 18 +++++++++ 2019/18xxx/CVE-2019-18473.json | 18 +++++++++ 2019/18xxx/CVE-2019-18474.json | 18 +++++++++ 2019/18xxx/CVE-2019-18475.json | 18 +++++++++ 2019/18xxx/CVE-2019-18476.json | 18 +++++++++ 2019/18xxx/CVE-2019-18477.json | 18 +++++++++ 2019/18xxx/CVE-2019-18478.json | 18 +++++++++ 2019/18xxx/CVE-2019-18479.json | 18 +++++++++ 2019/18xxx/CVE-2019-18480.json | 18 +++++++++ 2019/18xxx/CVE-2019-18481.json | 18 +++++++++ 2019/18xxx/CVE-2019-18482.json | 18 +++++++++ 2019/18xxx/CVE-2019-18483.json | 18 +++++++++ 2019/18xxx/CVE-2019-18484.json | 18 +++++++++ 2019/18xxx/CVE-2019-18485.json | 18 +++++++++ 2019/18xxx/CVE-2019-18486.json | 18 +++++++++ 2019/18xxx/CVE-2019-18487.json | 18 +++++++++ 2019/18xxx/CVE-2019-18488.json | 18 +++++++++ 2019/18xxx/CVE-2019-18489.json | 18 +++++++++ 2019/18xxx/CVE-2019-18490.json | 18 +++++++++ 2019/18xxx/CVE-2019-18491.json | 18 +++++++++ 2019/18xxx/CVE-2019-18492.json | 18 +++++++++ 2019/18xxx/CVE-2019-18493.json | 18 +++++++++ 2019/18xxx/CVE-2019-18494.json | 18 +++++++++ 2019/18xxx/CVE-2019-18495.json | 18 +++++++++ 2019/18xxx/CVE-2019-18496.json | 18 +++++++++ 2019/18xxx/CVE-2019-18497.json | 18 +++++++++ 2019/18xxx/CVE-2019-18498.json | 18 +++++++++ 2019/18xxx/CVE-2019-18499.json | 18 +++++++++ 2019/18xxx/CVE-2019-18500.json | 18 +++++++++ 2019/18xxx/CVE-2019-18501.json | 18 +++++++++ 2019/18xxx/CVE-2019-18502.json | 18 +++++++++ 2019/18xxx/CVE-2019-18503.json | 18 +++++++++ 2019/18xxx/CVE-2019-18504.json | 18 +++++++++ 2019/18xxx/CVE-2019-18505.json | 18 +++++++++ 2019/18xxx/CVE-2019-18506.json | 18 +++++++++ 2019/18xxx/CVE-2019-18507.json | 18 +++++++++ 2019/18xxx/CVE-2019-18508.json | 18 +++++++++ 2019/18xxx/CVE-2019-18509.json | 18 +++++++++ 2019/18xxx/CVE-2019-18510.json | 18 +++++++++ 2019/18xxx/CVE-2019-18511.json | 18 +++++++++ 2019/18xxx/CVE-2019-18512.json | 18 +++++++++ 2019/18xxx/CVE-2019-18513.json | 18 +++++++++ 2019/18xxx/CVE-2019-18514.json | 18 +++++++++ 2019/18xxx/CVE-2019-18515.json | 18 +++++++++ 2019/18xxx/CVE-2019-18516.json | 18 +++++++++ 2019/18xxx/CVE-2019-18517.json | 18 +++++++++ 2019/18xxx/CVE-2019-18518.json | 18 +++++++++ 2019/18xxx/CVE-2019-18519.json | 18 +++++++++ 2019/18xxx/CVE-2019-18520.json | 18 +++++++++ 2019/18xxx/CVE-2019-18521.json | 18 +++++++++ 2019/18xxx/CVE-2019-18522.json | 18 +++++++++ 2019/18xxx/CVE-2019-18523.json | 18 +++++++++ 2019/18xxx/CVE-2019-18524.json | 18 +++++++++ 2019/18xxx/CVE-2019-18525.json | 18 +++++++++ 2019/18xxx/CVE-2019-18526.json | 18 +++++++++ 2019/18xxx/CVE-2019-18527.json | 18 +++++++++ 2019/18xxx/CVE-2019-18528.json | 18 +++++++++ 2019/18xxx/CVE-2019-18554.json | 18 +++++++++ 2019/18xxx/CVE-2019-18555.json | 18 +++++++++ 2019/18xxx/CVE-2019-18556.json | 18 +++++++++ 2019/18xxx/CVE-2019-18557.json | 18 +++++++++ 2019/18xxx/CVE-2019-18558.json | 18 +++++++++ 2019/18xxx/CVE-2019-18559.json | 18 +++++++++ 2019/18xxx/CVE-2019-18560.json | 18 +++++++++ 2019/18xxx/CVE-2019-18561.json | 18 +++++++++ 2019/18xxx/CVE-2019-18562.json | 18 +++++++++ 2019/18xxx/CVE-2019-18563.json | 18 +++++++++ 2019/18xxx/CVE-2019-18564.json | 18 +++++++++ 2019/18xxx/CVE-2019-18565.json | 18 +++++++++ 2019/18xxx/CVE-2019-18566.json | 18 +++++++++ 93 files changed, 1969 insertions(+), 70 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16897.json create mode 100644 2019/17xxx/CVE-2019-17224.json create mode 100644 2019/18xxx/CVE-2019-18467.json create mode 100644 2019/18xxx/CVE-2019-18468.json create mode 100644 2019/18xxx/CVE-2019-18469.json create mode 100644 2019/18xxx/CVE-2019-18470.json create mode 100644 2019/18xxx/CVE-2019-18471.json create mode 100644 2019/18xxx/CVE-2019-18472.json create mode 100644 2019/18xxx/CVE-2019-18473.json create mode 100644 2019/18xxx/CVE-2019-18474.json create mode 100644 2019/18xxx/CVE-2019-18475.json create mode 100644 2019/18xxx/CVE-2019-18476.json create mode 100644 2019/18xxx/CVE-2019-18477.json create mode 100644 2019/18xxx/CVE-2019-18478.json create mode 100644 2019/18xxx/CVE-2019-18479.json create mode 100644 2019/18xxx/CVE-2019-18480.json create mode 100644 2019/18xxx/CVE-2019-18481.json create mode 100644 2019/18xxx/CVE-2019-18482.json create mode 100644 2019/18xxx/CVE-2019-18483.json create mode 100644 2019/18xxx/CVE-2019-18484.json create mode 100644 2019/18xxx/CVE-2019-18485.json create mode 100644 2019/18xxx/CVE-2019-18486.json create mode 100644 2019/18xxx/CVE-2019-18487.json create mode 100644 2019/18xxx/CVE-2019-18488.json create mode 100644 2019/18xxx/CVE-2019-18489.json create mode 100644 2019/18xxx/CVE-2019-18490.json create mode 100644 2019/18xxx/CVE-2019-18491.json create mode 100644 2019/18xxx/CVE-2019-18492.json create mode 100644 2019/18xxx/CVE-2019-18493.json create mode 100644 2019/18xxx/CVE-2019-18494.json create mode 100644 2019/18xxx/CVE-2019-18495.json create mode 100644 2019/18xxx/CVE-2019-18496.json create mode 100644 2019/18xxx/CVE-2019-18497.json create mode 100644 2019/18xxx/CVE-2019-18498.json create mode 100644 2019/18xxx/CVE-2019-18499.json create mode 100644 2019/18xxx/CVE-2019-18500.json create mode 100644 2019/18xxx/CVE-2019-18501.json create mode 100644 2019/18xxx/CVE-2019-18502.json create mode 100644 2019/18xxx/CVE-2019-18503.json create mode 100644 2019/18xxx/CVE-2019-18504.json create mode 100644 2019/18xxx/CVE-2019-18505.json create mode 100644 2019/18xxx/CVE-2019-18506.json create mode 100644 2019/18xxx/CVE-2019-18507.json create mode 100644 2019/18xxx/CVE-2019-18508.json create mode 100644 2019/18xxx/CVE-2019-18509.json create mode 100644 2019/18xxx/CVE-2019-18510.json create mode 100644 2019/18xxx/CVE-2019-18511.json create mode 100644 2019/18xxx/CVE-2019-18512.json create mode 100644 2019/18xxx/CVE-2019-18513.json create mode 100644 2019/18xxx/CVE-2019-18514.json create mode 100644 2019/18xxx/CVE-2019-18515.json create mode 100644 2019/18xxx/CVE-2019-18516.json create mode 100644 2019/18xxx/CVE-2019-18517.json create mode 100644 2019/18xxx/CVE-2019-18518.json create mode 100644 2019/18xxx/CVE-2019-18519.json create mode 100644 2019/18xxx/CVE-2019-18520.json create mode 100644 2019/18xxx/CVE-2019-18521.json create mode 100644 2019/18xxx/CVE-2019-18522.json create mode 100644 2019/18xxx/CVE-2019-18523.json create mode 100644 2019/18xxx/CVE-2019-18524.json create mode 100644 2019/18xxx/CVE-2019-18525.json create mode 100644 2019/18xxx/CVE-2019-18526.json create mode 100644 2019/18xxx/CVE-2019-18527.json create mode 100644 2019/18xxx/CVE-2019-18528.json create mode 100644 2019/18xxx/CVE-2019-18554.json create mode 100644 2019/18xxx/CVE-2019-18555.json create mode 100644 2019/18xxx/CVE-2019-18556.json create mode 100644 2019/18xxx/CVE-2019-18557.json create mode 100644 2019/18xxx/CVE-2019-18558.json create mode 100644 2019/18xxx/CVE-2019-18559.json create mode 100644 2019/18xxx/CVE-2019-18560.json create mode 100644 2019/18xxx/CVE-2019-18561.json create mode 100644 2019/18xxx/CVE-2019-18562.json create mode 100644 2019/18xxx/CVE-2019-18563.json create mode 100644 2019/18xxx/CVE-2019-18564.json create mode 100644 2019/18xxx/CVE-2019-18565.json create mode 100644 2019/18xxx/CVE-2019-18566.json diff --git a/2009/4xxx/CVE-2009-4899.json b/2009/4xxx/CVE-2009-4899.json index f3921be1a0f..436ddecdcbf 100644 --- a/2009/4xxx/CVE-2009-4899.json +++ b/2009/4xxx/CVE-2009-4899.