From 6d81adf6738794d80760aa60b4ee4110c4447ea2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Oct 2019 19:01:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2009/3xxx/CVE-2009-3723.json | 60 ++++++++++- 2009/3xxx/CVE-2009-3887.json | 70 ++++++++++++- 2010/3xxx/CVE-2010-3373.json | 58 ++++++++++- 2010/3xxx/CVE-2010-3375.json | 58 ++++++++++- 2011/2xxx/CVE-2011-2538.json | 50 ++++++++- 2011/4xxx/CVE-2011-4931.json | 60 ++++++++++- 2012/0xxx/CVE-2012-0046.json | 60 ++++++++++- 2012/1xxx/CVE-2012-1187.json | 65 +++++++++++- 2012/2xxx/CVE-2012-2945.json | 53 +++++++++- 2017/5xxx/CVE-2017-5678.json | 14 +-- 2017/9xxx/CVE-2017-9418.json | 5 - 2017/9xxx/CVE-2017-9419.json | 5 - 2017/9xxx/CVE-2017-9420.json | 5 - 2017/9xxx/CVE-2017-9429.json | 5 - 2017/9xxx/CVE-2017-9603.json | 5 - 2019/0xxx/CVE-2019-0205.json | 58 +++++++++-- 2019/0xxx/CVE-2019-0210.json | 58 +++++++++-- 2019/10xxx/CVE-2019-10208.json | 7 +- 2019/10xxx/CVE-2019-10209.json | 7 +- 2019/10xxx/CVE-2019-10210.json | 7 +- 2019/10xxx/CVE-2019-10211.json | 9 +- 2019/10xxx/CVE-2019-10743.json | 60 ++++++++++- 2019/10xxx/CVE-2019-10748.json | 66 +++++++++++- 2019/11xxx/CVE-2019-11043.json | 20 ++++ 2019/13xxx/CVE-2019-13117.json | 5 + 2019/13xxx/CVE-2019-13118.json | 5 + 2019/13xxx/CVE-2019-13139.json | 5 + 2019/14xxx/CVE-2019-14287.json | 5 + 2019/15xxx/CVE-2019-15587.json | 5 + 2019/15xxx/CVE-2019-15903.json | 5 + 2019/16xxx/CVE-2019-16391.json | 5 + 2019/16xxx/CVE-2019-16392.json | 5 + 2019/16xxx/CVE-2019-16393.json | 5 + 2019/16xxx/CVE-2019-16394.json | 5 + 2019/17xxx/CVE-2019-17543.json | 10 ++ 2019/18xxx/CVE-2019-18187.json | 120 +++++++++++----------- 2019/18xxx/CVE-2019-18188.json | 120 +++++++++++----------- 2019/18xxx/CVE-2019-18189.json | 120 +++++++++++----------- 2019/18xxx/CVE-2019-18217.json | 5 + 2019/18xxx/CVE-2019-18418.json | 5 + 2019/18xxx/CVE-2019-18601.json | 62 +++++++++++ 2019/18xxx/CVE-2019-18602.json | 62 +++++++++++ 2019/18xxx/CVE-2019-18603.json | 62 +++++++++++ 2019/18xxx/CVE-2019-18604.json | 62 +++++++++++ 2019/3xxx/CVE-2019-3976.json | 58 +++++++++-- 2019/3xxx/CVE-2019-3977.json | 58 +++++++++-- 2019/3xxx/CVE-2019-3978.json | 58 +++++++++-- 2019/3xxx/CVE-2019-3979.json | 58 +++++++++-- 2019/4xxx/CVE-2019-4306.json | 176 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4307.json | 176 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4309.json | 174 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4311.json | 174 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4314.json | 176 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4329.json | 176 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4330.json | 176 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4339.json | 176 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4546.json | 176 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4600.json | 182 ++++++++++++++++----------------- 2019/5xxx/CVE-2019-5533.json | 58 +++++++++-- 59 files changed, 2417 insertions(+), 1178 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18601.json create mode 100644 2019/18xxx/CVE-2019-18602.json create mode 100644 2019/18xxx/CVE-2019-18603.json create mode 100644 2019/18xxx/CVE-2019-18604.json diff --git a/2009/3xxx/CVE-2009-3723.json b/2009/3xxx/CVE-2009-3723.json index f1db8481d00..53580880ed3 100644 --- a/2009/3xxx/CVE-2009-3723.json +++ b/2009/3xxx/CVE-2009-3723.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3723", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "asterisk", + "product": { + "product_data": [ + { + "product_name": "asterisk", + "version": { + "version_data": [ + { + "version_value": "All 1.6.1 versions" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "asterisk allows calls on prohibited networks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "calls allowed on prohibited networks in asterisk" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2009-3723", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2009-3723" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2009-3723", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2009-3723" + }, + { + "refsource": "MISC", + "name": "http://downloads.asterisk.org/pub/security/AST-2009-007.html", + "url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html" } ] } diff --git a/2009/3xxx/CVE-2009-3887.json b/2009/3xxx/CVE-2009-3887.json index e1398486ab8..7286778564e 100644 --- a/2009/3xxx/CVE-2009-3887.json +++ b/2009/3xxx/CVE-2009-3887.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3887", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ytnef", + "product": { + "product_data": [ + { + "product_name": "ytnef", + "version": { + "version_data": [ + { + "version_value": "through 2009-09-07 (Fixed In Version: 2.8)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ytnef has directory traversal" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2009-3887", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2009-3887" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3887", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3887" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2009-3887", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2009-3887" + }, + { + "refsource": "MISC", + "name": "http://ocert.org/advisories/ocert-2009-013.html", + "url": "http://ocert.org/advisories/ocert-2009-013.html" + }, + { + "refsource": "MISC", + "name": "https://www.akitasecurity.nl/advisory.php?id=AK20090601", + "url": "https://www.akitasecurity.nl/advisory.php?id=AK20090601" } ] } diff --git a/2010/3xxx/CVE-2010-3373.json b/2010/3xxx/CVE-2010-3373.json index c0ab4c2fba0..0d05e1fc74f 100644 --- a/2010/3xxx/CVE-2010-3373.json +++ b/2010/3xxx/CVE-2010-3373.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3373", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "paxtest handles temporary files insecurely" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3373", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3373" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598413", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598413" + }, + { + "refsource": "MISC", + "name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3373.html", + "url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3373.html" } ] } diff --git a/2010/3xxx/CVE-2010-3375.json b/2010/3xxx/CVE-2010-3375.json index 0781630c6db..204f8d53b33 100644 --- a/2010/3xxx/CVE-2010-3375.json +++ b/2010/3xxx/CVE-2010-3375.