From 7903555c354ffb041e0460b1697b6173af27ed4c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 6 Mar 2019 17:05:51 -0500 Subject: [PATCH] - Synchronized data. --- 2019/1xxx/CVE-2019-1588.json | 168 +++++++++---------- 2019/1xxx/CVE-2019-1591.json | 166 +++++++++--------- 2019/1xxx/CVE-2019-1593.json | 300 ++++++++++++++++----------------- 2019/1xxx/CVE-2019-1594.json | 316 +++++++++++++++++------------------ 2019/1xxx/CVE-2019-1595.json | 166 +++++++++--------- 2019/9xxx/CVE-2019-9606.json | 48 +++++- 2019/9xxx/CVE-2019-9607.json | 48 +++++- 2019/9xxx/CVE-2019-9608.json | 62 +++++++ 2019/9xxx/CVE-2019-9609.json | 62 +++++++ 2019/9xxx/CVE-2019-9610.json | 62 +++++++ 2019/9xxx/CVE-2019-9611.json | 62 +++++++ 2019/9xxx/CVE-2019-9612.json | 62 +++++++ 2019/9xxx/CVE-2019-9613.json | 62 +++++++ 2019/9xxx/CVE-2019-9614.json | 62 +++++++ 2019/9xxx/CVE-2019-9615.json | 62 +++++++ 2019/9xxx/CVE-2019-9616.json | 62 +++++++ 2019/9xxx/CVE-2019-9617.json | 62 +++++++ 2019/9xxx/CVE-2019-9618.json | 18 ++ 18 files changed, 1288 insertions(+), 562 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9608.json create mode 100644 2019/9xxx/CVE-2019-9609.json create mode 100644 2019/9xxx/CVE-2019-9610.json create mode 100644 2019/9xxx/CVE-2019-9611.json create mode 100644 2019/9xxx/CVE-2019-9612.json create mode 100644 2019/9xxx/CVE-2019-9613.json create mode 100644 2019/9xxx/CVE-2019-9614.json create mode 100644 2019/9xxx/CVE-2019-9615.json create mode 100644 2019/9xxx/CVE-2019-9616.json create mode 100644 2019/9xxx/CVE-2019-9617.json create mode 100644 2019/9xxx/CVE-2019-9618.json diff --git a/2019/1xxx/CVE-2019-1588.json b/2019/1xxx/CVE-2019-1588.json index c312cd7e714..c77717f08b1 100644 --- a/2019/1xxx/CVE-2019-1588.json +++ b/2019/1xxx/CVE-2019-1588.json @@ -1,87 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-03-06T16:00:00-0800", - "ID": "CVE-2019-1588", - "STATE": "PUBLIC", - "TITLE": "Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode ", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "14.0(1h)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", + "ID" : "CVE-2019-1588", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode ", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "14.0(1h)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h)." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "4.4", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-20" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h)." - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "4.4", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190306 Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190306-aci-file-read", - "defect": [ - [ - "CSCvm52064" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190306 Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190306-aci-file-read", + "defect" : [ + [ + "CSCvm52064" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1591.json b/2019/1xxx/CVE-2019-1591.json index 0af353ab1b8..fd103a0c4bf 100644 --- a/2019/1xxx/CVE-2019-1591.json +++ b/2019/1xxx/CVE-2019-1591.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-03-06T16:00:00-0800", - "ID": "CVE-2019-1591", - "STATE": "PUBLIC", - "TITLE": "Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode ", - "version": { - "version_data": [ - { - "version_value": "14.0(3d)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", + "ID" : "CVE-2019-1591", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode ", + "version" : { + "version_data" : [ + { + "version_value" : "14.0(3d)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d)." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "7.8", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-264" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d). " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "7.8", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-264" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190306 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190306-aci-shell-escape", - "defect": [ - [ - "CSCvm52063" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190306 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190306-aci-shell-escape", + "defect" : [ + [ + "CSCvm52063" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1593.json b/2019/1xxx/CVE-2019-1593.json index b17b9732e3a..478435fdc94 100644 --- a/2019/1xxx/CVE-2019-1593.json +++ b/2019/1xxx/CVE-2019-1593.json @@ -1,153 +1,153 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-03-06T16:00:00-0800", - "ID": "CVE-2019-1593", - "STATE": "PUBLIC", - "TITLE": "Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Nexus 3000 Series Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.0(3)I7(4)" - } - ] - } - }, - { - "product_name": "Nexus 3500 Platform Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.0(3)I7(4)" - } - ] - } - }, - { - "product_name": "Nexus 3600 Platform Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.0(3)F3(5)" - } - ] - } - }, - { - "product_name": "Nexus 7000 and 7700 Series Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "8.2(3)" - } - ] - } - }, - { - "product_name": "Nexus 9000 Series Fabric Switches in ACI Mode", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "13.2(4d)" - }, - { - "affected": "<", - "version_value": "14.0(1h)" - } - ] - } - }, - { - "product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.0(3)I4(9)" - }, - { - "affected": "<", - "version_value": "7.0(3)I7(4)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", + "ID" : "CVE-2019-1593", + "STATE" : "PUBLIC", + "TITLE" : "Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Nexus 3000 Series Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.0(3)I7(4)" + } + ] + } + }, + { + "product_name" : "Nexus 3500 Platform Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.0(3)I7(4)" + } + ] + } + }, + { + "product_name" : "Nexus 3600 Platform Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.0(3)F3(5)" + } + ] + } + }, + { + "product_name" : "Nexus 7000 and 7700 Series Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "8.2(3)" + } + ] + } + }, + { + "product_name" : "Nexus 9000 Series Fabric Switches in ACI Mode", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "13.2(4d)" + }, + { + "affected" : "<", + "version_value" : "14.0(1h)" + } + ] + } + }, + { + "product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.0(3)I4(9)" + }, + { + "affected" : "<", + "version_value" : "7.0(3)I7(4)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. For example, a dev-ops user could escalate their privilege level to admin with a successful exploit of this vulnerability." