diff --git a/2014/0xxx/CVE-2014-0114.json b/2014/0xxx/CVE-2014-0114.json index 597642f67a1..cf50ab34790 100644 --- a/2014/0xxx/CVE-2014-0114.json +++ b/2014/0xxx/CVE-2014-0114.json @@ -513,9 +513,14 @@ "name":"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E", "url":"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E" }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E", + "url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E" + }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - } + } ] } } \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10374.json b/2014/10xxx/CVE-2014-10374.json index 0728897042b..490f9c2a4ad 100644 --- a/2014/10xxx/CVE-2014-10374.json +++ b/2014/10xxx/CVE-2014-10374.json @@ -56,6 +56,11 @@ "url": "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf", "refsource": "MISC", "name": "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/TedOnPrivacy/status/1151390589990187008", + "url": "https://twitter.com/TedOnPrivacy/status/1151390589990187008" } ] } diff --git a/2016/9xxx/CVE-2016-9572.json b/2016/9xxx/CVE-2016-9572.json index a8413b9ea6c..1c46281c61e 100644 --- a/2016/9xxx/CVE-2016-9572.json +++ b/2016/9xxx/CVE-2016-9572.json @@ -95,6 +95,11 @@ "url":"https://www.debian.org/security/2017/dsa-3768" }, { + "refsource": "BID", + "name": "109233", + "url": "http://www.securityfocus.com/bid/109233" + }, + { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ] diff --git a/2017/15xxx/CVE-2017-15123.json b/2017/15xxx/CVE-2017-15123.json index a22d61bbaff..667e29eeb58 100644 --- a/2017/15xxx/CVE-2017-15123.json +++ b/2017/15xxx/CVE-2017-15123.json @@ -48,6 +48,16 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123", "refsource": "CONFIRM" + }, + { + "refsource": "BID", + "name": "108690", + "url": "http://www.securityfocus.com/bid/108690" + }, + { + "refsource": "MISC", + "name": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/", + "url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/" } ] }, diff --git a/2018/1000xxx/CVE-2018-1000024.json b/2018/1000xxx/CVE-2018-1000024.json index 297913e2856..91181792a22 100644 --- a/2018/1000xxx/CVE-2018-1000024.json +++ b/2018/1000xxx/CVE-2018-1000024.json @@ -78,6 +78,11 @@ "name": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", "refsource": "CONFIRM", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt" + }, + { + "refsource": "UBUNTU", + "name": "USN-4059-2", + "url": "https://usn.ubuntu.com/4059-2/" } ] } diff --git a/2018/1000xxx/CVE-2018-1000027.json b/2018/1000xxx/CVE-2018-1000027.json index 4919be26ba8..cd2cb22c1be 100644 --- a/2018/1000xxx/CVE-2018-1000027.json +++ b/2018/1000xxx/CVE-2018-1000027.json @@ -93,6 +93,11 @@ "name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4059-2", + "url": "https://usn.ubuntu.com/4059-2/" } ] } diff --git a/2018/11xxx/CVE-2018-11058.json b/2018/11xxx/CVE-2018-11058.json index 53539a7e003..f680f7e62cf 100644 --- a/2018/11xxx/CVE-2018-11058.json +++ b/2018/11xxx/CVE-2018-11058.json @@ -1,9 +1,9 @@ { - "CVE_data_meta":{ - "ASSIGNER":"security_alert@emc.com", - "ID":"CVE-2018-11058", - "STATE":"PUBLIC" + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "ID": "CVE-2018-11058", + "STATE": "PUBLIC" }, "affects":{ "vendor":{ @@ -86,9 +86,14 @@ "references":{ "reference_data":[ { - "name":"20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource":"FULLDISC", - "url":"http://seclists.org/fulldisclosure/2018/Aug/46" + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + }, + { + "refsource": "BID", + "name": "108106", + "url": "http://www.securityfocus.com/bid/108106" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2018/12xxx/CVE-2018-12022.json b/2018/12xxx/CVE-2018-12022.json index 7dee924802e..e1e5b16fb24 100644 --- a/2018/12xxx/CVE-2018-12022.json +++ b/2018/12xxx/CVE-2018-12022.json @@ -144,13 +144,18 @@ "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1797", - "url":"https://access.redhat.com/errata/RHSA-2019:1797" + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" }, { + "refsource": "BID", + "name": "107585", + "url": "http://www.securityfocus.com/bid/107585" + }, + "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - } + } ] } } \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12897.json