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-4899", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pixelpost", + "product": { + "product_data": [ + { + "product_name": "pixelpost", + "version": { + "version_data": [ + { + "version_value": "1.7.1-5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pixelpost 1.7.1-5 has SQL injection" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2009-4899", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2009-4899" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2009-4899", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2009-4899" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597224" } ] } diff --git a/2009/4xxx/CVE-2009-4900.json b/2009/4xxx/CVE-2009-4900.json index 329ef529db0..75bb340f9bf 100644 --- a/2009/4xxx/CVE-2009-4900.json +++ b/2009/4xxx/CVE-2009-4900.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-4900", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pixelpost", + "product": { + "product_data": [ + { + "product_name": "pixelpost", + "version": { + "version_data": [ + { + "version_value": "1.7.1-5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pixelpost 1.7.1-5 has XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2009-4900", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2009-4900" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2009-4900", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2009-4900" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597224" } ] } diff --git a/2010/3xxx/CVE-2010-3293.json b/2010/3xxx/CVE-2010-3293.json index 20bab745ed7..4666811e1f5 100644 --- a/2010/3xxx/CVE-2010-3293.json +++ b/2010/3xxx/CVE-2010-3293.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-3293", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mailscanner", + "product": { + "product_data": [ + { + "product_name": "mailscanner", + "version": { + "version_data": [ + { + "version_value": "4.79.11-2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mailscanner can allow local users to prevent virus signatures from being updated" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "virus updates DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3293", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3293" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-3293", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-3293" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596397" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2010/09/13/9", + "url": "https://www.openwall.com/lists/oss-security/2010/09/13/9" } ] } diff --git a/2010/4xxx/CVE-2010-4239.json b/2010/4xxx/CVE-2010-4239.json index 0b6057ccb42..6e64841ed8b 100644 --- a/2010/4xxx/CVE-2010-4239.json +++ b/2010/4xxx/CVE-2010-4239.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4239", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tiki Wiki", + "product": { + "product_data": [ + { + "product_name": "CMS Groupware", + "version": { + "version_data": [ + { + "version_value": "5.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNKNOWN_TYPE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4239", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4239" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4239", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4239" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2010/11/22/9", + "url": "https://www.openwall.com/lists/oss-security/2010/11/22/9" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt", + "url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt" } ] } diff --git a/2010/4xxx/CVE-2010-4240.json b/2010/4xxx/CVE-2010-4240.json index e6513103fb5..c9d14a150f6 100644 --- a/2010/4xxx/CVE-2010-4240.json +++ b/2010/4xxx/CVE-2010-4240.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4240", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tiki Wiki", + "product": { + "product_data": [ + { + "product_name": "CMS Groupware", + "version": { + "version_data": [ + { + "version_value": "5.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki Wiki CMS Groupware 5.2 has XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNKNOWN_TYPE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4240", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4240" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4240", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4240" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2010/11/22/9", + "url": "https://www.openwall.com/lists/oss-security/2010/11/22/9" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt", + "url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt" } ] } diff --git a/2010/4xxx/CVE-2010-4241.json b/2010/4xxx/CVE-2010-4241.json index 28a8d1de684..03973294f5f 100644 --- a/2010/4xxx/CVE-2010-4241.json +++ b/2010/4xxx/CVE-2010-4241.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4241", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tiki Wiki", + "product": { + "product_data": [ + { + "product_name": "CMS Groupware", + "version": { + "version_data": [ + { + "version_value": "5.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki Wiki CMS Groupware 5.2 has CSRF" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNKNOWN_TYPE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4241", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4241" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4241", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4241" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt", + "url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2010/11/22/9", + "url": "https://www.openwall.com/lists/oss-security/2010/11/22/9" } ] } diff --git a/2010/4xxx/CVE-2010-4245.json b/2010/4xxx/CVE-2010-4245.json index c9e359462ec..ee7100b564c 100644 --- a/2010/4xxx/CVE-2010-4245.json +++ b/2010/4xxx/CVE-2010-4245.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4245", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pootle", + "product": { + "product_data": [ + { + "product_name": "pootle", + "version": { + "version_data": [ + { + "version_value": "2.0.5-0.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pootle 2.0.5-0.2 has XSS via 'match_names' parameter" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS via 'match_names' parameter on translate.html page" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4245", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4245" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4245", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4245" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4245", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4245" + }, + { + "refsource": "DEBIAN", + "name": "debian", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604060" } ] } diff --git a/2017/5xxx/CVE-2017-5731.json b/2017/5xxx/CVE-2017-5731.json index 88b0cffad60..56363653244 100644 --- a/2017/5xxx/CVE-2017-5731.json +++ b/2017/5xxx/CVE-2017-5731.