diff --git a/2018/18xxx/CVE-2018-18643.json b/2018/18xxx/CVE-2018-18643.json index 3b1f3f5678c..dba3d74ab2f 100644 --- a/2018/18xxx/CVE-2018-18643.json +++ b/2018/18xxx/CVE-2018-18643.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18643", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/" + }, + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53385", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53385" } ] } diff --git a/2018/19xxx/CVE-2018-19359.json b/2018/19xxx/CVE-2018-19359.json index e8ccc787ae4..69fc8ced3e7 100644 --- a/2018/19xxx/CVE-2018-19359.json +++ b/2018/19xxx/CVE-2018-19359.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19359", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/" + }, + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54189", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54189" } ] } diff --git a/2019/11xxx/CVE-2019-11488.json b/2019/11xxx/CVE-2019-11488.json index a661805e7ed..ac84bdece5e 100644 --- a/2019/11xxx/CVE-2019-11488.json +++ b/2019/11xxx/CVE-2019-11488.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11488", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11488", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cybrgrade.com/files/Report_SimplyBookIt_MD5_Hash_Replay_by_CybrGradeUKLtd.pdf", + "refsource": "MISC", + "name": "https://cybrgrade.com/files/Report_SimplyBookIt_MD5_Hash_Replay_by_CybrGradeUKLtd.pdf" + }, + { + "refsource": "MISC", + "name": "https://blog.cybrgrade.com/CVE-2019-11488-SimplyBook.me-hash-replay-attack/", + "url": "https://blog.cybrgrade.com/CVE-2019-11488-SimplyBook.me-hash-replay-attack/" } ] } diff --git a/2019/11xxx/CVE-2019-11489.json b/2019/11xxx/CVE-2019-11489.json index e82a47a03d9..dc321c6f3af 100644 --- a/2019/11xxx/CVE-2019-11489.json +++ b/2019/11xxx/CVE-2019-11489.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11489", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11489", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cybrgrade.com/files/Report_SimplyBookIt_Privesc_by_CybrGradeUKLtd.pdf", + "refsource": "MISC", + "name": "https://cybrgrade.com/files/Report_SimplyBookIt_Privesc_by_CybrGradeUKLtd.pdf" + }, + { + "refsource": "MISC", + "name": "https://blog.cybrgrade.com/CVE-2019-11489-SimplyBook.me-privesc/", + "url": "https://blog.cybrgrade.com/CVE-2019-11489-SimplyBook.me-privesc/" } ] } diff --git a/2019/3xxx/CVE-2019-3720.json b/2019/3xxx/CVE-2019-3720.json index 91adda84487..0676c48b3e6 100644 --- a/2019/3xxx/CVE-2019-3720.json +++ b/2019/3xxx/CVE-2019-3720.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", + "ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-04-24T05:00:00.000Z", "ID": "CVE-2019-3720", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters. " + "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters." } ] }, @@ -82,8 +82,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en" + "refsource": "MISC", + "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en", + "name": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en" } ] }, diff --git a/2019/3xxx/CVE-2019-3721.json b/2019/3xxx/CVE-2019-3721.json index e93537d6706..b42e9c44f76 100644 --- a/2019/3xxx/CVE-2019-3721.json +++ b/2019/3xxx/CVE-2019-3721.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", + "ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-04-24T05:00:00.000Z", "ID": "CVE-2019-3721", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system. " + "value": "Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system." } ] }, @@ -82,8 +82,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en" + "refsource": "MISC", + "url": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en", + "name": "https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en" } ] }, diff --git a/2019/3xxx/CVE-2019-3788.json b/2019/3xxx/CVE-2019-3788.json index dc33f56235d..4a83ef58ebc 100644 --- a/2019/3xxx/CVE-2019-3788.json +++ b/2019/3xxx/CVE-2019-3788.json @@ -1,104 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-04-15T00:00:00.000Z", - "ID": "CVE-2019-3788", - "STATE": "PUBLIC", - "TITLE": "UAA redirect-uri allows wildcard in the subdomain" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "UAA Release (OSS)", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "All", - "version_value": "v71.0" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-15T00:00:00.000Z", + "ID": "CVE-2019-3788", + "STATE": "PUBLIC", + "TITLE": "UAA redirect-uri allows wildcard in the subdomain" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UAA Release (OSS)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "v71.0" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + }, + { + "product": { + "product_data": [ + { + "product_name": "Pivotal Application Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.5", + "version_value": "2.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" } - } ] - }, - "vendor_name": "Cloud Foundry" - }, - { - "product": { - "product_data": [ - { - "product_name": "Pivotal Application Service", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "2.5", - "version_value": "2.5.1" - } - ] - } - } - ] - }, - "vendor_name": "Pivotal" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. " - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-601: Open Redirect" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://www.cloudfoundry.org/blog/cve-2019-3788", - "name": "https://www.cloudfoundry.org/blog/cve-2019-3788" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2019-3788", + "name": "https://www.cloudfoundry.org/blog/cve-2019-3788" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3801.json b/2019/3xxx/CVE-2019-3801.json index c2921977c28..2fdd8e64857 100644 --- a/2019/3xxx/CVE-2019-3801.json +++ b/2019/3xxx/CVE-2019-3801.json @@ -1,138 +1,138 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-04-25T00:00:00.000Z", - "ID": "CVE-2019-3801", - "STATE": "PUBLIC", - "TITLE": "Java Projects using HTTP to fetch dependencies" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "CredHub", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "2.1", - "version_value": "2.1.3" - }, - { - "affected": "<", - "version_name": "1.9", - "version_value": "1.9.10" - } - ] - } - }, - { - "product_name": "UAA Release (OSS)", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "All", - "version_value": "v64.0" - } - ] - } - }, - { - "product_name": "cf-deployment", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "All", - "version_value": "v7.9.0" - } - ] - } - } - ] - }, - "vendor_name": "Cloud Foundry" - }, - { - "product": { - "product_data": [ - { - "product_name": "UAA Release (LTS)", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "v60", - "version_value": "v60.2" - }, - { - "affected": "<", - "version_name": "v64", - "version_value": "v64.1" - } - ] - } - } - ] - }, - "vendor_name": "Pivotal" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-494: Download of Code Without Integrity Check" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://www.cloudfoundry.org/blog/cve-2019-3801", - "name": "https://www.cloudfoundry.org/blog/cve-2019-3801" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "version": "3.0" - } - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-25T00:00:00.000Z", + "ID": "CVE-2019-3801", + "STATE": "PUBLIC", + "TITLE": "Java Projects using HTTP to fetch dependencies" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CredHub", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.1", + "version_value": "2.1.3" + }, + { + "affected": "<", + "version_name": "1.9", + "version_value": "1.9.10" + } + ] + } + }, + { + "product_name": "UAA Release (OSS)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "v64.0" + } + ] + } + }, + { + "product_name": "cf-deployment", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "v7.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + }, + { + "product": { + "product_data": [ + { + "product_name": "UAA Release (LTS)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "v60", + "version_value": "v60.2" + }, + { + "affected": "<", + "version_name": "v64", + "version_value": "v64.1" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494: Download of Code Without Integrity Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2019-3801", + "name": "https://www.cloudfoundry.org/blog/cve-2019-3801" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.0" + } + } } \ No newline at end of file