b/2018/12xxx/CVE-2018-12897.json index 81db007395e..233902df087 100644 --- a/2018/12xxx/CVE-2018-12897.json +++ b/2018/12xxx/CVE-2018-12897.json @@ -56,6 +56,11 @@ "name": "https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow/", "refsource": "MISC", "url": "https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153668/DameWare-Remote-Support-12.0.0.509-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/153668/DameWare-Remote-Support-12.0.0.509-Buffer-Overflow.html" } ] } diff --git a/2018/17xxx/CVE-2018-17960.json b/2018/17xxx/CVE-2018-17960.json index 80c7042e094..ccaec083a8e 100644 --- a/2018/17xxx/CVE-2018-17960.json +++ b/2018/17xxx/CVE-2018-17960.json @@ -59,9 +59,14 @@ "url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/" }, { - "name":"https://ckeditor.com/cke4/release/CKEditor-4.11.0", - "refsource":"MISC", - "url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0" + "name": "https://ckeditor.com/cke4/release/CKEditor-4.11.0", + "refsource": "MISC", + "url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0" + }, + { + "refsource": "BID", + "name": "109205", + "url": "http://www.securityfocus.com/bid/109205" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2018/19xxx/CVE-2018-19360.json b/2018/19xxx/CVE-2018-19360.json index b97787ace05..440966e89b4 100644 --- a/2018/19xxx/CVE-2018-19360.json +++ b/2018/19xxx/CVE-2018-19360.json @@ -134,9 +134,14 @@ "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1797", - "url":"https://access.redhat.com/errata/RHSA-2019:1797" + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" + }, + { + "refsource": "BID", + "name": "107985", + "url": "http://www.securityfocus.com/bid/107985" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2018/19xxx/CVE-2018-19361.json b/2018/19xxx/CVE-2018-19361.json index 4b3ee6f4027..d22c941a3b9 100644 --- a/2018/19xxx/CVE-2018-19361.json +++ b/2018/19xxx/CVE-2018-19361.json @@ -134,9 +134,14 @@ "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1797", - "url":"https://access.redhat.com/errata/RHSA-2019:1797" + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" + }, + { + "refsource": "BID", + "name": "107985", + "url": "http://www.securityfocus.com/bid/107985" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index af6592e12b2..95c775efd26 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -134,9 +134,14 @@ "url":"https://access.redhat.com/errata/RHSA-2019:1782" }, { - "refsource":"REDHAT", - "name":"RHSA-2019:1797", - "url":"https://access.redhat.com/errata/RHSA-2019:1797" + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" + }, + { + "refsource": "BID", + "name": "107985", + "url": "http://www.securityfocus.com/bid/107985" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2018/1xxx/CVE-2018-1921.json b/2018/1xxx/CVE-2018-1921.json index f0f03e5a16d..dcec4ea5019 100644 --- a/2018/1xxx/CVE-2018-1921.json +++ b/2018/1xxx/CVE-2018-1921.json @@ -1,18 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1921", - "STATE": "RESERVED" - }, "data_format": "MITRE", - "data_type": "CVE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 887995 (Campaign)", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887995", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887995" + }, + { + "name": "ibm-campaign-cve20181921-xss (152857)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152857" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Campaign", + "version": { + "version_data": [ + { + "version_value": "9.1.2" + }, + { + "version_value": "9.1.0" + }, + { + "version_value": "10.1" + }, + { + "version_value": "11.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "R", + "AC": "L", + "SCORE": "5.400", + "S": "C", + "AV": "N", + "PR": "L", + "C": "L", + "A": "N", + "I": "L" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857." } ] - } + }, + "CVE_data_meta": { + "ID": "CVE-2018-1921", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-07-10T00:00:00" + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2021.json b/2018/2xxx/CVE-2018-2021.json index 4c8bc25915c..ae62f6390d0 100644 --- a/2018/2xxx/CVE-2018-2021.json +++ b/2018/2xxx/CVE-2018-2021.json @@ -1,18 +1,93 