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-5731", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5731", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2017/5xxx/CVE-2017-5732.json b/2017/5xxx/CVE-2017-5732.json index c21cdc0a5e6..63fc749f5e3 100644 --- a/2017/5xxx/CVE-2017-5732.json +++ b/2017/5xxx/CVE-2017-5732.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-5732", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5732", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } diff --git a/2017/5xxx/CVE-2017-5733.json b/2017/5xxx/CVE-2017-5733.json index 203e397820b..222cb5f0e16 100644 --- a/2017/5xxx/CVE-2017-5733.json +++ b/2017/5xxx/CVE-2017-5733.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-5733", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5733", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } diff --git a/2017/5xxx/CVE-2017-5734.json b/2017/5xxx/CVE-2017-5734.json index 9d14f6132ee..96ad2db2034 100644 --- a/2017/5xxx/CVE-2017-5734.json +++ b/2017/5xxx/CVE-2017-5734.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-5734", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5734", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2017/5xxx/CVE-2017-5735.json b/2017/5xxx/CVE-2017-5735.json index aecf1db2aa1..796adb1ed4e 100644 --- a/2017/5xxx/CVE-2017-5735.json +++ b/2017/5xxx/CVE-2017-5735.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-5735", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5735", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } diff --git a/2018/3xxx/CVE-2018-3630.json b/2018/3xxx/CVE-2018-3630.json index e7bd0fbfe15..0bab0ba54ed 100644 --- a/2018/3xxx/CVE-2018-3630.json +++ b/2018/3xxx/CVE-2018-3630.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3630", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3630", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." } ] } diff --git a/2019/10xxx/CVE-2019-10079.json b/2019/10xxx/CVE-2019-10079.json index c330941cc48..4e14b6a70b3 100644 --- a/2019/10xxx/CVE-2019-10079.json +++ b/2019/10xxx/CVE-2019-10079.json @@ -45,9 +45,19 @@ "references": { "reference_data": [ { - "refsource": "MISC", - "name": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E", - "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E" + "refsource": "MLIST", + "name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks", + "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks", + "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks", + "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" } ] }, diff --git a/2019/11xxx/CVE-2019-11043.json b/2019/11xxx/CVE-2019-11043.json index 7526f08909d..fd0bec99c06 100644 --- a/2019/11xxx/CVE-2019-11043.json +++ b/2019/11xxx/CVE-2019-11043.json @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. " + "value": "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution." } ] }, @@ -98,12 +98,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://bugs.php.net/bug.php?id=78599" + "refsource": "MISC", + "url": "https://github.com/neex/phuip-fpizdam", + "name": "https://github.com/neex/phuip-fpizdam" }, { "refsource": "CONFIRM", - "url": "https://github.com/neex/phuip-fpizdam" + "name": "https://bugs.php.net/bug.php?id=78599", + "url": "https://bugs.php.net/bug.php?id=78599" } ] }, diff --git a/2019/16xxx/CVE-2019-16897.json b/2019/16xxx/CVE-2019-16897.json new file mode 100644 index 00000000000..02e996749ed --- /dev/null +++ b/2019/16xxx/CVE-2019-16897.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/K7%20Security/Local%20Privilege%20Escalation/v16.0.0120/README.md", + "url": "https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/K7%20Security/Local%20Privilege%20Escalation/v16.0.0120/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 0435e9f6bd6..19e5773e680 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379", "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", + "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" } ] } diff --git a/2019/17xxx/CVE-2019-17224.json b/2019/17xxx/CVE-2019-17224.json new file mode 100644 index 00000000000..0cda1d5cc28 --- /dev/null +++ b/2019/17xxx/CVE-2019-17224.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf", + "refsource": "MISC", + "name": "https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf" + }, + { + "refsource": "MISC", + "name": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/", + "url": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18467.json b/2019/18xxx/CVE-2019-18467.json new file mode 100644 index 00000000000..f26f2912442 --- /dev/null +++ b/2019/18xxx/CVE-2019-18467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18467", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18468.json b/2019/18xxx/CVE-2019-18468.json new file mode 100644 index 00000000000..3699990fce4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18468", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18469.json b/2019/18xxx/CVE-2019-18469.json new file mode 100644 index 00000000000..e4dfb28e5d9 --- /dev/null +++ b/2019/18xxx/CVE-2019-18469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18469", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18470.json b/2019/18xxx/CVE-2019-18470.json new file mode 100644 index 00000000000..15b30a639c8 --- /dev/null +++ b/2019/18xxx/CVE-2019-18470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18470", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18471.json b/2019/18xxx/CVE-2019-18471.json new file mode 100644 index 00000000000..9f90564773c --- /dev/null +++ b/2019/18xxx/CVE-2019-18471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18471", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18472.json b/2019/18xxx/CVE-2019-18472.json new file mode 100644 index 00000000000..184deca840b --- /dev/null +++ b/2019/18xxx/CVE-2019-18472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18472", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18473.json b/2019/18xxx/CVE-2019-18473.json new file mode 100644 index 00000000000..21cc7f108b4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18473", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18474.json b/2019/18xxx/CVE-2019-18474.json new file mode 100644 index 00000000000..06f862167cd --- /dev/null +++ b/2019/18xxx/CVE-2019-18474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18474", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18475.json b/2019/18xxx/CVE-2019-18475.json new file mode 100644 index 00000000000..0dd5d65854e --- /dev/null +++ b/2019/18xxx/CVE-2019-18475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18475", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18476.json b/2019/18xxx/CVE-2019-18476.json new file mode 100644 index 00000000000..d547996d801 --- /dev/null +++ b/2019/18xxx/CVE-2019-18476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18476", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18477.json b/2019/18xxx/CVE-2019-18477.json new file mode 100644 index 00000000000..9004847a7a0 --- /dev/null +++ b/2019/18xxx/CVE-2019-18477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18477", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18478.json