From 7ae8fb2b7e6de912b684034004a4a30aa47e0772 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 9 Apr 2019 16:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/9xxx/CVE-2015-9284.json | 18 +++ 2017/14xxx/CVE-2017-14191.json | 2 +- 2017/17xxx/CVE-2017-17544.json | 58 ++++++++- 2018/13xxx/CVE-2018-13405.json | 5 + 2018/15xxx/CVE-2018-15631.json | 183 +++++++++++++------------- 2018/15xxx/CVE-2018-15635.json | 183 +++++++++++++------------- 2018/15xxx/CVE-2018-15640.json | 171 +++++++++++++------------ 2018/20xxx/CVE-2018-20483.json | 5 + 2018/4xxx/CVE-2018-4460.json | 9 +- 2019/11xxx/CVE-2019-11032.json | 18 +++ 2019/11xxx/CVE-2019-11033.json | 18 +++ 2019/11xxx/CVE-2019-11034.json | 18 +++ 2019/11xxx/CVE-2019-11035.json | 18 +++ 2019/11xxx/CVE-2019-11036.json | 18 +++ 2019/11xxx/CVE-2019-11037.json | 18 +++ 2019/11xxx/CVE-2019-11038.json | 18 +++ 2019/11xxx/CVE-2019-11039.json | 18 +++ 2019/11xxx/CVE-2019-11040.json | 18 +++ 2019/11xxx/CVE-2019-11041.json | 18 +++ 2019/11xxx/CVE-2019-11042.json | 18 +++ 2019/11xxx/CVE-2019-11043.json | 18 +++ 2019/11xxx/CVE-2019-11044.json | 18 +++ 2019/11xxx/CVE-2019-11045.json | 18 +++ 2019/11xxx/CVE-2019-11046.json | 18 +++ 2019/11xxx/CVE-2019-11047.json | 18 +++ 2019/11xxx/CVE-2019-11048.json | 18 +++ 2019/11xxx/CVE-2019-11049.json | 18 +++ 2019/11xxx/CVE-2019-11050.json | 18 +++ 2019/11xxx/CVE-2019-11051.json | 18 +++ 2019/11xxx/CVE-2019-11052.json | 18 +++ 2019/11xxx/CVE-2019-11053.json | 18 +++ 2019/3xxx/CVE-2019-3792.json | 86 ++++++++++++- 2019/3xxx/CVE-2019-3795.json | 96 +++++++++++++- 2019/3xxx/CVE-2019-3870.json | 15 ++- 2019/3xxx/CVE-2019-3880.json | 9 +- 2019/3xxx/CVE-2019-3887.json | 5 +- 2019/3xxx/CVE-2019-3893.json | 21 +-- 2019/3xxx/CVE-2019-3940.json | 58 ++++++++- 2019/3xxx/CVE-2019-3941.json | 58 ++++++++- 2019/5xxx/CVE-2019-5615.json | 228 ++++++++++++++++----------------- 40 files changed, 1181 insertions(+), 425 deletions(-) create mode 100644 2015/9xxx/CVE-2015-9284.json create mode 100644 2019/11xxx/CVE-2019-11032.json create mode 100644 2019/11xxx/CVE-2019-11033.json create mode 100644 2019/11xxx/CVE-2019-11034.json create mode 100644 2019/11xxx/CVE-2019-11035.json create mode 100644 2019/11xxx/CVE-2019-11036.json create mode 100644 2019/11xxx/CVE-2019-11037.json create mode 100644 2019/11xxx/CVE-2019-11038.json create mode 100644 2019/11xxx/CVE-2019-11039.json create mode 100644 2019/11xxx/CVE-2019-11040.json create mode 100644 2019/11xxx/CVE-2019-11041.json create mode 100644 2019/11xxx/CVE-2019-11042.json create mode 100644 2019/11xxx/CVE-2019-11043.json create mode 100644 2019/11xxx/CVE-2019-11044.json create mode 100644 2019/11xxx/CVE-2019-11045.json create mode 100644 2019/11xxx/CVE-2019-11046.json create mode 100644 2019/11xxx/CVE-2019-11047.json create mode 100644 2019/11xxx/CVE-2019-11048.json create mode 100644 2019/11xxx/CVE-2019-11049.json create mode 100644 2019/11xxx/CVE-2019-11050.json create mode 100644 2019/11xxx/CVE-2019-11051.json create mode 100644 2019/11xxx/CVE-2019-11052.json create mode 100644 2019/11xxx/CVE-2019-11053.json diff --git a/2015/9xxx/CVE-2015-9284.json b/2015/9xxx/CVE-2015-9284.json new file mode 100644 index 00000000000..775e042e68d --- /dev/null +++ b/2015/9xxx/CVE-2015-9284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-9284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14191.json b/2017/14xxx/CVE-2017-14191.json index 8ab6c36c834..1b603da9606 100644 --- a/2017/14xxx/CVE-2017-14191.json +++ b/2017/14xxx/CVE-2017-14191.