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "7.8", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-264" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. For example, a dev-ops user could escalate their privilege level to admin with a successful exploit of this vulnerability. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "7.8", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-264" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190306 Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190306-nx-os-bash-escal", - "defect": [ - [ - "CSCvj59431", - "CSCvj59446", - "CSCvk52940", - "CSCvk52941" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190306 Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190306-nx-os-bash-escal", + "defect" : [ + [ + "CSCvj59431", + "CSCvj59446", + "CSCvk52940", + "CSCvk52941" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1594.json b/2019/1xxx/CVE-2019-1594.json index 17f78e7c03c..0590cffd569 100644 --- a/2019/1xxx/CVE-2019-1594.json +++ b/2019/1xxx/CVE-2019-1594.json @@ -1,161 +1,161 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-03-06T16:00:00-0800", - "ID": "CVE-2019-1594", - "STATE": "PUBLIC", - "TITLE": "Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Nexus 1000V Switch for VMware vSphere", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "5.2(1)SV3(1.4b)" - } - ] - } - }, - { - "product_name": "Nexus 3000 Series Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.0(3)I7(4)" - } - ] - } - }, - { - "product_name": "Nexus 3500 Platform Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.0(3)I7(4)" - } - ] - } - }, - { - "product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.3(5)N1(1)" - }, - { - "affected": "<", - "version_value": "7.1(5)N1(1b)" - } - ] - } - }, - { - "product_name": "Nexus 7000 and 7700 Series Switches", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "8.2(3)" - } - ] - } - }, - { - "product_name": "Nexus 9000 Series Fabric Switches in ACI Mode", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "13.2(1l)" - } - ] - } - }, - { - "product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "7.0(3)I7(4)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", + "ID" : "CVE-2019-1594", + "STATE" : "PUBLIC", + "TITLE" : "Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Nexus 1000V Switch for VMware vSphere", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "5.2(1)SV3(1.4b)" + } + ] + } + }, + { + "product_name" : "Nexus 3000 Series Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.0(3)I7(4)" + } + ] + } + }, + { + "product_name" : "Nexus 3500 Platform Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.0(3)I7(4)" + } + ] + } + }, + { + "product_name" : "Nexus 2000, 5500, 5600, and 6000 Series Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.3(5)N1(1)" + }, + { + "affected" : "<", + "version_value" : "7.1(5)N1(1b)" + } + ] + } + }, + { + "product_name" : "Nexus 7000 and 7700 Series Switches", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "8.2(3)" + } + ] + } + }, + { + "product_name" : "Nexus 9000 Series Fabric Switches in ACI Mode", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "13.2(1l)" + } + ] + } + }, + { + "product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "7.0(3)I7(4)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4)." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "7.4", + "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-264" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4)." - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "7.4", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-264" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190306 Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190306-nx-os-lan-auth", - "defect": [ - [ - "CSCvi93959", - "CSCvj22443", - "CSCvj22446", - "CSCvj22447", - "CSCvj22449" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190306 Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190306-nx-os-lan-auth", + "defect" : [ + [ + "CSCvi93959", + "CSCvj22443", + "CSCvj22446", + "CSCvj22447", + "CSCvj22449" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1595.json b/2019/1xxx/CVE-2019-1595.json index 91a3a740b5d..06ec29475d2 100644 --- a/2019/1xxx/CVE-2019-1595.json +++ b/2019/1xxx/CVE-2019-1595.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-03-06T16:00:00-0800", - "ID": "CVE-2019-1595", - "STATE": "PUBLIC", - "TITLE": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco NX-OS Software", - "version": { - "version_data": [ - { - "version_value": "7.3(5)N1(1)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", + "ID" : "CVE-2019-1595", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco NX-OS Software", + "version" : { + "version_data" : [ + { + "version_value" : "7.3(5)N1(1)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "7.4", + "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-913" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)." - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "7.4", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-913" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190306-nexus-fbr-dos", - "defect": [ - [ - "CSCvn24414" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190306-nexus-fbr-dos", + "defect" : [ + [ + "CSCvn24414" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/9xxx/CVE-2019-9606.json b/2019/9xxx/CVE-2019-9606.json index b0d06d50900..848be570a09 100644 --- a/2019/9xxx/CVE-2019-9606.json +++ b/2019/9xxx/CVE-2019-9606.