diff --git a/2016/7xxx/CVE-2016-7550.json b/2016/7xxx/CVE-2016-7550.json index 357af5efd95..12e93048a80 100644 --- a/2016/7xxx/CVE-2016-7550.json +++ b/2016/7xxx/CVE-2016-7550.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7550", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html", + "refsource": "MISC", + "name": "http://downloads.asterisk.org/pub/security/AST-2016-006.html" } ] } diff --git a/2016/8xxx/CVE-2016-8897.json b/2016/8xxx/CVE-2016-8897.json index 519ccd4eecb..6016c9a3f32 100644 --- a/2016/8xxx/CVE-2016-8897.json +++ b/2016/8xxx/CVE-2016-8897.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8897", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2016/09/30/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/09/30/5" + }, + { + "url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db", + "refsource": "MISC", + "name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db" } ] } diff --git a/2016/8xxx/CVE-2016-8899.json b/2016/8xxx/CVE-2016-8899.json index a9341d5f7ca..6d8a068823c 100644 --- a/2016/8xxx/CVE-2016-8899.json +++ b/2016/8xxx/CVE-2016-8899.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8899", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2016/09/30/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/09/30/5" + }, + { + "url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db", + "refsource": "MISC", + "name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db" } ] } diff --git a/2018/18xxx/CVE-2018-18511.json b/2018/18xxx/CVE-2018-18511.json index 9316ed47d52..b0f9214e02c 100644 --- a/2018/18xxx/CVE-2018-18511.json +++ b/2018/18xxx/CVE-2018-18511.json @@ -36,6 +36,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:1265", "url": "https://access.redhat.com/errata/RHSA-2019:1265" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1267", + "url": "https://access.redhat.com/errata/RHSA-2019:1267" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1269", + "url": "https://access.redhat.com/errata/RHSA-2019:1269" } ] }, diff --git a/2019/10xxx/CVE-2019-10132.json b/2019/10xxx/CVE-2019-10132.json index 58ec20b2e7d..7914b53d5e8 100644 --- a/2019/10xxx/CVE-2019-10132.json +++ b/2019/10xxx/CVE-2019-10132.json @@ -53,6 +53,16 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1264", + "url": "https://access.redhat.com/errata/RHSA-2019:1264" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1268", + "url": "https://access.redhat.com/errata/RHSA-2019:1268" } ] }, diff --git a/2019/10xxx/CVE-2019-10851.json b/2019/10xxx/CVE-2019-10851.json index daa2a083a33..eb778e3dfd7 100644 --- a/2019/10xxx/CVE-2019-10851.json +++ b/2019/10xxx/CVE-2019-10851.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10851", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10851", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Computrols CBAS 18.0.0 has hard-coded encryption keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/index.php/download_file/view/196/165", + "url": "https://applied-risk.com/index.php/download_file/view/196/165" } ] } diff --git a/2019/10xxx/CVE-2019-10852.json b/2019/10xxx/CVE-2019-10852.json index 40802d930bc..06823814027 100644 --- a/2019/10xxx/CVE-2019-10852.json +++ b/2019/10xxx/CVE-2019-10852.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10852", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10852", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/index.php/download_file/view/196/165", + "url": "https://applied-risk.com/index.php/download_file/view/196/165" } ] } diff --git a/2019/10xxx/CVE-2019-10853.json b/2019/10xxx/CVE-2019-10853.json index df4e3b8a916..83a527542b8 100644 --- a/2019/10xxx/CVE-2019-10853.json +++ b/2019/10xxx/CVE-2019-10853.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10853", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10853", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Computrols CBAS 18.0.0 allows Authentication Bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/index.php/download_file/view/196/165", + "url": "https://applied-risk.com/index.php/download_file/view/196/165" } ] } diff --git a/2019/10xxx/CVE-2019-10854.json b/2019/10xxx/CVE-2019-10854.json index 6f292bb51c4..6b71685fd90 100644 --- a/2019/10xxx/CVE-2019-10854.json +++ b/2019/10xxx/CVE-2019-10854.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10854", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Computrols CBAS 18.0.0 allows Authenticated Command Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/index.php/download_file/view/196/165", + "url": "https://applied-risk.com/index.php/download_file/view/196/165" } ] } diff --git a/2019/10xxx/CVE-2019-10855.json b/2019/10xxx/CVE-2019-10855.json index d07be32c3a3..b09cbb62a90 100644 --- a/2019/10xxx/CVE-2019-10855.json +++ b/2019/10xxx/CVE-2019-10855.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/index.php/download_file/view/196/165", + "url": "https://applied-risk.com/index.php/download_file/view/196/165" } ] } diff --git a/2019/10xxx/CVE-2019-10866.json b/2019/10xxx/CVE-2019-10866.json index 1e667e69978..edfdb7d3544 100644 --- a/2019/10xxx/CVE-2019-10866.json +++ b/2019/10xxx/CVE-2019-10866.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10866", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10866", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/form-maker/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/form-maker/#developers" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/May/8", + "url": "http://seclists.org/fulldisclosure/2019/May/8" } ] } diff --git a/2019/12xxx/CVE-2019-12308.json b/2019/12xxx/CVE-2019-12308.json new file mode 100644 index 00000000000..f53b2fe6924 --- /dev/null +++ b/2019/12xxx/CVE-2019-12308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7317.json b/2019/7xxx/CVE-2019-7317.json index a78f707eb40..4e182e31d9a 100644 --- a/2019/7xxx/CVE-2019-7317.json +++ b/2019/7xxx/CVE-2019-7317.json @@ -116,6 +116,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:1265", "url": "https://access.redhat.com/errata/RHSA-2019:1265" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1267", + "url": "https://access.redhat.com/errata/RHSA-2019:1267" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1269", + "url": "https://access.redhat.com/errata/RHSA-2019:1269" } ] } diff --git a/2019/8xxx/CVE-2019-8339.json b/2019/8xxx/CVE-2019-8339.json index 9e14befa76b..8fe4ea606d8 100644 --- a/2019/8xxx/CVE-2019-8339.json +++ b/2019/8xxx/CVE-2019-8339.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Sysdig through 0.24.2, as used in Falco through 0.14.0 and other products. A bypass allows local users to run malicious code without being detected because record_event_consumer in driver/main.c in sysdig-probe.ko (and falco-probe.ko) mishandles a free space calculation." + "value": "An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine." } ] }, diff --git a/2019/9xxx/CVE-2019-9797.json b/2019/9xxx/CVE-2019-9797.json index e2b146d5d63..5a1aa01d458 100644 --- a/2019/9xxx/CVE-2019-9797.json +++ b/2019/9xxx/CVE-2019-9797.json @@ -36,6 +36,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1265", "url": "https://access.redhat.com/errata/RHSA-2019:1265" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1267", + "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ] },