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 and above under \"Signed Security Mode\", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. A fix is scheduled in upcoming FortiWeb v6.1.0." + "value": "An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under \"Signed Security Mode\", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie." } ] }, diff --git a/2017/17xxx/CVE-2017-17544.json b/2017/17xxx/CVE-2017-17544.json index 134e1873fac..256ee4bf3d8 100644 --- a/2017/17xxx/CVE-2017-17544.json +++ b/2017/17xxx/CVE-2017-17544.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-17544", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17544", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_value": "< 6.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-17-053", + "url": "https://fortiguard.com/advisory/FG-IR-17-053" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability in Fortinet FortiOS all versions below 6.2.0 allows admin users to elevate their profile to super_admin via restoring modified configurations." } ] } diff --git a/2018/13xxx/CVE-2018-13405.json b/2018/13xxx/CVE-2018-13405.json index b03de6906b3..2f777ea7313 100644 --- a/2018/13xxx/CVE-2018-13405.json +++ b/2018/13xxx/CVE-2018-13405.json @@ -136,6 +136,11 @@ "name": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0717", + "url": "https://access.redhat.com/errata/RHSA-2019:0717" } ] } diff --git a/2018/15xxx/CVE-2018-15631.json b/2018/15xxx/CVE-2018-15631.json index ee1e6fd2763..ef1295da21d 100644 --- a/2018/15xxx/CVE-2018-15631.json +++ b/2018/15xxx/CVE-2018-15631.json @@ -1,93 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@odoo.com", - "ID": "CVE-2018-15631", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Odoo Community", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "12.0" - } - ] - } - }, - { - "product_name": "Odoo Enterprise", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "12.0" - } - ] - } - } - ] - }, - "vendor_name": "Odoo" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@odoo.com", + "ID": "CVE-2018-15631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Odoo Community", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "12.0" + } + ] + } + }, + { + "product_name": "Odoo Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "12.0" + } + ] + } + } + ] + }, + "vendor_name": "Odoo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://github.com/odoo/odoo/issues/32516" - } - ] - }, - "source": { - "advisory": "ODOO-SA-2018-11-28-3", - "discovery": "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/odoo/odoo/issues/32516", + "name": "https://github.com/odoo/odoo/issues/32516" + } + ] + }, + "source": { + "advisory": "ODOO-SA-2018-11-28-3", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15635.json b/2018/15xxx/CVE-2018-15635.json index cbe233769a4..a571fbc8e5a 100644 --- a/2018/15xxx/CVE-2018-15635.json +++ b/2018/15xxx/CVE-2018-15635.json @@ -1,93 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@odoo.com", - "ID": "CVE-2018-15635", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Odoo Community", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "12.0" - } - ] - } - }, - { - "product_name": "Odoo Enterprise", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "12.0" - } - ] - } - } - ] - }, - "vendor_name": "Odoo" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@odoo.com", + "ID": "CVE-2018-15635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Odoo Community", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "12.0" + } + ] + } + }, + { + "product_name": "Odoo Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "12.0" + } + ] + } + } + ] + }, + "vendor_name": "Odoo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://github.com/odoo/odoo/issues/32515" - } - ] - }, - "source": { - "advisory": "ODOO-SA-2018-11-28-2", - "discovery": "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/odoo/odoo/issues/32515", + "name": "https://github.com/odoo/odoo/issues/32515" + } + ] + }, + "source": { + "advisory": "ODOO-SA-2018-11-28-2", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15640.json