b/2019/18xxx/CVE-2019-18478.json new file mode 100644 index 00000000000..c58399ba3de --- /dev/null +++ b/2019/18xxx/CVE-2019-18478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18478", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18479.json b/2019/18xxx/CVE-2019-18479.json new file mode 100644 index 00000000000..1d5b09dd8b4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18480.json b/2019/18xxx/CVE-2019-18480.json new file mode 100644 index 00000000000..d2143eb48aa --- /dev/null +++ b/2019/18xxx/CVE-2019-18480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18480", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18481.json b/2019/18xxx/CVE-2019-18481.json new file mode 100644 index 00000000000..e33e628f073 --- /dev/null +++ b/2019/18xxx/CVE-2019-18481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18481", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18482.json b/2019/18xxx/CVE-2019-18482.json new file mode 100644 index 00000000000..d50be8e35bb --- /dev/null +++ b/2019/18xxx/CVE-2019-18482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18483.json b/2019/18xxx/CVE-2019-18483.json new file mode 100644 index 00000000000..737da9a80d6 --- /dev/null +++ b/2019/18xxx/CVE-2019-18483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18483", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18484.json b/2019/18xxx/CVE-2019-18484.json new file mode 100644 index 00000000000..fd99ae525b1 --- /dev/null +++ b/2019/18xxx/CVE-2019-18484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18484", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18485.json b/2019/18xxx/CVE-2019-18485.json new file mode 100644 index 00000000000..0509b89ff50 --- /dev/null +++ b/2019/18xxx/CVE-2019-18485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18485", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18486.json b/2019/18xxx/CVE-2019-18486.json new file mode 100644 index 00000000000..24b185eefcc --- /dev/null +++ b/2019/18xxx/CVE-2019-18486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18486", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18487.json b/2019/18xxx/CVE-2019-18487.json new file mode 100644 index 00000000000..05fb0c6744e --- /dev/null +++ b/2019/18xxx/CVE-2019-18487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18487", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18488.json b/2019/18xxx/CVE-2019-18488.json new file mode 100644 index 00000000000..5653484e0f4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18488", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18489.json b/2019/18xxx/CVE-2019-18489.json new file mode 100644 index 00000000000..cc4d828f4d4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18489", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18490.json b/2019/18xxx/CVE-2019-18490.json new file mode 100644 index 00000000000..cc50209e9f4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18490", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18491.json b/2019/18xxx/CVE-2019-18491.json new file mode 100644 index 00000000000..ec10ff236c6 --- /dev/null +++ b/2019/18xxx/CVE-2019-18491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18491", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18492.json b/2019/18xxx/CVE-2019-18492.json new file mode 100644 index 00000000000..146120375c4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18492", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18493.json b/2019/18xxx/CVE-2019-18493.json new file mode 100644 index 00000000000..cdeb01d44e4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18493", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18494.json b/2019/18xxx/CVE-2019-18494.json new file mode 100644 index 00000000000..360ab041831 --- /dev/null +++ b/2019/18xxx/CVE-2019-18494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18494", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18495.json b/2019/18xxx/CVE-2019-18495.json new file mode 100644 index 00000000000..8a0c3cb81fb --- /dev/null +++ b/2019/18xxx/CVE-2019-18495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18495", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18496.json b/2019/18xxx/CVE-2019-18496.json new file mode 100644 index 00000000000..c87dca64f66 --- /dev/null +++ b/2019/18xxx/CVE-2019-18496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18496", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18497.json b/2019/18xxx/CVE-2019-18497.json new file mode 100644 index 00000000000..2a5896f8d3e --- /dev/null +++ b/2019/18xxx/CVE-2019-18497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18497", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18498.json b/2019/18xxx/CVE-2019-18498.json new file mode 100644 index 00000000000..6255fc4d791 --- /dev/null +++ b/2019/18xxx/CVE-2019-18498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18498", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18499.json b/2019/18xxx/CVE-2019-18499.json new file mode 100644 index 00000000000..6bf420be91d --- /dev/null +++ b/2019/18xxx/CVE-2019-18499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18500.json b/2019/18xxx/CVE-2019-18500.json new file mode 100644 index 00000000000..df76727150d --- /dev/null +++ b/2019/18xxx/CVE-2019-18500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18500", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18501.json b/2019/18xxx/CVE-2019-18501.json new file mode 100644 index 00000000000..5d878bc9eb2 --- /dev/null +++ b/2019/18xxx/CVE-2019-18501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18501", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18502.json b/2019/18xxx/CVE-2019-18502.json new file mode 100644 index 00000000000..34e659d9b8f --- /dev/null +++ b/2019/18xxx/CVE-2019-18502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18502", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18503.json b/2019/18xxx/CVE-2019-18503.json new file mode 100644 index 00000000000..d7ad2598687 --- /dev/null +++ b/2019/18xxx/CVE-2019-18503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18503", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18504.json b/2019/18xxx/CVE-2019-18504.json new file mode 100644 index 00000000000..f471377e8db --- /dev/null +++ b/2019/18xxx/CVE-2019-18504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18504", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18505.json b/2019/18xxx/CVE-2019-18505.json new file mode 100644 index 00000000000..5c5f645ab50 --- /dev/null +++ b/2019/18xxx/CVE-2019-18505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18505", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18506.json b/2019/18xxx/CVE-2019-18506.json new file mode 100644 index 00000000000..1286c4af966 --- /dev/null +++ b/2019/18xxx/CVE-2019-18506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18506", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18507.json b/2019/18xxx/CVE-2019-18507.json new file mode 100644 index 00000000000..46492714ab1 --- /dev/null +++ b/2019/18xxx/CVE-2019-18507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18507", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18508.json b/2019/18xxx/CVE-2019-18508.json new file mode 100644 index 00000000000..232465e0874 --- /dev/null +++ b/2019/18xxx/CVE-2019-18508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18508", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18509.json b/2019/18xxx/CVE-2019-18509.json new file mode 100644 index 00000000000..a34ab1383f1 --- /dev/null +++ b/2019/18xxx/CVE-2019-18509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18509", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18510.json b/2019/18xxx/CVE-2019-18510.json new file mode 100644 index 00000000000..a944786eff5 --- /dev/null +++ b/2019/18xxx/CVE-2019-18510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18510", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18511.json b/2019/18xxx/CVE-2019-18511.json new file mode 100644 index 00000000000..f736e232e70 --- /dev/null +++ b/2019/18xxx/CVE-2019-18511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18511", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18512.json b/2019/18xxx/CVE-2019-18512.json new file mode 100644 index 00000000000..c9676af23df --- /dev/null +++ b/2019/18xxx/CVE-2019-18512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18512", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18513.json b/2019/18xxx/CVE-2019-18513.json new file mode 100644 index 00000000000..fda08131ea3 --- /dev/null +++ b/2019/18xxx/CVE-2019-18513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18513", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18514.json b/2019/18xxx/CVE-2019-18514.json new file mode 100644 index 00000000000..343e63b0808 --- /dev/null +++ b/2019/18xxx/CVE-2019-18514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18514", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18515.json b/2019/18xxx/CVE-2019-18515.json new file mode 100644 index 00000000000..213a976a7a7 --- /dev/null +++ b/2019/18xxx/CVE-2019-18515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18515", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18516.json b/2019/18xxx/CVE-2019-18516.json new file mode 100644 index 00000000000..6844f64d391 --- /dev/null +++ b/2019/18xxx/CVE-2019-18516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18516", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18517.json b/2019/18xxx/CVE-2019-18517.json new file mode 100644 index 00000000000..749d8561b45 --- /dev/null +++ b/2019/18xxx/CVE-2019-18517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18517", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18518.json b/2019/18xxx/CVE-2019-18518.json new file mode 100644 index 00000000000..8e88af1e8c4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18518", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18519.json b/2019/18xxx/CVE-2019-18519.json new file mode 100644 index 00000000000..67a9a5a3dc0 --- /dev/null +++ b/2019/18xxx/CVE-2019-18519.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18519", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18520.json b/2019/18xxx/CVE-2019-18520.json new file mode 100644 index 00000000000..ce03b89947d --- /dev/null +++ b/2019/18xxx/CVE-2019-18520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18520", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18521.json b/2019/18xxx/CVE-2019-18521.json new file mode 100644 index 00000000000..f0386acdca5 --- /dev/null +++ b/2019/18xxx/CVE-2019-18521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18521", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18522.json b/2019/18xxx/CVE-2019-18522.json new file mode 100644 index 00000000000..a650e700958 --- /dev/null +++ b/2019/18xxx/CVE-2019-18522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18522", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18523.json b/2019/18xxx/CVE-2019-18523.json new file mode 100644 index 00000000000..0be3275b8ec --- /dev/null +++ b/2019/18xxx/CVE-2019-18523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18523", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18524.json b/2019/18xxx/CVE-2019-18524.json new file mode 100644 index 00000000000..65096c6eab7 --- /dev/null +++ b/2019/18xxx/CVE-2019-18524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18524", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18525.json b/2019/18xxx/CVE-2019-18525.json new file mode 100644 index 00000000000..183d769e96e --- /dev/null +++ b/2019/18xxx/CVE-2019-18525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18525", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18526.json b/2019/18xxx/CVE-2019-18526.json new file mode 100644 index 00000000000..8e6cefff4f4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18526", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18527.json b/2019/18xxx/CVE-2019-18527.json new file mode 100644 index 00000000000..93d9b6987ff --- /dev/null +++ b/2019/18xxx/CVE-2019-18527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18527", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18528.json b/2019/18xxx/CVE-2019-18528.json new file mode 100644 index 00000000000..cabb67e9502 --- /dev/null +++ b/2019/18xxx/CVE-2019-18528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18528", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18554.json b/2019/18xxx/CVE-2019-18554.json new file mode 100644 index 00000000000..e4b4022c298 --- /dev/null +++ b/2019/18xxx/CVE-2019-18554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18554", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18555.json b/2019/18xxx/CVE-2019-18555.json new file mode 100644 index 00000000000..1b596f2523b --- /dev/null +++ b/2019/18xxx/CVE-2019-18555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18555", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18556.json b/2019/18xxx/CVE-2019-18556.json new file mode 100644 index 00000000000..17d102fd13b --- /dev/null +++ b/2019/18xxx/CVE-2019-18556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18556", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18557.json b/2019/18xxx/CVE-2019-18557.json new file mode 100644 index 00000000000..9a4bdcc9eec --- /dev/null +++ b/2019/18xxx/CVE-2019-18557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18557", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18558.json b/2019/18xxx/CVE-2019-18558.json new file mode 100644 index 00000000000..39656c753c1 --- /dev/null +++ b/2019/18xxx/CVE-2019-18558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18558", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18559.json b/2019/18xxx/CVE-2019-18559.json new file mode 100644 index 00000000000..60cae9bbb87 --- /dev/null +++ b/2019/18xxx/CVE-2019-18559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18559", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18560.json b/2019/18xxx/CVE-2019-18560.json new file mode 100644 index 00000000000..f1ff71ff196 --- /dev/null +++ b/2019/18xxx/CVE-2019-18560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18560", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18561.json