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9606", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the \"Update profile\" feature." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://hackingvila.wordpress.com/2019/03/03/php-script-mall-personal-video-collection-script-has-stored-xss-in-edit-my-profile/", + "refsource" : "MISC", + "url" : "https://hackingvila.wordpress.com/2019/03/03/php-script-mall-personal-video-collection-script-has-stored-xss-in-edit-my-profile/" } ] } diff --git a/2019/9xxx/CVE-2019-9607.json b/2019/9xxx/CVE-2019-9607.json index 20ec55f590f..020791905b5 100644 --- a/2019/9xxx/CVE-2019-9607.json +++ b/2019/9xxx/CVE-2019-9607.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9607", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://hackingvila.wordpress.com/2019/02/24/php-scripts-mall-medical-store-script-3-0-3-has-path-traversal/", + "refsource" : "MISC", + "url" : "https://hackingvila.wordpress.com/2019/02/24/php-scripts-mall-medical-store-script-3-0-3-has-path-traversal/" } ] } diff --git a/2019/9xxx/CVE-2019-9608.json b/2019/9xxx/CVE-2019-9608.json new file mode 100644 index 00000000000..3413a6c5da9 --- /dev/null +++ b/2019/9xxx/CVE-2019-9608.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9608", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97832", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97832" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9609.json b/2019/9xxx/CVE-2019-9609.json new file mode 100644 index 00000000000..6b693580f6f --- /dev/null +++ b/2019/9xxx/CVE-2019-9609.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9609", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97830", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97830" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9610.json b/2019/9xxx/CVE-2019-9610.json new file mode 100644 index 00000000000..b8d8c31c890 --- /dev/null +++ b/2019/9xxx/CVE-2019-9610.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9610", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97838", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97838" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9611.json b/2019/9xxx/CVE-2019-9611.json new file mode 100644 index 00000000000..68e65afbc0f --- /dev/null +++ b/2019/9xxx/CVE-2019-9611.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9611", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97839", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97839" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9612.json b/2019/9xxx/CVE-2019-9612.json new file mode 100644 index 00000000000..1260c6fde89 --- /dev/null +++ b/2019/9xxx/CVE-2019-9612.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9612", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97835", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97835" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9613.json b/2019/9xxx/CVE-2019-9613.json new file mode 100644 index 00000000000..b3bb6c3b817 --- /dev/null +++ b/2019/9xxx/CVE-2019-9613.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9613", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97834", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97834" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9614.json b/2019/9xxx/CVE-2019-9614.json new file mode 100644 index 00000000000..ca11281a2ea --- /dev/null +++ b/2019/9xxx/CVE-2019-9614.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9614", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex=\"freemarker.template.utility.Execute\"?new()> ${ ex(\"' followed by the command." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97837", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97837" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9615.json b/2019/9xxx/CVE-2019-9615.json new file mode 100644 index 00000000000..0a02a64f7a0 --- /dev/null +++ b/2019/9xxx/CVE-2019-9615.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9615", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97836", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97836" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9616.json b/2019/9xxx/CVE-2019-9616.json new file mode 100644 index 00000000000..a48f4476148 --- /dev/null +++ b/2019/9xxx/CVE-2019-9616.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9616", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97833", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97833" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9617.json b/2019/9xxx/CVE-2019-9617.json new file mode 100644 index 00000000000..61bddaead5c --- /dev/null +++ b/2019/9xxx/CVE-2019-9617.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9617", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.seebug.org/vuldb/ssvid-97831", + "refsource" : "MISC", + "url" : "https://www.seebug.org/vuldb/ssvid-97831" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9618.json b/2019/9xxx/CVE-2019-9618.json new file mode 100644 index 00000000000..a606ec6bd36 --- /dev/null +++ b/2019/9xxx/CVE-2019-9618.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9618", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}