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3375", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "qtparted has insecure library loading which may allow arbitrary code execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3375", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3375" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598301" + }, + { + "refsource": "MISC", + "name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html", + "url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html" } ] } diff --git a/2011/2xxx/CVE-2011-2538.json b/2011/2xxx/CVE-2011-2538.json index a2eae9488d0..58ee2e4f5fd 100644 --- a/2011/2xxx/CVE-2011-2538.json +++ b/2011/2xxx/CVE-2011-2538.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-2538", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Video Communications Server (VCS)", + "version": { + "version_data": [ + { + "version_value": "X7.0.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf", + "url": "https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/release_note/Cisco_VCS_Release_Note_X7-0-3.pdf" } ] } diff --git a/2011/4xxx/CVE-2011-4931.json b/2011/4xxx/CVE-2011-4931.json index 2057a430623..bad265a6863 100644 --- a/2011/4xxx/CVE-2011-4931.json +++ b/2011/4xxx/CVE-2011-4931.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4931", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gpw", + "version": { + "version_data": [ + { + "version_value": "0.0.19940601-8.1" + } + ] + } + } + ] + }, + "vendor_name": "gpw" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gpw generates shorter passwords than required" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNKNOWN_TYPE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2011-4931", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2011-4931" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2011-4931", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2011-4931" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/01/17/13", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/17/13" } ] } diff --git a/2012/0xxx/CVE-2012-0046.json b/2012/0xxx/CVE-2012-0046.json index 5c034151843..33c87f62caa 100644 --- a/2012/0xxx/CVE-2012-0046.json +++ b/2012/0xxx/CVE-2012-0046.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0046", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mediawiki", + "product": { + "product_data": [ + { + "product_name": "mediawiki", + "version": { + "version_data": [ + { + "version_value": "1.16" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mediawiki allows deleted text to be exposed" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "info leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-0046", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-0046" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-0046", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-0046" } ] } diff --git a/2012/1xxx/CVE-2012-1187.json b/2012/1xxx/CVE-2012-1187.json index 373a72c785e..450eab0003a 100644 --- a/2012/1xxx/CVE-2012-1187.json +++ b/2012/1xxx/CVE-2012-1187.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1187", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bitlbee", + "product": { + "product_data": [ + { + "product_name": "Bitlbee", + "version": { + "version_data": [ + { + "version_value": "3.0.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bitlbee does not drop extra group privileges correctly in unix.c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "does not drop extra group privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-1187", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-1187" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-1187", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-1187" + }, + { + "refsource": "MISC", + "name": "https://bugs.bitlbee.org/ticket/852", + "url": "https://bugs.bitlbee.org/ticket/852" } ] } diff --git a/2012/2xxx/CVE-2012-2945.json b/2012/2xxx/CVE-2012-2945.json index 03df7162960..aae11e9976c 100644 --- a/2012/2xxx/CVE-2012-2945.json +++ b/2012/2xxx/CVE-2012-2945.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hadoop 1.0.3 contains a symlink vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-2945", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-2945" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2012/Jul/3", + "url": "https://seclists.org/fulldisclosure/2012/Jul/3" } ] } diff --git a/2017/5xxx/CVE-2017-5678.json b/2017/5xxx/CVE-2017-5678.json index 9a6d881483d..39636daf55c 100644 --- a/2017/5xxx/CVE-2017-5678.json +++ b/2017/5xxx/CVE-2017-5678.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-5678", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5678", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-13069. Reason: This candidate is a reservation duplicate of CVE-2017-13069. Notes: All CVE users should reference CVE-2017-13069 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2017/9xxx/CVE-2017-9418.json b/2017/9xxx/CVE-2017-9418.json index 9f2350b09e7..66827991db9 100644 --- a/2017/9xxx/CVE-2017-9418.json +++ b/2017/9xxx/CVE-2017-9418.json @@ -61,11 +61,6 @@ "name": "42166", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42166/" - }, - { - "name": "http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/", - "refsource": "MISC", - "url": "http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/" } ] } diff --git a/2017/9xxx/CVE-2017-9419.json b/2017/9xxx/CVE-2017-9419.json index d9ebdecea0d..89d7f737099 100644 --- a/2017/9xxx/CVE-2017-9419.json +++ b/2017/9xxx/CVE-2017-9419.json @@ -56,11 +56,6 @@ "name": "https://wpvulndb.com/vulnerabilities/8848", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8848" - }, - { - "name": "http://dtsa.eu/cve-2017-9419-wordpress-wp-custom-fields-search-v-0-3-28-reflected-cross-site-scripting-xss/", - "refsource": "MISC", - "url": "http://dtsa.eu/cve-2017-9419-wordpress-wp-custom-fields-search-v-0-3-28-reflected-cross-site-scripting-xss/" } ] } diff --git a/2017/9xxx/CVE-2017-9420.json b/2017/9xxx/CVE-2017-9420.json index c1253b624dd..7b6a1a1b61d 100644 --- a/2017/9xxx/CVE-2017-9420.json +++ b/2017/9xxx/CVE-2017-9420.json @@ -57,11 +57,6 @@ "refsource": "MISC", "url": "http://spiffycalendar.sunnythemes.com/version-3-3-0/" }, - { - "name": "http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/", - "refsource": "MISC", - "url": "http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/" - }, { "name": "https://wpvulndb.com/vulnerabilities/8842", "refsource": "MISC", diff --git a/2017/9xxx/CVE-2017-9429.json b/2017/9xxx/CVE-2017-9429.json index 50b832e096c..3742f70c0e4 100644 --- a/2017/9xxx/CVE-2017-9429.json +++ b/2017/9xxx/CVE-2017-9429.