From 73568f409b886ebb99f866a0f11b4f611219a528 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Dec 2019 16:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14782.json | 67 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15235.json | 67 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15845.json | 5 +++ 2019/16xxx/CVE-2019-16201.json | 5 +++ 2019/16xxx/CVE-2019-16255.json | 5 +++ 2019/16xxx/CVE-2019-16549.json | 5 +++ 2019/16xxx/CVE-2019-16550.json | 5 +++ 2019/16xxx/CVE-2019-16551.json | 5 +++ 2019/16xxx/CVE-2019-16552.json | 5 +++ 2019/16xxx/CVE-2019-16553.json | 5 +++ 2019/16xxx/CVE-2019-16554.json | 5 +++ 2019/16xxx/CVE-2019-16555.json | 5 +++ 2019/16xxx/CVE-2019-16556.json | 5 +++ 2019/16xxx/CVE-2019-16557.json | 5 +++ 2019/16xxx/CVE-2019-16558.json | 5 +++ 2019/16xxx/CVE-2019-16559.json | 5 +++ 2019/16xxx/CVE-2019-16560.json | 5 +++ 2019/16xxx/CVE-2019-16561.json | 5 +++ 2019/16xxx/CVE-2019-16562.json | 5 +++ 2019/16xxx/CVE-2019-16563.json | 5 +++ 2019/16xxx/CVE-2019-16564.json | 5 +++ 2019/16xxx/CVE-2019-16565.json | 5 +++ 2019/16xxx/CVE-2019-16566.json | 5 +++ 2019/16xxx/CVE-2019-16567.json | 5 +++ 2019/16xxx/CVE-2019-16568.json | 5 +++ 2019/16xxx/CVE-2019-16569.json | 5 +++ 2019/16xxx/CVE-2019-16570.json | 5 +++ 2019/16xxx/CVE-2019-16571.json | 5 +++ 2019/16xxx/CVE-2019-16572.json | 5 +++ 2019/16xxx/CVE-2019-16573.json | 5 +++ 2019/16xxx/CVE-2019-16574.json | 5 +++ 2019/16xxx/CVE-2019-16575.json | 5 +++ 2019/16xxx/CVE-2019-16576.json | 5 +++ 2019/17xxx/CVE-2019-17123.json | 5 +++ 2019/18xxx/CVE-2019-18670.json | 67 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18935.json | 10 +++++ 2019/18xxx/CVE-2019-18956.json | 62 +++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19847.json | 62 +++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19848.json | 18 +++++++++ 2019/19xxx/CVE-2019-19849.json | 18 +++++++++ 40 files changed, 531 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14782.json create mode 100644 2019/15xxx/CVE-2019-15235.json create mode 100644 2019/18xxx/CVE-2019-18670.json create mode 100644 2019/18xxx/CVE-2019-18956.json create mode 100644 2019/19xxx/CVE-2019-19847.json create mode 100644 2019/19xxx/CVE-2019-19848.json create mode 100644 2019/19xxx/CVE-2019-19849.json diff --git a/2019/14xxx/CVE-2019-14782.json b/2019/14xxx/CVE-2019-14782.json new file mode 100644 index 00000000000..0bc648de1c3 --- /dev/null +++ b/2019/14xxx/CVE-2019-14782.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://centos-webpanel.com/changelog-cwp7", + "refsource": "MISC", + "name": "https://centos-webpanel.com/changelog-cwp7" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html", + "url": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15235.json b/2019/15xxx/CVE-2019-15235.json new file mode 100644 index 00000000000..eb0e5ab59d4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15235.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://centos-webpanel.com/changelog-cwp7", + "refsource": "MISC", + "name": "https://centos-webpanel.com/changelog-cwp7" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html", + "url": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15845.json b/2019/15xxx/CVE-2019-15845.json index 7a17728eaa3..d5533fa1359 100644 --- a/2019/15xxx/CVE-2019-15845.json +++ b/2019/15xxx/CVE-2019-15845.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4587", "url": "https://www.debian.org/security/2019/dsa-4587" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4586", + "url": "https://www.debian.org/security/2019/dsa-4586" } ] } diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json index 2e6ff5abd78..c987b43403e 100644 --- a/2019/16xxx/CVE-2019-16201.json +++ b/2019/16xxx/CVE-2019-16201.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4587", "url": "https://www.debian.org/security/2019/dsa-4587" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4586", + "url": "https://www.debian.org/security/2019/dsa-4586" } ] } diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json index 561883940bc..359bf5aae1a 100644 --- a/2019/16xxx/CVE-2019-16255.json +++ b/2019/16xxx/CVE-2019-16255.json @@ -101,6 +101,11 @@ "refsource": "DEBIAN", "name": "DSA-4587", "url": "https://www.debian.org/security/2019/dsa-4587" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4586", + "url": "https://www.debian.org/security/2019/dsa-4586" } ] } diff --git a/2019/16xxx/CVE-2019-16549.json b/2019/16xxx/CVE-2019-16549.json index 7f71457f46f..efe971fa1f0 100644 --- a/2019/16xxx/CVE-2019-16549.json +++ b/2019/16xxx/CVE-2019-16549.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16550.json b/2019/16xxx/CVE-2019-16550.json index e1f5fb45cda..fb3c86438f7 100644 --- a/2019/16xxx/CVE-2019-16550.json +++ b/2019/16xxx/CVE-2019-16550.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16551.json b/2019/16xxx/CVE-2019-16551.json index 4211e1dd0da..25861454ea5 100644 --- a/2019/16xxx/CVE-2019-16551.json +++ b/2019/16xxx/CVE-2019-16551.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1527", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1527", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16552.json b/2019/16xxx/CVE-2019-16552.json index f858217164e..923acc3f5ff 100644 --- a/2019/16xxx/CVE-2019-16552.json +++ b/2019/16xxx/CVE-2019-16552.