diff --git a/2018/21xxx/CVE-2018-21019.json b/2018/21xxx/CVE-2018-21019.json new file mode 100644 index 00000000000..50d5880b7ca --- /dev/null +++ b/2018/21xxx/CVE-2018-21019.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/home-assistant/home-assistant/pull/13836", + "refsource": "MISC", + "name": "https://github.com/home-assistant/home-assistant/pull/13836" + }, + { + "url": "https://github.com/home-assistant/home-assistant/releases/tag/0.67.0", + "refsource": "MISC", + "name": "https://github.com/home-assistant/home-assistant/releases/tag/0.67.0" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10090.json b/2019/10xxx/CVE-2019-10090.json index b42a734ea28..aacfc09b924 100644 --- a/2019/10xxx/CVE-2019-10090.json +++ b/2019/10xxx/CVE-2019-10090.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache JSPWiki", + "version": { + "version_data": [ + { + "version_value": "Apache JSPWiki up to 2.11.0.M4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090", + "url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim." } ] } diff --git a/2019/10xxx/CVE-2019-10978.json b/2019/10xxx/CVE-2019-10978.json index 26cd7896ff3..29e0641539c 100644 --- a/2019/10xxx/CVE-2019-10978.json +++ b/2019/10xxx/CVE-2019-10978.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Lion Controls Crimson (Windows configuration software)", + "version": { + "version_data": [ + { + "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area." } ] } diff --git a/2019/10xxx/CVE-2019-10984.json b/2019/10xxx/CVE-2019-10984.json index 922b3d48f21..44a79880b9a 100644 --- a/2019/10xxx/CVE-2019-10984.json +++ b/2019/10xxx/CVE-2019-10984.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Lion Controls Crimson (Windows configuration software)", + "version": { + "version_data": [ + { + "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "POINTER ISSUES CWE-465" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers." } ] } diff --git a/2019/10xxx/CVE-2019-10990.json b/2019/10xxx/CVE-2019-10990.json index b27111b8472..5377810f813 100644 --- a/2019/10xxx/CVE-2019-10990.json +++ b/2019/10xxx/CVE-2019-10990.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Lion Controls Crimson (Windows configuration software)", + "version": { + "version_data": [ + { + "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files." } ] } diff --git a/2019/10xxx/CVE-2019-10996.json b/2019/10xxx/CVE-2019-10996.json index f436513c5de..f03763dcb92 100644 --- a/2019/10xxx/CVE-2019-10996.json +++ b/2019/10xxx/CVE-2019-10996.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Lion Controls Crimson (Windows configuration software)", + "version": { + "version_data": [ + { + "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE AFTER FREE CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed." } ] } diff --git a/2019/12xxx/CVE-2019-12407.json b/2019/12xxx/CVE-2019-12407.json index 148e05a3c99..ec5a2b9c539 100644 --- a/2019/12xxx/CVE-2019-12407.json +++ b/2019/12xxx/CVE-2019-12407.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12407", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache JSPWiki", + "version": { + "version_data": [ + { + "version_value": "Apache JSPWiki up to 2.11.0.M4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407", + "url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim." } ] } diff --git a/2019/16xxx/CVE-2019-16377.json b/2019/16xxx/CVE-2019-16377.json new file mode 100644 index 00000000000..ad7730b1ed5 --- /dev/null +++ b/2019/16xxx/CVE-2019-16377.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rubygems.org/gems/consul", + "refsource": "MISC", + "name": "https://rubygems.org/gems/consul" + }, + { + "refsource": "MISC", + "name": "https://github.com/makandra/consul/issues/49", + "url": "https://github.com/makandra/consul/issues/49" + } + ] + } +} \ No newline at end of file