b/2019/18xxx/CVE-2019-18561.json new file mode 100644 index 00000000000..883f26d4d43 --- /dev/null +++ b/2019/18xxx/CVE-2019-18561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18561", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18562.json b/2019/18xxx/CVE-2019-18562.json new file mode 100644 index 00000000000..485f1c3852f --- /dev/null +++ b/2019/18xxx/CVE-2019-18562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18562", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18563.json b/2019/18xxx/CVE-2019-18563.json new file mode 100644 index 00000000000..352e528e352 --- /dev/null +++ b/2019/18xxx/CVE-2019-18563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18563", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18564.json b/2019/18xxx/CVE-2019-18564.json new file mode 100644 index 00000000000..4353f331175 --- /dev/null +++ b/2019/18xxx/CVE-2019-18564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18564", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18565.json b/2019/18xxx/CVE-2019-18565.json new file mode 100644 index 00000000000..c2b61a33dff --- /dev/null +++ b/2019/18xxx/CVE-2019-18565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18565", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18566.json b/2019/18xxx/CVE-2019-18566.json new file mode 100644 index 00000000000..4858ebf1a45 --- /dev/null +++ b/2019/18xxx/CVE-2019-18566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18566", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file From f7989e20a2f2e7cb9a4886b5ad9c2de1ca730809 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 15:01:36 +0000 Subject: [PATCH 30/34] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18529.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18530.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18531.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18532.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18533.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18534.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18535.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18536.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18537.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18538.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18539.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18540.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18541.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18542.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18543.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18544.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18545.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18546.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18547.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18548.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18549.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18550.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18551.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18552.json | 18 ++++++++++++++++++ 2019/18xxx/CVE-2019-18553.json | 18 ++++++++++++++++++ 25 files changed, 450 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18529.json create mode 100644 2019/18xxx/CVE-2019-18530.json create mode 100644 2019/18xxx/CVE-2019-18531.json create mode 100644 2019/18xxx/CVE-2019-18532.json create mode 100644 2019/18xxx/CVE-2019-18533.json create mode 100644 2019/18xxx/CVE-2019-18534.json create mode 100644 2019/18xxx/CVE-2019-18535.json create mode 100644 2019/18xxx/CVE-2019-18536.json create mode 100644 2019/18xxx/CVE-2019-18537.json create mode 100644 2019/18xxx/CVE-2019-18538.json create mode 100644 2019/18xxx/CVE-2019-18539.json create mode 100644 2019/18xxx/CVE-2019-18540.json create mode 100644 2019/18xxx/CVE-2019-18541.json create mode 100644 2019/18xxx/CVE-2019-18542.json create mode 100644 2019/18xxx/CVE-2019-18543.json create mode 100644 2019/18xxx/CVE-2019-18544.json create mode 100644 2019/18xxx/CVE-2019-18545.json create mode 100644 2019/18xxx/CVE-2019-18546.json create mode 100644 2019/18xxx/CVE-2019-18547.json create mode 100644 2019/18xxx/CVE-2019-18548.json create mode 100644 2019/18xxx/CVE-2019-18549.json create mode 100644 2019/18xxx/CVE-2019-18550.json create mode 100644 2019/18xxx/CVE-2019-18551.json create mode 100644 2019/18xxx/CVE-2019-18552.json create mode 100644 2019/18xxx/CVE-2019-18553.json diff --git a/2019/18xxx/CVE-2019-18529.json b/2019/18xxx/CVE-2019-18529.json new file mode 100644 index 00000000000..11f45f00ccb --- /dev/null +++ b/2019/18xxx/CVE-2019-18529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18529", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18530.json b/2019/18xxx/CVE-2019-18530.json new file mode 100644 index 00000000000..64a4677cc28 --- /dev/null +++ b/2019/18xxx/CVE-2019-18530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18531.json b/2019/18xxx/CVE-2019-18531.json new file mode 100644 index 00000000000..602166a43d4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18531", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18532.json b/2019/18xxx/CVE-2019-18532.json new file mode 100644 index 00000000000..8e7c3a040e9 --- /dev/null +++ b/2019/18xxx/CVE-2019-18532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18532", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18533.json b/2019/18xxx/CVE-2019-18533.json new file mode 100644 index 00000000000..82274bdd896 --- /dev/null +++ b/2019/18xxx/CVE-2019-18533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18533", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18534.json b/2019/18xxx/CVE-2019-18534.json new file mode 100644 index 00000000000..b9f988a0f2b --- /dev/null +++ b/2019/18xxx/CVE-2019-18534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18534", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18535.json b/2019/18xxx/CVE-2019-18535.json new file mode 100644 index 00000000000..07699e271d3 --- /dev/null +++ b/2019/18xxx/CVE-2019-18535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18535", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18536.json b/2019/18xxx/CVE-2019-18536.json new file mode 100644 index 00000000000..533cb9435fe --- /dev/null +++ b/2019/18xxx/CVE-2019-18536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18536", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18537.json b/2019/18xxx/CVE-2019-18537.json new file mode 100644 index 00000000000..ebb854494b9 --- /dev/null +++ b/2019/18xxx/CVE-2019-18537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18537", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18538.json b/2019/18xxx/CVE-2019-18538.json new file mode 100644 index 00000000000..47d48800f64 --- /dev/null +++ b/2019/18xxx/CVE-2019-18538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18538", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18539.json b/2019/18xxx/CVE-2019-18539.json new file mode 100644 index 00000000000..cf816139e4d --- /dev/null +++ b/2019/18xxx/CVE-2019-18539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18539", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18540.json