diff --git a/2018/19xxx/CVE-2018-19130.json b/2018/19xxx/CVE-2018-19130.json index 4f4e1a69795..68a3a6d709b 100644 --- a/2018/19xxx/CVE-2018-19130.json +++ b/2018/19xxx/CVE-2018-19130.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file." + "value": "** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127." } ] }, diff --git a/2019/14xxx/CVE-2019-14441.json b/2019/14xxx/CVE-2019-14441.json index be450ee44c8..9cb8dca1e7c 100644 --- a/2019/14xxx/CVE-2019-14441.json +++ b/2019/14xxx/CVE-2019-14441.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c." + "value": "** DISPUTED ** An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129." } ] }, diff --git a/2019/15xxx/CVE-2019-15071.json b/2019/15xxx/CVE-2019-15071.json index c630af5aae8..feea75885e4 100644 --- a/2019/15xxx/CVE-2019-15071.json +++ b/2019/15xxx/CVE-2019-15071.json @@ -99,6 +99,16 @@ "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201909001", "refsource": "CONFIRM", "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201909001" + }, + { + "refsource": "MISC", + "name": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf", + "url": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf", + "url": "https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf" } ] }, diff --git a/2019/16xxx/CVE-2019-16863.json b/2019/16xxx/CVE-2019-16863.json index 54cbdb1f3fc..a45375b33e5 100644 --- a/2019/16xxx/CVE-2019-16863.json +++ b/2019/16xxx/CVE-2019-16863.json @@ -71,6 +71,16 @@ "refsource": "CONFIRM", "name": "https://support.lenovo.com/us/en/product_security/LEN-29406", "url": "https://support.lenovo.com/us/en/product_security/LEN-29406" + }, + { + "refsource": "CONFIRM", + "name": "https://www.st.com/content/st_com/en/campaigns/tpm-update.html", + "url": "https://www.st.com/content/st_com/en/campaigns/tpm-update.html" + }, + { + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024" } ] } diff --git a/2019/19xxx/CVE-2019-19006.json b/2019/19xxx/CVE-2019-19006.json index 67c35921b55..80e5ee32058 100644 --- a/2019/19xxx/CVE-2019-19006.json +++ b/2019/19xxx/CVE-2019-19006.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772", "url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772" + }, + { + "refsource": "MISC", + "name": "https://pastebin.com/2CdsQMKW", + "url": "https://pastebin.com/2CdsQMKW" } ] } diff --git a/2019/19xxx/CVE-2019-19013.json b/2019/19xxx/CVE-2019-19013.json new file mode 100644 index 00000000000..cbbcd2ea812 --- /dev/null +++ b/2019/19xxx/CVE-2019-19013.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/155426/Pagekit-CMS-1.0.17-Cross-Site-Request-Forgery.html", + "url": "https://packetstormsecurity.com/files/155426/Pagekit-CMS-1.0.17-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19228.json b/2019/19xxx/CVE-2019-19228.json new file mode 100644 index 00000000000..9dbe89bdb4b --- /dev/null +++ b/2019/19xxx/CVE-2019-19228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19229.json b/2019/19xxx/CVE-2019-19229.json new file mode 100644 index 00000000000..745dbb7e047 --- /dev/null +++ b/2019/19xxx/CVE-2019-19229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3427.json b/2019/3xxx/CVE-2019-3427.json index 13eb666ab1b..ac5a8d2da81 100644 --- a/2019/3xxx/CVE-2019-3427.json +++ b/2019/3xxx/CVE-2019-3427.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3427", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3427", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "ZXCDN IAMWEB", + "version": { + "version_data": [ + { + "version_value": "ZXCDN-IAMWEBV6.01.03.01" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users\u2019 information leakage." } ] } diff --git a/2019/3xxx/CVE-2019-3428.json b/2019/3xxx/CVE-2019-3428.json index 7794d182798..7cd023eb6bd 100644 --- a/2019/3xxx/CVE-2019-3428.json +++ b/2019/3xxx/CVE-2019-3428.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3428", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3428", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "ZXCDN IAMWEB", + "version": { + "version_data": [ + { + "version_value": "AllZXCDN-IAMWEBV6.01.03.01" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "configuration error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users\u2019 information leakage." } ] } diff --git a/2019/4xxx/CVE-2019-4214.json b/2019/4xxx/CVE-2019-4214.json index 0b620445e99..acbd43d9504 100644 --- a/2019/4xxx/CVE-2019-4214.json +++ b/2019/4xxx/CVE-2019-4214.json @@ -1,102 +1,102 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "A" : "N", - "SCORE" : "3.700", - "UI" : "N", - "PR" : "N", - "AC" : "H", - "S" : "U", - "I" : "N", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.3.1" - }, - { - "version_value" : "1.3.2" - }, - { - "version_value" : "1.3.3" - }, - { - "version_value" : "1.3.4" - }, - { - "version_value" : "1.3.5" - } - ] - }, - "product_name" : "SmartCloud Analytics" - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "A": "N", + "SCORE": "3.700", + "UI": "N", + "PR": "N", + "AC": "H", + "S": "U", + "I": "N", + "AV": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-11-21T00:00:00", - "ID" : "CVE-2019-4214", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 1110171 (SmartCloud