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", "ID": "CVE-2018-2021", - "STATE": "RESERVED" + "DATE_PUBLIC": "2019-07-10T00:00:00" }, - "data_format": "MITRE", "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10888117", + "title": "IBM Security Bulletin 888117 (QRadar SIEM)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10888117" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155345", + "name": "ibm-qradar-cve20182021-xss (155345)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + }, + "product_name": "QRadar SIEM" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + }, + "BM": { + "UI": "R", + "AC": "L", + "SCORE": "6.100", + "AV": "N", + "PR": "N", + "S": "C", + "C": "L", + "A": "N", + "I": "L" + } + } + }, + "data_version": "4.0" } \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2022.json b/2018/2xxx/CVE-2018-2022.json index 8503581b0a7..62c7e5759bd 100644 --- a/2018/2xxx/CVE-2018-2022.json +++ b/2018/2xxx/CVE-2018-2022.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-2022", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", - "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2019-07-10T00:00:00", + "ID": "CVE-2018-2022", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10888133", + "title": "IBM Security Bulletin 888133 (QRadar SIEM)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10888133" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155346", + "name": "ibm-qradar-cve20182022-info-disc (155346)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "SCORE": "5.300", + "UI": "N", + "AC": "L", + "A": "N", + "I": "N", + "S": "U", + "PR": "N", + "AV": "N", + "C": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } } } \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8453.json b/2018/8xxx/CVE-2018-8453.json index 231cac6c57a..267aa51ee8c 100644 --- a/2018/8xxx/CVE-2018-8453.json +++ b/2018/8xxx/CVE-2018-8453.json @@ -231,6 +231,11 @@ "name": "105467", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105467" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html", + "url": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html" } ] } diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index a28ea2c268a..21597e3b165 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -146,9 +146,14 @@ "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html" }, { - "refsource":"FEDORA", - "name":"FEDORA-2019-d66febb5df", - "url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + "refsource": "FEDORA", + "name": "FEDORA-2019-d66febb5df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/" + }, + { + "refsource": "BID", + "name": "107674", + "url": "http://www.securityfocus.com/bid/107674" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2019/0xxx/CVE-2019-0319.json b/2019/0xxx/CVE-2019-0319.json index b9e3d2ec594..a2d46993cd9 100644 --- a/2019/0xxx/CVE-2019-0319.json +++ b/2019/0xxx/CVE-2019-0319.json @@ -89,6 +89,11 @@ "refsource": "MISC", "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f", "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html", + "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html" } ] } diff --git a/2019/1010xxx/CVE-2019-1010006.json b/2019/1010xxx/CVE-2019-1010006.json index 86a74f9af05..9287bf116da 100644 --- a/2019/1010xxx/CVE-2019-1010006.json +++ b/2019/1010xxx/CVE-2019-1010006.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victin must open a crafted PDF file." + "value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail." } ] }, diff --git a/2019/1010xxx/CVE-2019-1010048.json b/2019/1010xxx/CVE-2019-1010048.json index 7d721574f1a..5cd1eee5046 100644 --- a/2019/1010xxx/CVE-2019-1010048.json +++ b/2019/1010xxx/CVE-2019-1010048.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "ID": "CVE-2019-1010048", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "UPX", - "version": { - "version_data": [ - { - "version_value": "3.95" - } - ] - } - } - ] - }, - "vendor_name": "UPX" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1010048", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Integer Overflow" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/upx/upx/pull/190", - "refsource": "MISC", - "name": "https://github.com/upx/upx/pull/190" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/1010xxx/CVE-2019-1010083.json b/2019/1010xxx/CVE-2019-1010083.json index dd86d1e7a5e..ba02bb1d342 100644 --- a/2019/1010xxx/CVE-2019-1010083.json +++ b/2019/1010xxx/CVE-2019-1010083.