b/2019/18xxx/CVE-2019-18540.json new file mode 100644 index 00000000000..0949f987822 --- /dev/null +++ b/2019/18xxx/CVE-2019-18540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18540", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18541.json b/2019/18xxx/CVE-2019-18541.json new file mode 100644 index 00000000000..dbffb2aebe3 --- /dev/null +++ b/2019/18xxx/CVE-2019-18541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18541", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18542.json b/2019/18xxx/CVE-2019-18542.json new file mode 100644 index 00000000000..26fb5ce0386 --- /dev/null +++ b/2019/18xxx/CVE-2019-18542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18542", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18543.json b/2019/18xxx/CVE-2019-18543.json new file mode 100644 index 00000000000..bd905047a9f --- /dev/null +++ b/2019/18xxx/CVE-2019-18543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18543", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18544.json b/2019/18xxx/CVE-2019-18544.json new file mode 100644 index 00000000000..133204c9505 --- /dev/null +++ b/2019/18xxx/CVE-2019-18544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18544", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18545.json b/2019/18xxx/CVE-2019-18545.json new file mode 100644 index 00000000000..1058dc118e9 --- /dev/null +++ b/2019/18xxx/CVE-2019-18545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18545", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18546.json b/2019/18xxx/CVE-2019-18546.json new file mode 100644 index 00000000000..6b74d75fbb0 --- /dev/null +++ b/2019/18xxx/CVE-2019-18546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18546", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18547.json b/2019/18xxx/CVE-2019-18547.json new file mode 100644 index 00000000000..781e2ec698e --- /dev/null +++ b/2019/18xxx/CVE-2019-18547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18547", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18548.json b/2019/18xxx/CVE-2019-18548.json new file mode 100644 index 00000000000..8ae4c3f8cea --- /dev/null +++ b/2019/18xxx/CVE-2019-18548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18548", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18549.json b/2019/18xxx/CVE-2019-18549.json new file mode 100644 index 00000000000..7ed2e2c7d59 --- /dev/null +++ b/2019/18xxx/CVE-2019-18549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18549", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18550.json b/2019/18xxx/CVE-2019-18550.json new file mode 100644 index 00000000000..795d35c5fde --- /dev/null +++ b/2019/18xxx/CVE-2019-18550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18550", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18551.json b/2019/18xxx/CVE-2019-18551.json new file mode 100644 index 00000000000..f7bd2d1be84 --- /dev/null +++ b/2019/18xxx/CVE-2019-18551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18551", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18552.json b/2019/18xxx/CVE-2019-18552.json new file mode 100644 index 00000000000..cec61055829 --- /dev/null +++ b/2019/18xxx/CVE-2019-18552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18552", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18553.json b/2019/18xxx/CVE-2019-18553.json new file mode 100644 index 00000000000..517d78db70b --- /dev/null +++ b/2019/18xxx/CVE-2019-18553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18553", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file From 1aeec4cec9dab88c9286889d230a624fadd3b7df Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 16:01:16 +0000 Subject: [PATCH 31/34] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16548.json | 10 ++++++ 2019/16xxx/CVE-2019-16167.json | 5 +++ 2019/17xxx/CVE-2019-17184.json | 5 +++ 2019/5xxx/CVE-2019-5536.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5537.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5538.json | 58 ++++++++++++++++++++++++++++++---- 6 files changed, 173 insertions(+), 21 deletions(-) diff --git a/2018/16xxx/CVE-2018-16548.json b/2018/16xxx/CVE-2018-16548.json index 7cb80607ffe..d3b64046057 100644 --- a/2018/16xxx/CVE-2018-16548.json +++ b/2018/16xxx/CVE-2018-16548.json @@ -61,6 +61,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:2196", "url": "https://access.redhat.com/errata/RHSA-2019:2196" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2396", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00066.html" } ] } diff --git a/2019/16xxx/CVE-2019-16167.json b/2019/16xxx/CVE-2019-16167.json index 00a6079a8ee..dc24d18d7d0 100644 --- a/2019/16xxx/CVE-2019-16167.json +++ b/2019/16xxx/CVE-2019-16167.json @@ -61,6 +61,11 @@ "url": "https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6", "refsource": "MISC", "name": "https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2395", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html" } ] } diff --git a/2019/17xxx/CVE-2019-17184.json b/2019/17xxx/CVE-2019-17184.json index 663c91f35ac..a14e4ecb648 100644 --- a/2019/17xxx/CVE-2019-17184.json +++ b/2019/17xxx/CVE-2019-17184.json @@ -56,6 +56,11 @@ "url": "https://security.business.xerox.com/wp-content/uploads/2019/09/cert_Security_Mini_Bulletin_XRX19V_for_AltaLinkB80xx-C80xx.pdf", "refsource": "MISC", "name": "https://security.business.xerox.com/wp-content/uploads/2019/09/cert_Security_Mini_Bulletin_XRX19V_for_AltaLinkB80xx-C80xx.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/09/cert_Security_Mini_Bulletin_XRX19V_for_AltaLinkB80xx-C80xx-1.pdf", + "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/09/cert_Security_Mini_Bulletin_XRX19V_for_AltaLinkB80xx-C80xx-1.pdf" } ] } diff --git a/2019/5xxx/CVE-2019-5536.json b/2019/5xxx/CVE-2019-5536.json index 7f5ed1fd3ad..34b870fafae 100644 --- a/2019/5xxx/CVE-2019-5536.json +++ b/2019/5xxx/CVE-2019-5536.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5536", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5536", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi, Workstation and Fusion", + "version": { + "version_data": [ + { + "version_value": "VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0019.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0019.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion." } ] } diff --git a/2019/5xxx/CVE-2019-5537.json b/2019/5xxx/CVE-2019-5537.json index 19c8dd615f1..89e888a207c 100644 --- a/2019/5xxx/CVE-2019-5537.json +++ b/2019/5xxx/CVE-2019-5537.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5537", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5537", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server Appliance", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations." } ] } diff --git a/2019/5xxx/CVE-2019-5538.json b/2019/5xxx/CVE-2019-5538.json index df3a302dc78..fc08e12de12 100644 --- a/2019/5xxx/CVE-2019-5538.json +++ b/2019/5xxx/CVE-2019-5538.