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1527", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1527", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16553.json b/2019/16xxx/CVE-2019-16553.json index 0460c6a8900..3b50cb7ec4b 100644 --- a/2019/16xxx/CVE-2019-16553.json +++ b/2019/16xxx/CVE-2019-16553.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16554.json b/2019/16xxx/CVE-2019-16554.json index 0f6b52bd8aa..24714ed2156 100644 --- a/2019/16xxx/CVE-2019-16554.json +++ b/2019/16xxx/CVE-2019-16554.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16555.json b/2019/16xxx/CVE-2019-16555.json index 692943ccc12..95c21ea6944 100644 --- a/2019/16xxx/CVE-2019-16555.json +++ b/2019/16xxx/CVE-2019-16555.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16556.json b/2019/16xxx/CVE-2019-16556.json index 21dd6490e79..5045ca2d0cb 100644 --- a/2019/16xxx/CVE-2019-16556.json +++ b/2019/16xxx/CVE-2019-16556.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1636", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1636", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16557.json b/2019/16xxx/CVE-2019-16557.json index 243f2a57ee8..5ca3906d8c4 100644 --- a/2019/16xxx/CVE-2019-16557.json +++ b/2019/16xxx/CVE-2019-16557.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1598", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1598", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16558.json b/2019/16xxx/CVE-2019-16558.json index 48cc4e3b97b..5ef3a17d7b9 100644 --- a/2019/16xxx/CVE-2019-16558.json +++ b/2019/16xxx/CVE-2019-16558.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1580", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1580", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16559.json b/2019/16xxx/CVE-2019-16559.json index 184f19fcaf2..6927c80d2c3 100644 --- a/2019/16xxx/CVE-2019-16559.json +++ b/2019/16xxx/CVE-2019-16559.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1371", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1371", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16560.json b/2019/16xxx/CVE-2019-16560.json index 0ff36676fbd..87538c06709 100644 --- a/2019/16xxx/CVE-2019-16560.json +++ b/2019/16xxx/CVE-2019-16560.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1371", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1371", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16561.json b/2019/16xxx/CVE-2019-16561.json index 2a8b53a8e31..63c10c03888 100644 --- a/2019/16xxx/CVE-2019-16561.json +++ b/2019/16xxx/CVE-2019-16561.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1581", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1581", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16562.json b/2019/16xxx/CVE-2019-16562.json index 1b494b76d5d..f9393441fce 100644 --- a/2019/16xxx/CVE-2019-16562.json +++ b/2019/16xxx/CVE-2019-16562.json @@ -65,6 +65,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1591", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1591", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16563.json b/2019/16xxx/CVE-2019-16563.json index 0d06ad76ae9..ae51048d3d9 100644 --- a/2019/16xxx/CVE-2019-16563.json +++ b/2019/16xxx/CVE-2019-16563.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1592", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1592", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16564.json b/2019/16xxx/CVE-2019-16564.json index e35b981214d..ba8ecce3626 100644 --- a/2019/16xxx/CVE-2019-16564.json +++ b/2019/16xxx/CVE-2019-16564.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1593", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1593", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16565.json b/2019/16xxx/CVE-2019-16565.json index 7411221e973..e7002c0bc37 100644 --- a/2019/16xxx/CVE-2019-16565.json +++ b/2019/16xxx/CVE-2019-16565.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(1)", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16566.json b/2019/16xxx/CVE-2019-16566.json index 02714d69d0f..d25c41916bb 100644 --- a/2019/16xxx/CVE-2019-16566.json +++ b/2019/16xxx/CVE-2019-16566.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(1)", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16567.json b/2019/16xxx/CVE-2019-16567.json index e5bad309118..29b25f1779e 100644 --- a/2019/16xxx/CVE-2019-16567.json +++ b/2019/16xxx/CVE-2019-16567.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(2)", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(2)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16568.json b/2019/16xxx/CVE-2019-16568.json index 3afad5769eb..6415d79e7b2 100644 --- a/2019/16xxx/CVE-2019-16568.json +++ b/2019/16xxx/CVE-2019-16568.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1521", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1521", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16569.json b/2019/16xxx/CVE-2019-16569.json index 87306dcd1f7..99c2dc9ce8a 100644 --- a/2019/16xxx/CVE-2019-16569.json +++ b/2019/16xxx/CVE-2019-16569.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1603", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1603", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16570.json b/2019/16xxx/CVE-2019-16570.json index e9805bbdf47..531e188898f 100644 --- a/2019/16xxx/CVE-2019-16570.json +++ b/2019/16xxx/CVE-2019-16570.