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "name": "http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-injection-sqli/", - "refsource": "MISC", - "url": "http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-injection-sqli/" - }, { "name": "42173", "refsource": "EXPLOIT-DB", diff --git a/2017/9xxx/CVE-2017-9603.json b/2017/9xxx/CVE-2017-9603.json index f4322c480ff..2b2cd42b082 100644 --- a/2017/9xxx/CVE-2017-9603.json +++ b/2017/9xxx/CVE-2017-9603.json @@ -57,11 +57,6 @@ "refsource": "MISC", "url": "https://wordpress.org/plugins/wp-jobs/#developers" }, - { - "name": "http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/", - "refsource": "MISC", - "url": "http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/" - }, { "name": "42172", "refsource": "EXPLOIT-DB", diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index b2ace65870c..2c8bc35c4b9 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0205", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0205", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Thrift", + "version": { + "version_data": [ + { + "version_value": "all versions up to and including 0.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential DoS when processing untrusted Thrift payloads" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E", + "url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings." } ] } diff --git a/2019/0xxx/CVE-2019-0210.json b/2019/0xxx/CVE-2019-0210.json index 929cb2394f0..5e1b90d8f19 100644 --- a/2019/0xxx/CVE-2019-0210.json +++ b/2019/0xxx/CVE-2019-0210.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0210", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0210", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Thrift", + "version": { + "version_data": [ + { + "version_value": "0.9.3 to 0.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E", + "url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data." } ] } diff --git a/2019/10xxx/CVE-2019-10208.json b/2019/10xxx/CVE-2019-10208.json index 104c5804463..07e4d373eb0 100644 --- a/2019/10xxx/CVE-2019-10208.json +++ b/2019/10xxx/CVE-2019-10208.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10208", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -61,6 +62,8 @@ "refsource": "CONFIRM" }, { + "refsource": "CONFIRM", + "name": "https://www.postgresql.org/about/news/1960/", "url": "https://www.postgresql.org/about/news/1960/" } ] @@ -83,4 +86,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10209.json b/2019/10xxx/CVE-2019-10209.json index 1dce5e3935e..c698a64520f 100644 --- a/2019/10xxx/CVE-2019-10209.json +++ b/2019/10xxx/CVE-2019-10209.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10209", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -57,6 +58,8 @@ "refsource": "CONFIRM" }, { + "refsource": "CONFIRM", + "name": "https://www.postgresql.org/about/news/1960/", "url": "https://www.postgresql.org/about/news/1960/" } ] @@ -79,4 +82,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10210.json b/2019/10xxx/CVE-2019-10210.json index c922cd74727..84b33cdeeb1 100644 --- a/2019/10xxx/CVE-2019-10210.json +++ b/2019/10xxx/CVE-2019-10210.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10210", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -61,6 +62,8 @@ "refsource": "CONFIRM" }, { + "refsource": "CONFIRM", + "name": "https://www.postgresql.org/about/news/1960/", "url": "https://www.postgresql.org/about/news/1960/" } ] @@ -83,4 +86,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10211.json b/2019/10xxx/CVE-2019-10211.json index 7993a34252d..020119d81c1 100644 --- a/2019/10xxx/CVE-2019-10211.json +++ b/2019/10xxx/CVE-2019-10211.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10211", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -61,6 +62,8 @@ "refsource": "CONFIRM" }, { + "refsource": "CONFIRM", + "name": "https://www.postgresql.org/about/news/1960/", "url": "https://www.postgresql.org/about/news/1960/" } ] @@ -69,7 +72,7 @@ "description_data": [ { "lang": "eng", - "value": "Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory." + "value": "Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory." } ] }, @@ -83,4 +86,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10743.json b/2019/10xxx/CVE-2019-10743.json index 9e8a41f9bbb..acac1a95afb 100644 --- a/2019/10xxx/CVE-2019-10743.json +++ b/2019/10xxx/CVE-2019-10743.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "github.com/mholt/archiver/cmd/arc", + "version": { + "version_data": [ + { + "version_value": "versions 3.0.0 and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Write via Archive Extraction (Zip Slip)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/research/zip-slip-vulnerability", + "url": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728,", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728," + }, + { + "refsource": "MISC", + "name": "https://github.com/mholt/archiver/pull/169,", + "url": "https://github.com/mholt/archiver/pull/169," + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip). The package is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder." } ] } diff --git a/2019/10xxx/CVE-2019-10748.json b/2019/10xxx/CVE-2019-10748.json index b550a5ebceb..dae8d102bc3 100644 --- a/2019/10xxx/CVE-2019-10748.json +++ b/2019/10xxx/CVE-2019-10748.