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5538", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5538", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server Appliance", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations." } ] } From 73b8eaf2a4090f40714f8c128b84a570091b09b8 Mon Sep 17 00:00:00 2001 From: jpattrendmicro Date: Mon, 28 Oct 2019 10:00:05 -0700 Subject: [PATCH 32/34] Trend Micro CVE-2019-18187, 18188, 18189 submissions Trend Micro CVE-2019-18187, 18188, 18189 submissions --- 2019/18xxx/CVE-2019-18187.json | 60 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18188.json | 60 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18189.json | 60 ++++++++++++++++++++++++++++++++++ 3 files changed, 180 insertions(+) create mode 100644 2019/18xxx/CVE-2019-18187.json create mode 100644 2019/18xxx/CVE-2019-18188.json create mode 100644 2019/18xxx/CVE-2019-18189.json diff --git a/2019/18xxx/CVE-2019-18187.json b/2019/18xxx/CVE-2019-18187.json new file mode 100644 index 00000000000..41ff9f25acd --- /dev/null +++ b/2019/18xxx/CVE-2019-18187.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2019-18187", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro OfficeScan", + "version" : { + "version_data" : [ + { + "version_value" : "Version 11.0, XG (12.0)" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Arbitrary File Upload with Directory Traversal" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://success.trendmicro.com/solution/000151730" + } + ] + } +} diff --git a/2019/18xxx/CVE-2019-18188.json b/2019/18xxx/CVE-2019-18188.json new file mode 100644 index 00000000000..4a9c4fa6acb --- /dev/null +++ b/2019/18xxx/CVE-2019-18188.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2019-18188", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Apex One", + "version" : { + "version_data" : [ + { + "version_value" : "All" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.\r\n" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Arbitrary File Upload with Command Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://success.trendmicro.com/solution/000151731" + } + ] + } +} diff --git a/2019/18xxx/CVE-2019-18189.json b/2019/18xxx/CVE-2019-18189.json new file mode 100644 index 00000000000..2455d90e743 --- /dev/null +++ b/2019/18xxx/CVE-2019-18189.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2019-18189", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS)", + "version" : { + "version_data" : [ + { + "version_value" : "Apex One (All), OSCE (11.0, XG), WFBS (9.5, 10.0)" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product’s management console as a root user. The vulnerability does not require authentication.\r\n" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Root Login Bypass with Directory Traversal" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://success.trendmicro.com/solution/000151732" + } + ] + } +} From ec9b8d443245194643fc65e323d211e2af1f0bd0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 17:01:11 +0000 Subject: [PATCH 33/34] "-Synchronized-Data." --- 2012/5xxx/CVE-2012-5577.json | 70 ++++++++++++++++++++++++++++++++-- 2019/14xxx/CVE-2019-14450.json | 67 ++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17181.json | 67 ++++++++++++++++++++++++++++++++ 3 files changed, 201 insertions(+), 3 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14450.json create mode 100644 2019/17xxx/CVE-2019-17181.json diff --git a/2012/5xxx/CVE-2012-5577.json b/2012/5xxx/CVE-2012-5577.json index c164b32c4a8..8b7c7561576 100644 --- a/2012/5xxx/CVE-2012-5577.json +++ b/2012/5xxx/CVE-2012-5577.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5577", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Python keyring lib", + "product": { + "product_data": [ + { + "product_name": "Python keyring lib", + "version": { + "version_data": [ + { + "version_value": "0.10" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Python keyring lib before 0.10 created keyring files with world-readable permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-5577", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-5577" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/11/27/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/27/3" + }, + { + "refsource": "CONFIRM", + "name": "https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1", + "url": "https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1" + }, + { + "refsource": "MISC", + "name": "https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg", + "url": "https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg" } ] } diff --git a/2019/14xxx/CVE-2019-14450.json b/2019/14xxx/CVE-2019-14450.json new file mode 100644 index 00000000000..f12b31e4738 --- /dev/null +++ b/2019/14xxx/CVE-2019-14450.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an \"external command\" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.repetier-server.com/manuals/0.91/index.html", + "refsource": "MISC", + "name": "https://www.repetier-server.com/manuals/0.91/index.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.repetier-server.com/knowledgebase/security-advisory/", + "url": "https://www.repetier-server.com/knowledgebase/security-advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17181.json b/2019/17xxx/CVE-2019-17181.json new file mode 100644 index 00000000000..73edefe3b5d --- /dev/null +++ b/2019/17xxx/CVE-2019-17181.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.leighb.com/intrasrv.htm", + "refsource": "MISC", + "name": "http://www.leighb.com/intrasrv.htm" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019100164", + "url": "https://cxsecurity.com/issue/WLB-2019100164" + } + ] + } +} \ No newline at end of file From 852a19572807fa59a03be7ccde1b31eef9fe1a8f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Oct 2019 19:01:08 +0000 Subject: [PATCH 34/34] "-Synchronized-Data." --- 2017/15xxx/CVE-2017-15725.json | 48 ++++++++++++++++++++++++++++++++-- 2018/14xxx/CVE-2018-14880.json | 5 ++++ 2019/16xxx/CVE-2019-16167.json | 5 ++++ 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/2017/15xxx/CVE-2017-15725.json b/2017/15xxx/CVE-2017-15725.json index 63b2bc9ff44..584503597a8 100644 --- a/2017/15xxx/CVE-2017-15725.json +++ b/2017/15xxx/CVE-2017-15725.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15725", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML External Entity Injection vulnerability exists in Dzone AnswerHub." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://il.linkedin.com/in/nivlevy", + "url": "https://il.linkedin.com/in/nivlevy" } ] } diff --git a/2018/14xxx/CVE-2018-14880.json b/2018/14xxx/CVE-2018-14880.json index 8de73e5ff4d..f248f8b354b 100644 --- a/2018/14xxx/CVE-2018-14880.json +++ b/2018/14xxx/CVE-2018-14880.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-d06bc63433", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2019/16xxx/CVE-2019-16167.json b/2019/16xxx/CVE-2019-16167.json index dc24d18d7d0..b7296a1560f 100644 --- a/2019/16xxx/CVE-2019-16167.json +++ b/2019/16xxx/CVE-2019-16167.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2395", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2397", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html" } ] }