Analytics)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1110171", - "url" : "https://www.ibm.com/support/pages/node/1110171" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159185", - "name" : "ibm-smartcloud-cve20194214-info-disc (159185)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.3.1" + }, + { + "version_value": "1.3.2" + }, + { + "version_value": "1.3.3" + }, + { + "version_value": "1.3.4" + }, + { + "version_value": "1.3.5" + } + ] + }, + "product_name": "SmartCloud Analytics" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-11-21T00:00:00", + "ID": "CVE-2019-4214", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1110171 (SmartCloud Analytics)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1110171", + "url": "https://www.ibm.com/support/pages/node/1110171" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159185", + "name": "ibm-smartcloud-cve20194214-info-disc (159185)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4215.json b/2019/4xxx/CVE-2019-4215.json index ded4762a85a..b3518ce9b5e 100644 --- a/2019/4xxx/CVE-2019-4215.json +++ b/2019/4xxx/CVE-2019-4215.json @@ -1,102 +1,102 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "AC" : "L", - "UI" : "R", - "I" : "L", - "S" : "C", - "AV" : "N", - "C" : "L", - "SCORE" : "6.100", - "A" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4215", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-11-20T00:00:00" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.3.1" - }, - { - "version_value" : "1.3.2" - }, - { - "version_value" : "1.3.3" - }, - { - "version_value" : "1.3.4" - }, - { - "version_value" : "1.3.5" - } - ] - }, - "product_name" : "SmartCloud Analytics" - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "AC": "L", + "UI": "R", + "I": "L", + "S": "C", + "AV": "N", + "C": "L", + "SCORE": "6.100", + "A": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 1109769 (SmartCloud Analytics)", - "name" : "https://www.ibm.com/support/pages/node/1109769", - "url" : "https://www.ibm.com/support/pages/node/1109769", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-smartcloud-cve20194215-clickjacking (159186)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4215", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-11-20T00:00:00" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.3.1" + }, + { + "version_value": "1.3.2" + }, + { + "version_value": "1.3.3" + }, + { + "version_value": "1.3.4" + }, + { + "version_value": "1.3.5" + } + ] + }, + "product_name": "SmartCloud Analytics" + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1109769 (SmartCloud Analytics)", + "name": "https://www.ibm.com/support/pages/node/1109769", + "url": "https://www.ibm.com/support/pages/node/1109769", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-smartcloud-cve20194215-clickjacking (159186)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159186" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4216.json b/2019/4xxx/CVE-2019-4216.json index 0aef9f62b33..709a7516e4c 100644 --- a/2019/4xxx/CVE-2019-4216.json +++ b/2019/4xxx/CVE-2019-4216.json @@ -1,102 +1,102 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "A" : "N", - "SCORE" : "4.600", - "C" : "L", - "AV" : "N", - "S" : "U", - "I" : "L", - "UI" : "R", - "PR" : "L", - "AC" : "L" - } - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.3.1" - }, - { - "version_value" : "1.3.2" - }, - { - "version_value" : "1.3.3" - }, - { - "version_value" : "1.3.4" - }, - { - "version_value" : "1.3.5" - } - ] - }, - "product_name" : "SmartCloud Analytics" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "A": "N", + "SCORE": "4.600", + "C": "L", + "AV": "N", + "S": "U", + "I": "L", + "UI": "R", + "PR": "L", + "AC": "L" } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-11-20T00:00:00", - "ID" : "CVE-2019-4216", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1109745", - "name" : "https://www.ibm.com/support/pages/node/1109745", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1109745 (SmartCloud Analytics)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159187", - "name" : "ibm-smartcloud-cve20194216-header-injection (159187)", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.3.1" + }, + { + "version_value": "1.3.2" + }, + { + "version_value": "1.3.3" + }, + { + "version_value": "1.3.4" + }, + { + "version_value": "1.3.5" + } + ] + }, + "product_name": "SmartCloud Analytics" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-11-20T00:00:00", + "ID": "CVE-2019-4216", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1109745", + "name": "https://www.ibm.com/support/pages/node/1109745", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1109745 (SmartCloud Analytics)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159187", + "name": "ibm-smartcloud-cve20194216-header-injection (159187)", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4243.json b/2019/4xxx/CVE-2019-4243.json index eb6a7cacb46..155fef4f187 100644 --- a/2019/4xxx/CVE-2019-4243.json +++ b/2019/4xxx/CVE-2019-4243.json @@ -1,102 +1,102 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1109721", - "name" : "https://www.ibm.com/support/pages/node/1109721", - "title" : "IBM