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Sequelize", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 3.35.1" + }, + { + "version_value": "All versions prior to 4.44.3" + }, + { + "version_value": "All versions prior to 5.8.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221", + "url": "https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221" + }, + { + "refsource": "MISC", + "name": "https://github.com/sequelize/sequelize/commit/a72a3f5,", + "url": "https://github.com/sequelize/sequelize/commit/a72a3f5," + }, + { + "refsource": "MISC", + "name": "https://github.com/sequelize/sequelize/pull/11089,", + "url": "https://github.com/sequelize/sequelize/pull/11089," + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects." } ] } diff --git a/2019/11xxx/CVE-2019-11043.json b/2019/11xxx/CVE-2019-11043.json index fd0bec99c06..55c84d948f2 100644 --- a/2019/11xxx/CVE-2019-11043.json +++ b/2019/11xxx/CVE-2019-11043.json @@ -106,6 +106,26 @@ "refsource": "CONFIRM", "name": "https://bugs.php.net/bug.php?id=78599", "url": "https://bugs.php.net/bug.php?id=78599" + }, + { + "refsource": "UBUNTU", + "name": "USN-4166-1", + "url": "https://usn.ubuntu.com/4166-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4552", + "url": "https://www.debian.org/security/2019/dsa-4552" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4553", + "url": "https://www.debian.org/security/2019/dsa-4553" + }, + { + "refsource": "UBUNTU", + "name": "USN-4166-2", + "url": "https://usn.ubuntu.com/4166-2/" } ] }, diff --git a/2019/13xxx/CVE-2019-13117.json b/2019/13xxx/CVE-2019-13117.json index fd5a4e9cb93..98bfba8deb4 100644 --- a/2019/13xxx/CVE-2019-13117.json +++ b/2019/13xxx/CVE-2019-13117.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4164-1", "url": "https://usn.ubuntu.com/4164-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-fdf6ec39b4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" } ] } diff --git a/2019/13xxx/CVE-2019-13118.json b/2019/13xxx/CVE-2019-13118.json index 423117c2708..6a91c0412a6 100644 --- a/2019/13xxx/CVE-2019-13118.json +++ b/2019/13xxx/CVE-2019-13118.json @@ -221,6 +221,11 @@ "refsource": "UBUNTU", "name": "USN-4164-1", "url": "https://usn.ubuntu.com/4164-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-fdf6ec39b4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" } ] } diff --git a/2019/13xxx/CVE-2019-13139.json b/2019/13xxx/CVE-2019-13139.json index 029c1cfaa22..affbd0b23c6 100644 --- a/2019/13xxx/CVE-2019-13139.json +++ b/2019/13xxx/CVE-2019-13139.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update", "url": "https://seclists.org/bugtraq/2019/Sep/21" + }, + { + "refsource": "REDHAT", + "name": "RHBA-2019:3092", + "url": "https://access.redhat.com/errata/RHBA-2019:3092" } ] } diff --git a/2019/14xxx/CVE-2019-14287.json b/2019/14xxx/CVE-2019-14287.json index 062df7a60e3..8bd50d9845f 100644 --- a/2019/14xxx/CVE-2019-14287.json +++ b/2019/14xxx/CVE-2019-14287.json @@ -146,6 +146,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3204", "url": "https://access.redhat.com/errata/RHSA-2019:3204" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3209", + "url": "https://access.redhat.com/errata/RHSA-2019:3209" } ] } diff --git a/2019/15xxx/CVE-2019-15587.json b/2019/15xxx/CVE-2019-15587.json index 952187d7eac..3c0bda49f78 100644 --- a/2019/15xxx/CVE-2019-15587.json +++ b/2019/15xxx/CVE-2019-15587.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://github.com/flavorjones/loofah/issues/171", "url": "https://github.com/flavorjones/loofah/issues/171" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4554", + "url": "https://www.debian.org/security/2019/dsa-4554" } ] }, diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index 0c1f6a57502..0013383aaff 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -156,6 +156,11 @@ "refsource": "DEBIAN", "name": "DSA-4549", "url": "https://www.debian.org/security/2019/dsa-4549" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3210", + "url": "https://access.redhat.com/errata/RHSA-2019:3210" } ] } diff --git a/2019/16xxx/CVE-2019-16391.json b/2019/16xxx/CVE-2019-16391.json index e483c4a1d5e..4f5d2fbb672 100644 --- a/2019/16xxx/CVE-2019-16391.json +++ b/2019/16xxx/CVE-2019-16391.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr", "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html?lang=fr" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" } ] } diff --git a/2019/16xxx/CVE-2019-16392.json b/2019/16xxx/CVE-2019-16392.json index 200054dfed2..7fc1e2ee02c 100644 --- a/2019/16xxx/CVE-2019-16392.json +++ b/2019/16xxx/CVE-2019-16392.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4532", "url": "https://www.debian.org/security/2019/dsa-4532" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" } ] } diff --git a/2019/16xxx/CVE-2019-16393.json b/2019/16xxx/CVE-2019-16393.json index ac0fc0ea4c8..6529051b985 100644 --- a/2019/16xxx/CVE-2019-16393.json +++ b/2019/16xxx/CVE-2019-16393.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4532", "url": "https://www.debian.org/security/2019/dsa-4532" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" } ] } diff --git a/2019/16xxx/CVE-2019-16394.json b/2019/16xxx/CVE-2019-16394.json index 0c495219164..347bdc8829d 100644 --- a/2019/16xxx/CVE-2019-16394.json +++ b/2019/16xxx/CVE-2019-16394.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4532", "url": "https://www.debian.org/security/2019/dsa-4532" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html" } ] } diff --git a/2019/17xxx/CVE-2019-17543.json b/2019/17xxx/CVE-2019-17543.json index 218282db5a2..bd8bd98b2d3 100644 --- a/2019/17xxx/CVE-2019-17543.json +++ b/2019/17xxx/CVE-2019-17543.json @@ -101,6 +101,16 @@ "refsource": "MLIST", "name": "[arrow-issues] 20191025 [jira] [Commented] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543", "url": "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2399", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2398", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html" } ] } diff --git a/2019/18xxx/CVE-2019-18187.json b/2019/18xxx/CVE-2019-18187.json index 41ff9f25acd..b9b3454548b 100644 --- a/2019/18xxx/CVE-2019-18187.json +++ b/2019/18xxx/CVE-2019-18187.