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010083", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Pallets Project", + "product": { + "product_data": [ + { + "product_name": "Flask", + "version": { + "version_data": [ + { + "version_value": "\u2264 1.0 [fixed: 1]" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unexpected memory usage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.palletsprojects.com/blog/flask-1-0-released/", + "url": "https://www.palletsprojects.com/blog/flask-1-0-released/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010084.json b/2019/1010xxx/CVE-2019-1010084.json index a47515f5445..2b36d69889d 100644 --- a/2019/1010xxx/CVE-2019-1010084.json +++ b/2019/1010xxx/CVE-2019-1010084.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dancer::Plugin::SimpleCRUD", + "product": { + "product_data": [ + { + "product_name": "Dancer::Plugin::SimpleCRUD", + "version": { + "version_data": [ + { + "version_value": "\u2264 1.14" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigpresh/Dancer-Plugin-SimpleCRUD/pull/109", + "refsource": "MISC", + "name": "https://github.com/bigpresh/Dancer-Plugin-SimpleCRUD/pull/109" } ] } diff --git a/2019/1010xxx/CVE-2019-1010091.json b/2019/1010xxx/CVE-2019-1010091.json index 409e6910c9c..8a7449d2566 100644 --- a/2019/1010xxx/CVE-2019-1010091.json +++ b/2019/1010xxx/CVE-2019-1010091.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tinymce", + "version": { + "version_data": [ + { + "version_value": "4.7.11, 4.7.12" + } + ] + } + } + ] + }, + "vendor_name": "tinymce" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tinymce/tinymce/issues/4394", + "refsource": "MISC", + "name": "https://github.com/tinymce/tinymce/issues/4394" } ] } diff --git a/2019/1010xxx/CVE-2019-1010315.json b/2019/1010xxx/CVE-2019-1010315.json index b874fa9f598..7c42a67e16c 100644 --- a/2019/1010xxx/CVE-2019-1010315.json +++ b/2019/1010xxx/CVE-2019-1010315.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc", "url": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc" + }, + { + "refsource": "UBUNTU", + "name": "USN-4062-1", + "url": "https://usn.ubuntu.com/4062-1/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010317.json b/2019/1010xxx/CVE-2019-1010317.json index a35bf05f6a4..f30e32aedf5 100644 --- a/2019/1010xxx/CVE-2019-1010317.json +++ b/2019/1010xxx/CVE-2019-1010317.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b", "url": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b" + }, + { + "refsource": "UBUNTU", + "name": "USN-4062-1", + "url": "https://usn.ubuntu.com/4062-1/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010319.json b/2019/1010xxx/CVE-2019-1010319.json index 86795ad70c3..49dc4e09abe 100644 --- a/2019/1010xxx/CVE-2019-1010319.json +++ b/2019/1010xxx/CVE-2019-1010319.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe", "url": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe" + }, + { + "refsource": "UBUNTU", + "name": "USN-4062-1", + "url": "https://usn.ubuntu.com/4062-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10352.json b/2019/10xxx/CVE-2019-10352.json index 7ee8e14b3d8..60d3911324c 100644 --- a/2019/10xxx/CVE-2019-10352.json +++ b/2019/10xxx/CVE-2019-10352.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.185 and earlier, LTS 2.176.1 and earlier" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424", + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424" } ] } diff --git a/2019/10xxx/CVE-2019-10353.json b/2019/10xxx/CVE-2019-10353.json index 969ca56f198..0b67c1da8fd 100644 --- a/2019/10xxx/CVE-2019-10353.json +++ b/2019/10xxx/CVE-2019-10353.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.185 and earlier, LTS 2.176.1 and earlier" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626", + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626" } ] } diff --git a/2019/10xxx/CVE-2019-10354.json b/2019/10xxx/CVE-2019-10354.json index 69ce2ae00f0..5814fae27de 100644 --- a/2019/10xxx/CVE-2019-10354.json +++ b/2019/10xxx/CVE-2019-10354.