Security Bulletin 1109721 (SmartCloud Analytics)" - }, - { - "name" : "ibm-smartcloud-cve20194243-weak-security (159517)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159517", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.3.1" - }, - { - "version_value" : "1.3.2" - }, - { - "version_value" : "1.3.3" - }, - { - "version_value" : "1.3.4" - }, - { - "version_value" : "1.3.5" - } - ] - }, - "product_name" : "SmartCloud Analytics" - } - ] - } + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1109721", + "name": "https://www.ibm.com/support/pages/node/1109721", + "title": "IBM Security Bulletin 1109721 (SmartCloud Analytics)" + }, + { + "name": "ibm-smartcloud-cve20194243-weak-security (159517)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159517", + "refsource": "XF", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4243", - "DATE_PUBLIC" : "2019-11-20T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "SCORE" : "5.100", - "C" : "L", - "AV" : "L", - "S" : "U", - "I" : "L", - "UI" : "N", - "PR" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.3.1" + }, + { + "version_value": "1.3.2" + }, + { + "version_value": "1.3.3" + }, + { + "version_value": "1.3.4" + }, + { + "version_value": "1.3.5" + } + ] + }, + "product_name": "SmartCloud Analytics" + } + ] + } + } ] - } - ] - } -} + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4243", + "DATE_PUBLIC": "2019-11-20T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "SCORE": "5.100", + "C": "L", + "AV": "L", + "S": "U", + "I": "L", + "UI": "N", + "PR": "N", + "AC": "L" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4569.json b/2019/4xxx/CVE-2019-4569.json index 9c40d68602d..b41e62304cd 100644 --- a/2019/4xxx/CVE-2019-4569.json +++ b/2019/4xxx/CVE-2019-4569.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "L", - "S" : "C", - "AV" : "N", - "PR" : "L", - "AC" : "L", - "UI" : "R", - "SCORE" : "5.400", - "A" : "N", - "C" : "L" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4569", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-11-20T00:00:00" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0" - }, - { - "version_value" : "7.1.0.16" - } - ] - }, - "product_name" : "Tivoli Netcool Impact" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1110135", - "url" : "https://www.ibm.com/support/pages/node/1110135", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1110135 (Tivoli Netcool Impact)" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166719", - "name" : "ibm-tivoli-cve20194569-xss (166719)", - "refsource" : "XF" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "S": "C", + "AV": "N", + "PR": "L", + "AC": "L", + "UI": "R", + "SCORE": "5.400", + "A": "N", + "C": "L" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-4569", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-11-20T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1.0" + }, + { + "version_value": "7.1.0.16" + } + ] + }, + "product_name": "Tivoli Netcool Impact" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1110135", + "url": "https://www.ibm.com/support/pages/node/1110135", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1110135 (Tivoli Netcool Impact)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166719", + "name": "ibm-tivoli-cve20194569-xss (166719)", + "refsource": "XF" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4570.json b/2019/4xxx/CVE-2019-4570.json index 461a697f1bc..89999b176be 100644 --- a/2019/4xxx/CVE-2019-4570.json +++ b/2019/4xxx/CVE-2019-4570.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "PR" : "N", - "AC" : "H", - "UI" : "N", - "AV" : "N", - "I" : "N", - "S" : "U", - "C" : "L", - "SCORE" : "3.700", - "A" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0" - }, - { - "version_value" : "7.1.0.16" - } - ] - }, - "product_name" : "Tivoli Netcool Impact" - } - ] - } + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "PR": "N", + "AC": "H", + "UI": "N", + "AV": "N", + "I": "N", + "S": "U", + "C": "L", + "SCORE": "3.700", + "A": "N" } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4570", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-11-20T00:00:00" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 1110141 (Tivoli Netcool Impact)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1110141", - "name" : "https://www.ibm.com/support/pages/node/1110141" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166720", - "name" : "ibm-tivoli-cve20194570-info-disc (166720)", - "refsource" : "XF" - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1.0" + }, + { + "version_value": "7.1.0.16" + } + ] + }, + "product_name": "Tivoli Netcool Impact" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4570", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-11-20T00:00:00" + }, + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1110141 (Tivoli Netcool Impact)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1110141", + "name": "https://www.ibm.com/support/pages/node/1110141" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166720", + "name": "ibm-tivoli-cve20194570-info-disc (166720)", + "refsource": "XF" + } + ] + } +} \ No newline at end of file