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-18187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan", - "version" : { - "version_data" : [ - { - "version_value" : "Version 11.0, XG (12.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary File Upload with Directory Traversal" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000151730" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-18187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan", + "version": { + "version_data": [ + { + "version_value": "Version 11.0, XG (12.0)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload with Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000151730", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000151730" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18188.json b/2019/18xxx/CVE-2019-18188.json index 4a9c4fa6acb..af325c5e0cb 100644 --- a/2019/18xxx/CVE-2019-18188.json +++ b/2019/18xxx/CVE-2019-18188.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-18188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Apex One", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.\r\n" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary File Upload with Command Injection" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000151731" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-18188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload with Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000151731", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000151731" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18189.json b/2019/18xxx/CVE-2019-18189.json index 24bcae10cc5..9fd738ea2a8 100644 --- a/2019/18xxx/CVE-2019-18189.json +++ b/2019/18xxx/CVE-2019-18189.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-18189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS)", - "version" : { - "version_data" : [ - { - "version_value" : "Apex One (All), OSCE (11.0, XG), WFBS (9.5, 10.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.\r\n" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Root Login Bypass with Directory Traversal" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000151732" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-18189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS)", + "version": { + "version_data": [ + { + "version_value": "Apex One (All), OSCE (11.0, XG), WFBS (9.5, 10.0)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Root Login Bypass with Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000151732", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000151732" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18217.json b/2019/18xxx/CVE-2019-18217.json index 9e7d2a21e1e..f79d1e99542 100644 --- a/2019/18xxx/CVE-2019-18217.json +++ b/2019/18xxx/CVE-2019-18217.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-848e410cfb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7559f29ace", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2/" } ] } diff --git a/2019/18xxx/CVE-2019-18418.json b/2019/18xxx/CVE-2019-18418.json index 308e0ebbbc7..3c527170e9c 100644 --- a/2019/18xxx/CVE-2019-18418.json +++ b/2019/18xxx/CVE-2019-18418.json @@ -56,6 +56,11 @@ "url": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability", "refsource": "MISC", "name": "https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html", + "url": "http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html" } ] } diff --git a/2019/18xxx/CVE-2019-18601.json b/2019/18xxx/CVE-2019-18601.json new file mode 100644 index 00000000000..64ab3e7ac4c --- /dev/null +++ b/2019/18xxx/CVE-2019-18601.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt", + "refsource": "MISC", + "name": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18602.json b/2019/18xxx/CVE-2019-18602.json new file mode 100644 index 00000000000..f838863f5fa --- /dev/null +++ b/2019/18xxx/CVE-2019-18602.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt", + "refsource": "MISC", + "name": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18603.json b/2019/18xxx/CVE-2019-18603.json new file mode 100644 index 00000000000..8a2dc003f9e --- /dev/null +++ b/2019/18xxx/CVE-2019-18603.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt", + "refsource": "MISC", + "name": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18604.json b/2019/18xxx/CVE-2019-18604.json new file mode 100644 index 00000000000..2f4c6bbf350 --- /dev/null +++ b/2019/18xxx/CVE-2019-18604.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a", + "refsource": "MISC", + "name": "https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3976.json b/2019/3xxx/CVE-2019-3976.json index 00ac3a1eac7..be649376b47 100644 --- a/2019/3xxx/CVE-2019-3976.json +++ b/2019/3xxx/CVE-2019-3976.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3976", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3976", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MikroTik RouterOS", + "version": { + "version_data": [ + { + "version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23 Relative path traversal." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-46", + "url": "https://www.tenable.com/security/research/tra-2019-46" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled." } ] } diff --git a/2019/3xxx/CVE-2019-3977.json b/2019/3xxx/CVE-2019-3977.json index 107ed9d2e61..d39fda457aa 100644 --- a/2019/3xxx/CVE-2019-3977.json +++ b/2019/3xxx/CVE-2019-3977.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3977", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3977", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MikroTik RouterOS", + "version": { + "version_data": [ + { + "version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Insufficient checks on origin" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-46", + "url": "https://www.tenable.com/security/research/tra-2019-46" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system's usernames and passwords." } ] } diff --git a/2019/3xxx/CVE-2019-3978.json b/2019/3xxx/CVE-2019-3978.json index fe2a30023bf..ec0ed68a6d0 100644 --- a/2019/3xxx/CVE-2019-3978.json +++ b/2019/3xxx/CVE-2019-3978.