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.185 and earlier, LTS 2.176.1 and earlier" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-425" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534", + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534" } ] } diff --git a/2019/12xxx/CVE-2019-12086.json b/2019/12xxx/CVE-2019-12086.json index b9e59d5c806..eaded2dacc4 100644 --- a/2019/12xxx/CVE-2019-12086.json +++ b/2019/12xxx/CVE-2019-12086.json @@ -94,9 +94,14 @@ "url":"https://seclists.org/bugtraq/2019/May/68" }, { - "refsource":"CONFIRM", - "name":"https://security.netapp.com/advisory/ntap-20190530-0003/", - "url":"https://security.netapp.com/advisory/ntap-20190530-0003/" + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190530-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" + }, + { + "refsource": "BID", + "name": "109227", + "url": "http://www.securityfocus.com/bid/109227" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2019/12xxx/CVE-2019-12175.json b/2019/12xxx/CVE-2019-12175.json index 7508ab64955..98e979c888a 100644 --- a/2019/12xxx/CVE-2019-12175.json +++ b/2019/12xxx/CVE-2019-12175.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12175", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12175", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zeek/zeek/releases/tag/v2.6.2", + "url": "https://github.com/zeek/zeek/releases/tag/v2.6.2" } ] } diff --git a/2019/12xxx/CVE-2019-12475.json b/2019/12xxx/CVE-2019-12475.json index f5035aa7094..704992406da 100644 --- a/2019/12xxx/CVE-2019-12475.json +++ b/2019/12xxx/CVE-2019-12475.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12475", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12475", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/undefinedmode/CVE-2019-12475", + "url": "https://github.com/undefinedmode/CVE-2019-12475" } ] } diff --git a/2019/13xxx/CVE-2019-13050.json b/2019/13xxx/CVE-2019-13050.json index 5ffa347b175..d56b4f0bee6 100644 --- a/2019/13xxx/CVE-2019-13050.json +++ b/2019/13xxx/CVE-2019-13050.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/lambdafu/status/1147162583969009664", + "url": "https://twitter.com/lambdafu/status/1147162583969009664" } ] } diff --git a/2019/13xxx/CVE-2019-13272.json b/2019/13xxx/CVE-2019-13272.json new file mode 100644 index 00000000000..ea48107f26c --- /dev/null +++ b/2019/13xxx/CVE-2019-13272.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html" + }, + { + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17" + }, + { + "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1140671", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13345.json b/2019/13xxx/CVE-2019-13345.json index 28329292840..e94aceb6fb6 100644 --- a/2019/13xxx/CVE-2019-13345.json +++ b/2019/13xxx/CVE-2019-13345.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4059-1", "url": "https://usn.ubuntu.com/4059-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4059-2", + "url": "https://usn.ubuntu.com/4059-2/" } ] } diff --git a/2019/13xxx/CVE-2019-13346.json b/2019/13xxx/CVE-2019-13346.json new file mode 100644 index 00000000000..dd39af2c7ac --- /dev/null +++ b/2019/13xxx/CVE-2019-13346.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MyT 1.5.1, the User[username] parameter has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "47109", + "url": "https://www.exploit-db.com/exploits/47109" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13359.json b/2019/13xxx/CVE-2019-13359.json index c62582d9071..e98c549993d 100644 --- a/2019/13xxx/CVE-2019-13359.json +++ b/2019/13xxx/CVE-2019-13359.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13359.md", "url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13359.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-Privilege-Escalation.html" } ] } diff --git a/2019/13xxx/CVE-2019-13360.json b/2019/13xxx/CVE-2019-13360.json index b470175f041..08698a82e78 100644 --- a/2019/13xxx/CVE-2019-13360.json +++ b/2019/13xxx/CVE-2019-13360.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13360.md", "url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13360.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html" } ] } diff --git a/2019/13xxx/CVE-2019-13383.json b/2019/13xxx/CVE-2019-13383.json index 766e3579466..dc14662e089 100644 --- a/2019/13xxx/CVE-2019-13383.json +++ b/2019/13xxx/CVE-2019-13383.