diff --git a/2019/15xxx/CVE-2019-15845.json b/2019/15xxx/CVE-2019-15845.json index 5b80ef934c6..cc561d79f60 100644 --- a/2019/15xxx/CVE-2019-15845.json +++ b/2019/15xxx/CVE-2019-15845.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4201-1", + "url": "https://usn.ubuntu.com/4201-1/" } ] } diff --git a/2019/16xxx/CVE-2019-16195.json b/2019/16xxx/CVE-2019-16195.json new file mode 100644 index 00000000000..dd66bafe8c3 --- /dev/null +++ b/2019/16xxx/CVE-2019-16195.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/pull/7876", + "url": "https://github.com/centreon/centreon/pull/7876" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/pull/7877", + "url": "https://github.com/centreon/centreon/pull/7877" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/releases/tag/19.04.5", + "url": "https://github.com/centreon/centreon/releases/tag/19.04.5" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/releases/tag/2.8.30", + "url": "https://github.com/centreon/centreon/releases/tag/2.8.30" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/releases/tag/18.10.8", + "url": "https://github.com/centreon/centreon/releases/tag/18.10.8" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json new file mode 100644 index 00000000000..6f95fdaf1d6 --- /dev/null +++ b/2019/16xxx/CVE-2019-16201.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/661722", + "refsource": "MISC", + "name": "https://hackerone.com/reports/661722" + }, + { + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16254.json b/2019/16xxx/CVE-2019-16254.json new file mode 100644 index 00000000000..77032e64c58 --- /dev/null +++ b/2019/16xxx/CVE-2019-16254.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/331984", + "refsource": "MISC", + "name": "https://hackerone.com/reports/331984" + }, + { + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json new file mode 100644 index 00000000000..a48e1f1216d --- /dev/null +++ b/2019/16xxx/CVE-2019-16255.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/327512", + "refsource": "MISC", + "name": "https://hackerone.com/reports/327512" + }, + { + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", + "url": "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" + } + ] + } +} \ No newline at end of file