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3978", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3978", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MikroTik RouterOS", + "version": { + "version_data": [ + { + "version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-46", + "url": "https://www.tenable.com/security/research/tra-2019-46" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning" } ] } diff --git a/2019/3xxx/CVE-2019-3979.json b/2019/3xxx/CVE-2019-3979.json index 06fb330416d..20dde680160 100644 --- a/2019/3xxx/CVE-2019-3979.json +++ b/2019/3xxx/CVE-2019-3979.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3979", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3979", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MikroTik RouterOS", + "version": { + "version_data": [ + { + "version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-46", + "url": "https://www.tenable.com/security/research/tra-2019-46" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records." } ] } diff --git a/2019/4xxx/CVE-2019-4306.json b/2019/4xxx/CVE-2019-4306.json index fc032a0b2ca..16dedb580c5 100644 --- a/2019/4xxx/CVE-2019-4306.json +++ b/2019/4xxx/CVE-2019-4306.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - }, - "product_name" : "Security Guardium Big Data Intelligence" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1096396 (Security Guardium Big Data Intelligence)", - "url" : "https://www.ibm.com/support/pages/node/1096396", - "name" : "https://www.ibm.com/support/pages/node/1096396" - }, - { - "name" : "ibm-guardium-cve20194306-access-control (160986)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160986", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "6.500", - "PR" : "N", - "I" : "L", - "AC" : "L", - "S" : "U", - "A" : "N", - "AV" : "N", - "UI" : "N", - "C" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986." - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4306", - "DATE_PUBLIC" : "2019-10-22T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + }, + "product_name": "Security Guardium Big Data Intelligence" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1096396 (Security Guardium Big Data Intelligence)", + "url": "https://www.ibm.com/support/pages/node/1096396", + "name": "https://www.ibm.com/support/pages/node/1096396" + }, + { + "name": "ibm-guardium-cve20194306-access-control (160986)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160986", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "6.500", + "PR": "N", + "I": "L", + "AC": "L", + "S": "U", + "A": "N", + "AV": "N", + "UI": "N", + "C": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986." + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4306", + "DATE_PUBLIC": "2019-10-22T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4307.json b/2019/4xxx/CVE-2019-4307.json index 3cde6457b3c..2c869616128 100644 --- a/2019/4xxx/CVE-2019-4307.json +++ b/2019/4xxx/CVE-2019-4307.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium Big Data Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4307", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-22T00:00:00", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium Big Data Intelligence", + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "C" : "H", - "UI" : "N", - "AV" : "L", - "PR" : "N", - "I" : "N", - "SCORE" : "5.100", - "AC" : "H", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1096288 (Security Guardium Big Data Intelligence)", - "url" : "https://www.ibm.com/support/pages/node/1096288", - "name" : "https://www.ibm.com/support/pages/node/1096288" - }, - { - "name" : "ibm-guardium-cve20194307-info-disc (160987)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/160987", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2019-4307", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-22T00:00:00", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "C": "H", + "UI": "N", + "AV": "L", + "PR": "N", + "I": "N", + "SCORE": "5.100", + "AC": "H", + "S": "U" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1096288 (Security Guardium Big Data Intelligence)", + "url": "https://www.ibm.com/support/pages/node/1096288", + "name": "https://www.ibm.com/support/pages/node/1096288" + }, + { + "name": "ibm-guardium-cve20194307-info-disc (160987)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160987", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4309.json b/2019/4xxx/CVE-2019-4309.json index a07bc1ff855..c8f5633b16f 100644 --- a/2019/4xxx/CVE-2019-4309.json +++ b/2019/4xxx/CVE-2019-4309.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4309", - "DATE_PUBLIC" : "2019-10-22T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "A" : "N", - "C" : "H", - "UI" : "N", - "AV" : "L", - "I" : "N", - "PR" : "N", - "SCORE" : "5.900", - "S" : "C", - "AC" : "H" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1096348", - "title" : "IBM Security Bulletin 1096348 (Security Guardium Big Data Intelligence)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1096348" - }, - { - "name" : "ibm-guardium-cve20194309-info-disc (161035)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161035", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - }, - "product_name" : "Security Guardium Big Data Intelligence" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE" -} + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2019-4309", + "DATE_PUBLIC": "2019-10-22T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "A": "N", + "C": "H", + "UI": "N", + "AV": "L", + "I": "N", + "PR": "N", + "SCORE": "5.900", + "S": "C", + "AC": "H" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1096348", + "title": "IBM Security Bulletin 1096348 (Security Guardium Big Data Intelligence)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1096348" + }, + { + "name": "ibm-guardium-cve20194309-info-disc (161035)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161035", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + }, + "product_name": "Security Guardium Big Data Intelligence" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4311.json b/2019/4xxx/CVE-2019-4311.json index c2d3ccb790c..4168ceff52f 100644 --- a/2019/4xxx/CVE-2019-4311.json +++ b/2019/4xxx/CVE-2019-4311.