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md", "url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html", + "url": "http://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html" } ] } diff --git a/2019/13xxx/CVE-2019-13403.json b/2019/13xxx/CVE-2019-13403.json new file mode 100644 index 00000000000..a3e3456ddb9 --- /dev/null +++ b/2019/13xxx/CVE-2019-13403.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/B3Bo1d/CVE-2019-13403/", + "url": "https://github.com/B3Bo1d/CVE-2019-13403/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13446.json b/2019/13xxx/CVE-2019-13446.json new file mode 100644 index 00000000000..f433b348f3b --- /dev/null +++ b/2019/13xxx/CVE-2019-13446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13446", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13453.json b/2019/13xxx/CVE-2019-13453.json new file mode 100644 index 00000000000..0c4c9657e05 --- /dev/null +++ b/2019/13xxx/CVE-2019-13453.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-2-of-3/", + "url": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-2-of-3/" + }, + { + "refsource": "CONFIRM", + "name": "https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/", + "url": "https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13573.json b/2019/13xxx/CVE-2019-13573.json new file mode 100644 index 00000000000..8184a026836 --- /dev/null +++ b/2019/13xxx/CVE-2019-13573.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers", + "url": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers" + }, + { + "refsource": "CONFIRM", + "name": "https://plugins.trac.wordpress.org/changeset/2121566/fv-wordpress-flowplayer/trunk/models/db.php", + "url": "https://plugins.trac.wordpress.org/changeset/2121566/fv-wordpress-flowplayer/trunk/models/db.php" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-19-097", + "url": "https://fortiguard.com/zeroday/FG-VD-19-097" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13605.json b/2019/13xxx/CVE-2019-13605.json index 690a494dedd..b3860faaef0 100644 --- a/2019/13xxx/CVE-2019-13605.json +++ b/2019/13xxx/CVE-2019-13605.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md", "url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html" } ] } diff --git a/2019/13xxx/CVE-2019-13613.json b/2019/13xxx/CVE-2019-13613.json new file mode 100644 index 00000000000..2089ce99fbe --- /dev/null +++ b/2019/13xxx/CVE-2019-13613.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fakhrizulkifli.github.io/posts/2019/07/15/CVE-2019-13613/", + "url": "https://fakhrizulkifli.github.io/posts/2019/07/15/CVE-2019-13613/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13623.json b/2019/13xxx/CVE-2019-13623.json new file mode 100644 index 00000000000..0b5e31f5fa0 --- /dev/null +++ b/2019/13xxx/CVE-2019-13623.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NationalSecurityAgency/ghidra/issues/789", + "refsource": "MISC", + "name": "https://github.com/NationalSecurityAgency/ghidra/issues/789" + }, + { + "url": "http://blog.fxiao.me/ghidra/", + "refsource": "MISC", + "name": "http://blog.fxiao.me/ghidra/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13624.json b/2019/13xxx/CVE-2019-13624.json new file mode 100644 index 00000000000..dda5cc7ba14 --- /dev/null +++ b/2019/13xxx/CVE-2019-13624.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gerrit.onosproject.org/#/c/20767/", + "refsource": "MISC", + "name": "https://gerrit.onosproject.org/#/c/20767/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13625.json b/2019/13xxx/CVE-2019-13625.json new file mode 100644 index 00000000000..9d0130c93df --- /dev/null +++ b/2019/13xxx/CVE-2019-13625.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://blog.fxiao.me/ghidra/", + "refsource": "MISC", + "name": "http://blog.fxiao.me/ghidra/" + }, + { + "url": "https://xlab.tencent.com/en/2019/03/18/ghidra-from-xxe-to-rce/", + "refsource": "MISC", + "name": "https://xlab.tencent.com/en/2019/03/18/ghidra-from-xxe-to-rce/" + }, + { + "url": "https://github.com/NationalSecurityAgency/ghidra/issues/71", + "refsource": "MISC", + "name": "https://github.com/NationalSecurityAgency/ghidra/issues/71" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13626.json b/2019/13xxx/CVE-2019-13626.json new file mode 100644 index 00000000000..9f186437475 --- /dev/null +++ b/2019/13xxx/CVE-2019-13626.