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16571.json b/2019/16xxx/CVE-2019-16571.json index 2850c004f2f..5f0c20294f9 100644 --- a/2019/16xxx/CVE-2019-16571.json +++ b/2019/16xxx/CVE-2019-16571.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16572.json b/2019/16xxx/CVE-2019-16572.json index b7429dcc5db..7dc4d010332 100644 --- a/2019/16xxx/CVE-2019-16572.json +++ b/2019/16xxx/CVE-2019-16572.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1597", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1597", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16573.json b/2019/16xxx/CVE-2019-16573.json index 3702b2dfa7a..e80e0f3ca7e 100644 --- a/2019/16xxx/CVE-2019-16573.json +++ b/2019/16xxx/CVE-2019-16573.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1600", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1600", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16574.json b/2019/16xxx/CVE-2019-16574.json index 0cbe6cefedc..7b1f8b420cf 100644 --- a/2019/16xxx/CVE-2019-16574.json +++ b/2019/16xxx/CVE-2019-16574.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1600", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1600", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16575.json b/2019/16xxx/CVE-2019-16575.json index 1bc575fa7e0..c4d5871e5ce 100644 --- a/2019/16xxx/CVE-2019-16575.json +++ b/2019/16xxx/CVE-2019-16575.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1602", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1602", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/16xxx/CVE-2019-16576.json b/2019/16xxx/CVE-2019-16576.json index 20352dd7253..2da44bbcd93 100644 --- a/2019/16xxx/CVE-2019-16576.json +++ b/2019/16xxx/CVE-2019-16576.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1602", "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1602", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1" } ] } diff --git a/2019/17xxx/CVE-2019-17123.json b/2019/17xxx/CVE-2019-17123.json index c2704950def..0c5350e587d 100644 --- a/2019/17xxx/CVE-2019-17123.json +++ b/2019/17xxx/CVE-2019-17123.json @@ -56,6 +56,11 @@ "url": "http://www.egain.com/products/email-management-software/", "refsource": "MISC", "name": "http://www.egain.com/products/email-management-software/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/maverislabs/cve-2019-17123-cbc946c99f8", + "url": "https://medium.com/maverislabs/cve-2019-17123-cbc946c99f8" } ] } diff --git a/2019/18xxx/CVE-2019-18670.json b/2019/18xxx/CVE-2019-18670.json new file mode 100644 index 00000000000..ffad28d07ff --- /dev/null +++ b/2019/18xxx/CVE-2019-18670.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/open?id=1r0cr-H_FMc8V4hwlqF1MAEhSSnztm5sp", + "refsource": "MISC", + "name": "https://drive.google.com/open?id=1r0cr-H_FMc8V4hwlqF1MAEhSSnztm5sp" + }, + { + "refsource": "CONFIRM", + "name": "https://us.answers.acer.com/app/answers/detail/a_id/64586", + "url": "https://us.answers.acer.com/app/answers/detail/a_id/64586" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18935.json b/2019/18xxx/CVE-2019-18935.json index 2f1eee2c768..68e0f300d83 100644 --- a/2019/18xxx/CVE-2019-18935.json +++ b/2019/18xxx/CVE-2019-18935.json @@ -71,6 +71,16 @@ "refsource": "MISC", "name": "https://github.com/bao7uo/RAU_crypto", "url": "https://github.com/bao7uo/RAU_crypto" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui", + "url": "https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui" + }, + { + "refsource": "MISC", + "name": "https://github.com/noperator/CVE-2019-18935", + "url": "https://github.com/noperator/CVE-2019-18935" } ] } diff --git a/2019/18xxx/CVE-2019-18956.json b/2019/18xxx/CVE-2019-18956.json new file mode 100644 index 00000000000..0560a427c6d --- /dev/null +++ b/2019/18xxx/CVE-2019-18956.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a seria1.0lized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a serialized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. Affected products include Proxia Premium Edition 2017 and Sparkspace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/blackarrowsec/advisories/tree/master/2019/CVE-2019-18956", + "url": "https://github.com/blackarrowsec/advisories/tree/master/2019/CVE-2019-18956" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19847.json b/2019/19xxx/CVE-2019-19847.json new file mode 100644 index 00000000000..9d8cd0d5f38 --- /dev/null +++ b/2019/19xxx/CVE-2019-19847.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fontforge/libspiro/issues/21", + "refsource": "MISC", + "name": "https://github.com/fontforge/libspiro/issues/21" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19848.json b/2019/19xxx/CVE-2019-19848.json new file mode 100644 index 00000000000..55b7c6d2bac --- /dev/null +++ b/2019/19xxx/CVE-2019-19848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19849.json b/2019/19xxx/CVE-2019-19849.json new file mode 100644 index 00000000000..c743008bfb2 --- /dev/null +++ b/2019/19xxx/CVE-2019-19849.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19849", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file