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4311", - "DATE_PUBLIC" : "2019-10-24T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "A" : "N", - "AV" : "N", - "C" : "L", - "UI" : "N", - "SCORE" : "5.300", - "PR" : "N", - "I" : "N", - "AC" : "L", - "S" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 1098069 (Security Guardium Big Data Intelligence)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1098069", - "name" : "https://www.ibm.com/support/pages/node/1098069" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161037", - "name" : "ibm-guardium-cve20194311-info-disc (161037)" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4311", + "DATE_PUBLIC": "2019-10-24T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - }, - "product_name" : "Security Guardium Big Data Intelligence" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "data_version" : "4.0" -} + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "A": "N", + "AV": "N", + "C": "L", + "UI": "N", + "SCORE": "5.300", + "PR": "N", + "I": "N", + "AC": "L", + "S": "U" + } + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1098069 (Security Guardium Big Data Intelligence)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1098069", + "name": "https://www.ibm.com/support/pages/node/1098069" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161037", + "name": "ibm-guardium-cve20194311-info-disc (161037)" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + }, + "product_name": "Security Guardium Big Data Intelligence" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4314.json b/2019/4xxx/CVE-2019-4314.json index 94091dff118..c345e840e7e 100644 --- a/2019/4xxx/CVE-2019-4314.json +++ b/2019/4xxx/CVE-2019-4314.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - }, - "product_name" : "Security Guardium Big Data Intelligence" - } - ] - } - } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + }, + "product_name": "Security Guardium Big Data Intelligence" + } + ] + } + } ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4314", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "SCORE" : "5.900", - "I" : "N", - "PR" : "N", - "S" : "U", - "AC" : "H", - "A" : "N", - "AV" : "N", - "UI" : "N", - "C" : "H" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1096912", - "url" : "https://www.ibm.com/support/pages/node/1096912", - "title" : "IBM Security Bulletin 1096912 (Security Guardium Big Data Intelligence)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161041", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-guardium-cve20194314-info-disc (161041)" - } - ] - } -} + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2019-4314", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "SCORE": "5.900", + "I": "N", + "PR": "N", + "S": "U", + "AC": "H", + "A": "N", + "AV": "N", + "UI": "N", + "C": "H" + } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1096912", + "url": "https://www.ibm.com/support/pages/node/1096912", + "title": "IBM Security Bulletin 1096912 (Security Guardium Big Data Intelligence)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161041", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-guardium-cve20194314-info-disc (161041)" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4329.json b/2019/4xxx/CVE-2019-4329.json index 2efdb922e6e..14a477b2bc6 100644 --- a/2019/4xxx/CVE-2019-4329.json +++ b/2019/4xxx/CVE-2019-4329.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - }, - "product_name" : "Security Guardium Big Data Intelligence" - } - ] - } - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1096906", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1096906 (Security Guardium Big Data Intelligence)", - "url" : "https://www.ibm.com/support/pages/node/1096906" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161209", - "name" : "ibm-guardium-cve20194329-sec-bypass (161209)" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "C" : "N", - "UI" : "N", - "A" : "N", - "AC" : "L", - "S" : "U", - "SCORE" : "4.300", - "PR" : "L", - "I" : "L" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + }, + "product_name": "Security Guardium Big Data Intelligence" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4329", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1096906", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1096906 (Security Guardium Big Data Intelligence)", + "url": "https://www.ibm.com/support/pages/node/1096906" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161209", + "name": "ibm-guardium-cve20194329-sec-bypass (161209)" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "AV": "N", + "C": "N", + "UI": "N", + "A": "N", + "AC": "L", + "S": "U", + "SCORE": "4.300", + "PR": "L", + "I": "L" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4329", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4330.json b/2019/4xxx/CVE-2019-4330.json index b82d6ee8b9d..48673503b15 100644 --- a/2019/4xxx/CVE-2019-4330.json +++ b/2019/4xxx/CVE-2019-4330.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - }, - "product_name" : "Security Guardium Big Data Intelligence" - } - ] - } - } - ] - } - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + }, + "product_name": "Security Guardium Big Data Intelligence" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-22T00:00:00", - "ID" : "CVE-2019-4330", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210." - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1096384", - "title" : "IBM Security Bulletin 1096384 (Security Guardium Big Data Intelligence)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1096384" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161210", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-guardium-cve20194330-info-disc (161210)" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "SCORE" : "3.100", - "PR" : "N", - "I" : "N", - "AC" : "H", - "S" : "U", - "A" : "N", - "AV" : "N", - "C" : "L", - "UI" : "R" - } - } - } -} + } + }, + "data_format": "MITRE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-22T00:00:00", + "ID": "CVE-2019-4330", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210." + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1096384", + "title": "IBM Security Bulletin 1096384 (Security Guardium Big Data Intelligence)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1096384" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161210", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-guardium-cve20194330-info-disc (161210)" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "SCORE": "3.100", + "PR": "N", + "I": "N", + "AC": "H", + "S": "U", + "A": "N", + "AV": "N", + "C": "L", + "UI": "R" + } + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4339.json b/2019/4xxx/CVE-2019-4339.json index df613e6bc27..83debb4992e 100644 --- a/2019/4xxx/CVE-2019-4339.json +++ b/2019/4xxx/CVE-2019-4339.