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4522", + "refsource": "MISC", + "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4522" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2107.json b/2019/2xxx/CVE-2019-2107.json index e239d6cea9b..8e74df43bd7 100644 --- a/2019/2xxx/CVE-2019-2107.json +++ b/2019/2xxx/CVE-2019-2107.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153628/Android-VideoPlayer-ihevcd_parse_pps-Out-Of-Bounds-Write.html", "url": "http://packetstormsecurity.com/files/153628/Android-VideoPlayer-ihevcd_parse_pps-Out-Of-Bounds-Write.html" + }, + { + "refsource": "FULLDISC", + "name": "20190716 CVE-2019-2107 a.k.a \"Hevcfright\" Proof of Concept exploit (Denial of Service PoC)", + "url": "http://seclists.org/fulldisclosure/2019/Jul/18" } ] }, diff --git a/2019/3xxx/CVE-2019-3571.json b/2019/3xxx/CVE-2019-3571.json index f14c2b62925..52c86136800 100644 --- a/2019/3xxx/CVE-2019-3571.json +++ b/2019/3xxx/CVE-2019-3571.json @@ -1,8 +1,37 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2019-07-16", "ID": "CVE-2019-3571", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WhatsApp Desktop", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "0.3.3793" + }, + { + "version_affected": "<", + "version_value": "0.3.3793" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +40,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Encoding or Escaping of Output (CWE-116), Improper Handling of Unicode Encoding (CWE-176)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.facebook.com/security/advisories/cve-2019-3571", + "url": "https://www.facebook.com/security/advisories/cve-2019-3571" } ] } diff --git a/2019/4xxx/CVE-2019-4054.json b/2019/4xxx/CVE-2019-4054.json index 73136867bef..ad36f18c852 100644 --- a/2019/4xxx/CVE-2019-4054.json +++ b/2019/4xxx/CVE-2019-4054.json @@ -1,17 +1,92 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4054", - "STATE": "RESERVED" + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "PR": "N", + "AV": "L", + "C": "L", + "A": "N", + "I": "N", + "UI": "N", + "AC": "L", + "SCORE": "4.000" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10957139", + "title": "IBM Security Bulletin 957139 (QRadar SIEM)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10957139" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-qradar-cve20194054-info-disc (156563)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156563" + } + ] }, "data_format": "MITRE", "data_type": "CVE", - "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2019-07-10T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2019-4054" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563." } ] } diff --git a/2019/4xxx/CVE-2019-4194.json b/2019/4xxx/CVE-2019-4194.json index 6ba69fb2004..dc9cf65e685 100644 --- a/2019/4xxx/CVE-2019-4194.json +++ b/2019/4xxx/CVE-2019-4194.json @@ -1,18 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4194", - "STATE": "RESERVED" + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Jazz for Service Management", + "version": { + "version_data": [ + { + "version_value": "1.1.3" + }, + { + "version_value": "1.1.3.1" + }, + { + "version_value": "1.1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "UI": "N", + "AC": "L", + "SCORE": "5.300", + "S": "U", + "AV": "N", + "PR": "N", + "C": "N", + "A": "L", + "I": "N" + } + } }, "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885989", + "title": "IBM Security Bulletin 885989 (Jazz for Service Management)", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885989" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159033", + "name": "ibm-jazz-cve20194194-dos (159033)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033." } ] - } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-07-11T00:00:00", + "ID": "CVE-2019-4194", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4211.json b/2019/4xxx/CVE-2019-4211.json index c89c72978c4..40815a28914 100644 --- a/2019/4xxx/CVE-2019-4211.json +++ b/2019/4xxx/CVE-2019-4211.json @@ -1,18 +1,93 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4211", - "STATE": "RESERVED" + "DATE_PUBLIC": "2019-07-10T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4211" }, - "data_format": "MITRE", "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131.", + "lang": "eng" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10957143", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10957143", + "title": "IBM Security Bulletin 957143 (QRadar SIEM)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159131", + "name": "ibm-qradar-cve20194211-xss (159131)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "UI": "R", + "SCORE": "5.400", + "C": "L", + "S": "C", + "AV": "N", + "PR": "L", + "I": "L", + "A": "N" + }, + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + } + } + }, + "data_version": "4.0" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4430.json b/2019/4xxx/CVE-2019-4430.json index 92e6cb6bfcb..c3bc1914431 100644 --- a/2019/4xxx/CVE-2019-4430.json +++ b/2019/4xxx/CVE-2019-4430.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4430", - "STATE": "RESERVED" - }, "data_format": "MITRE", - "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10959173", + "title": "IBM Security Bulletin 959173 (Maximo Asset Management)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10959173" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162887", + "name": "ibm-maximo-cve20194430-info-disc (162887)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "SCORE": "4.300", + "UI": "N", + "AC": "L", + "A": "N", + "I": "N", + "AV": "N", + "PR": "L", + "S": "U", + "C": "L" + } + } + }, "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.", + "lang": "eng" } ] - } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-07-15T00:00:00", + "ID": "CVE-2019-4430", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7317.json b/2019/7xxx/CVE-2019-7317.json index 20853e8ac8e..3c7b5efbb52 100644 --- a/2019/7xxx/CVE-2019-7317.json +++ b/2019/7xxx/CVE-2019-7317.json @@ -174,9 +174,14 @@ "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html" }, { - "refsource":"SUSE", - "name":"openSUSE-SU-2019:1664", - "url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1664", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" + }, + { + "refsource": "BID", + "name": "108098", + "url": "http://www.securityfocus.com/bid/108098" }, { "url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" diff --git a/2019/9xxx/CVE-2019-9848.json b/2019/9xxx/CVE-2019-9848.json index f833ad12c7e..5f884561255 100644 --- a/2019/9xxx/CVE-2019-9848.json +++ b/2019/9xxx/CVE-2019-9848.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@documentfoundation.org", + "DATE_PUBLIC": "2019-07-16T00:00:00.000Z", "ID": "CVE-2019-9848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibreOffice", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.2.5" + } + ] + } + } + ] + }, + "vendor_name": "Document Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which could be leveraged to by an attacker document to silently execute arbitrary python commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848", + "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848" + } + ] + }, + "source": { + "defect": [ + "LibreLogo", + "arbitrary", + "script", + "execution" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9849.json b/2019/9xxx/CVE-2019-9849.json index 800cc549193..bb8a141c701 100644 --- a/2019/9xxx/CVE-2019-9849.json +++ b/2019/9xxx/CVE-2019-9849.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@documentfoundation.org", + "DATE_PUBLIC": "2019-07-16T00:00:00.000Z", "ID": "CVE-2019-9849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibreOffice", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.2.5" + } + ] + } + } + ] + }, + "vendor_name": "Document Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Matei \"Mal\" Badanoiu for discovering and reporting this problem" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "In 'stealth mode' where only trusted documents are allowed to download remote resources untrusted documents could download remote bullet graphics urls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849", + "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849" + } + ] + }, + "source": { + "defect": [ + "remote", + "bullet", + "graphics", + "retrieved", + "in", + "'stealth", + "mode'" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file