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium Big Data Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1096924", - "title" : "IBM Security Bulletin 1096924 (Security Guardium Big Data Intelligence)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/1096924" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/161418", - "name" : "ibm-guardium-cve20194339-info-disc (161418)" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "C" : "H", - "UI" : "N", - "A" : "N", - "AC" : "H", - "S" : "U", - "SCORE" : "5.900", - "PR" : "N", - "I" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4339", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "data_version": "4.0", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium Big Data Intelligence", + "version": { + "version_data": [ + { + "version_value": "4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1096924", + "title": "IBM Security Bulletin 1096924 (Security Guardium Big Data Intelligence)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1096924" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161418", + "name": "ibm-guardium-cve20194339-info-disc (161418)" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "C": "H", + "UI": "N", + "A": "N", + "AC": "H", + "S": "U", + "SCORE": "5.900", + "PR": "N", + "I": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4339", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4546.json b/2019/4xxx/CVE-2019-4546.json index 0793aac1de9..2ca43c0bc71 100644 --- a/2019/4xxx/CVE-2019-4546.json +++ b/2019/4xxx/CVE-2019-4546.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.6.1" - } - ] - }, - "product_name" : "Maximo Health- Safety and Environment Manager" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4546", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.6.1" + } + ] + }, + "product_name": "Maximo Health- Safety and Environment Manager" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1087738", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1087738 (Maximo Health- Safety and Environment Manager)", - "name" : "https://www.ibm.com/support/pages/node/1087738" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165948", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-maximo-cve20194546-priv-escalation (165948)" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "I" : "L", - "PR" : "L", - "SCORE" : "5.400", - "S" : "U", - "AC" : "L", - "A" : "N", - "UI" : "N", - "C" : "L", - "AV" : "N" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948." - } - ] - } -} + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4546", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1087738", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1087738 (Maximo Health- Safety and Environment Manager)", + "name": "https://www.ibm.com/support/pages/node/1087738" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165948", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-maximo-cve20194546-priv-escalation (165948)" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "I": "L", + "PR": "L", + "SCORE": "5.400", + "S": "U", + "AC": "L", + "A": "N", + "UI": "N", + "C": "L", + "AV": "N" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4600.json b/2019/4xxx/CVE-2019-4600.json index b867626e098..fd4841199e6 100644 --- a/2019/4xxx/CVE-2019-4600.json +++ b/2019/4xxx/CVE-2019-4600.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.8.7" - } - ] - } - } - ] - } - } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.8.7" + } + ] + } + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4600", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-24T00:00:00" - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/1079127", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1079127 (API Connect)", - "name" : "https://www.ibm.com/support/pages/node/1079127" - }, - { - "name" : "ibm-api-cve20194600-info-disc (167883)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167883", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "I" : "N", - "SCORE" : "5.300", - "AC" : "L", - "S" : "U", - "A" : "N", - "UI" : "N", - "C" : "L", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - } -} + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4600", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-24T00:00:00" + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883." + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1079127", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1079127 (API Connect)", + "name": "https://www.ibm.com/support/pages/node/1079127" + }, + { + "name": "ibm-api-cve20194600-info-disc (167883)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167883", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "I": "N", + "SCORE": "5.300", + "AC": "L", + "S": "U", + "A": "N", + "UI": "N", + "C": "L", + "AV": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5533.json b/2019/5xxx/CVE-2019-5533.json index d84872646b4..30d401d9e36 100644 --- a/2019/5xxx/CVE-2019-5533.json +++ b/2019/5xxx/CVE-2019-5533.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5533", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5533", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "SD-WAN by VeloCloud", + "version": { + "version_data": [ + { + "version_value": "3.x prior to 3.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3." } ] }