b/2018/15xxx/CVE-2018-15640.json index 556f03f4a47..a87bd866a77 100644 --- a/2018/15xxx/CVE-2018-15640.json +++ b/2018/15xxx/CVE-2018-15640.json @@ -1,87 +1,88 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@odoo.com", - "DATE_PUBLIC": "2019-04-05T14:00:00.000Z", - "ID": "CVE-2018-15640", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Odoo Enterprise", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "12.0" - }, - { - "version_affected": ">=", - "version_value": "10.0" - } - ] - } - } - ] - }, - "vendor_name": "Odoo" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@odoo.com", + "DATE_PUBLIC": "2019-04-05T14:00:00.000Z", + "ID": "CVE-2018-15640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Odoo Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "12.0" + }, + { + "version_affected": ">=", + "version_value": "10.0" + } + ] + } + } + ] + }, + "vendor_name": "Odoo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://github.com/odoo/odoo/issues/32514" - } - ] - }, - "source": { - "advisory": "ODOO-SA-2018-11-28-1", - "discovery": "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/odoo/odoo/issues/32514", + "name": "https://github.com/odoo/odoo/issues/32514" + } + ] + }, + "source": { + "advisory": "ODOO-SA-2018-11-28-1", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20483.json b/2018/20xxx/CVE-2018-20483.json index 03befb3eff1..113496781e6 100644 --- a/2018/20xxx/CVE-2018-20483.json +++ b/2018/20xxx/CVE-2018-20483.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190321-0002/", "url": "https://security.netapp.com/advisory/ntap-20190321-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3943-1", + "url": "https://usn.ubuntu.com/3943-1/" } ] } diff --git a/2018/4xxx/CVE-2018-4460.json b/2018/4xxx/CVE-2018-4460.json index 4885ffcded5..e9b73cf49e7 100644 --- a/2018/4xxx/CVE-2018-4460.json +++ b/2018/4xxx/CVE-2018-4460.json @@ -56,8 +56,13 @@ }, { "refsource": "MISC", - "name": "https://support.apple.com/kb/HT209340https://support.apple.com/kb/HT209341", - "url": "https://support.apple.com/kb/HT209340https://support.apple.com/kb/HT209341" + "name": "https://support.apple.com/kb/HT209340", + "url": "https://support.apple.com/kb/HT209340" + }, + { + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT209341", + "url": "https://support.apple.com/kb/HT209341" } ] }, diff --git a/2019/11xxx/CVE-2019-11032.json b/2019/11xxx/CVE-2019-11032.json new file mode 100644 index 00000000000..e184ec15db9 --- /dev/null +++ b/2019/11xxx/CVE-2019-11032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11033.json b/2019/11xxx/CVE-2019-11033.json new file mode 100644 index 00000000000..974509c82a8 --- /dev/null +++ b/2019/11xxx/CVE-2019-11033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11034.json b/2019/11xxx/CVE-2019-11034.json new file mode 100644 index 00000000000..bce37287314 --- /dev/null +++ b/2019/11xxx/CVE-2019-11034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11035.json b/2019/11xxx/CVE-2019-11035.json new file mode 100644 index 00000000000..882f6bbba71 --- /dev/null +++ b/2019/11xxx/CVE-2019-11035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11036.json b/2019/11xxx/CVE-2019-11036.json new file mode 100644 index 00000000000..820d5476e29 --- /dev/null +++ b/2019/11xxx/CVE-2019-11036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11037.json b/2019/11xxx/CVE-2019-11037.json new file mode 100644 index 00000000000..90b12b1a478 --- /dev/null +++ b/2019/11xxx/CVE-2019-11037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11038.json b/2019/11xxx/CVE-2019-11038.json new file mode 100644 index 00000000000..baabf5a47da --- /dev/null +++ b/2019/11xxx/CVE-2019-11038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11039.json b/2019/11xxx/CVE-2019-11039.json new file mode 100644 index 00000000000..1955b604b79 --- /dev/null +++ b/2019/11xxx/CVE-2019-11039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11040.json b/2019/11xxx/CVE-2019-11040.json new file mode 100644 index 00000000000..d05230ff508 --- /dev/null +++ b/2019/11xxx/CVE-2019-11040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11041.json b/2019/11xxx/CVE-2019-11041.json new file mode 100644 index 00000000000..037eea4a364 --- /dev/null +++ b/2019/11xxx/CVE-2019-11041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11042.json b/2019/11xxx/CVE-2019-11042.json new file mode 100644 index 00000000000..18d609be321 --- /dev/null +++ b/2019/11xxx/CVE-2019-11042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11043.json b/2019/11xxx/CVE-2019-11043.json new file mode 100644 index 00000000000..587aac93423 --- /dev/null +++ b/2019/11xxx/CVE-2019-11043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11044.json b/2019/11xxx/CVE-2019-11044.json new file mode 100644 index 00000000000..ac46fe0bf8e --- /dev/null +++ b/2019/11xxx/CVE-2019-11044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11045.json b/2019/11xxx/CVE-2019-11045.json new file mode 100644 index 00000000000..a9728acf559 --- /dev/null +++ b/2019/11xxx/CVE-2019-11045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11046.json b/2019/11xxx/CVE-2019-11046.json new file mode 100644 index 00000000000..015c35f1919 --- /dev/null +++ b/2019/11xxx/CVE-2019-11046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11047.json b/2019/11xxx/CVE-2019-11047.json new file mode 100644 index 00000000000..e4772340828 --- /dev/null +++ b/2019/11xxx/CVE-2019-11047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11048.json b/2019/11xxx/CVE-2019-11048.json new file mode 100644 index 00000000000..9d9bb018dbe --- /dev/null +++ b/2019/11xxx/CVE-2019-11048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11049.json b/2019/11xxx/CVE-2019-11049.json new file mode 100644 index 00000000000..183b87bc27d --- /dev/null +++ b/2019/11xxx/CVE-2019-11049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11050.json b/2019/11xxx/CVE-2019-11050.json new file mode 100644 index 00000000000..1cd4d475e61 --- /dev/null +++ b/2019/11xxx/CVE-2019-11050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11051.json b/2019/11xxx/CVE-2019-11051.json new file mode 100644 index 00000000000..e6c2d597853 --- /dev/null +++ b/2019/11xxx/CVE-2019-11051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11052.json b/2019/11xxx/CVE-2019-11052.json new file mode 100644 index 00000000000..86fcb00e38a --- /dev/null +++ b/2019/11xxx/CVE-2019-11052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11053.json b/2019/11xxx/CVE-2019-11053.json new file mode 100644 index 00000000000..bd52191c073 --- /dev/null +++ b/2019/11xxx/CVE-2019-11053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3792.json b/2019/3xxx/CVE-2019-3792.json index 26c896ba238..527a8ca24ad 100644 --- a/2019/3xxx/CVE-2019-3792.json +++ b/2019/3xxx/CVE-2019-3792.json @@ -1 +1,85 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-03-26T00:00:00.000Z","ID":"CVE-2019-3792","STATE":"PUBLIC","TITLE":"Concourse 5.0.0 SQL Injection vulnerability"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Concourse","version":{"version_data":[{"affected":"<","version_name":"All","version_value":"v5.0.1"}]}}]},"vendor_name":"Pivotal"}]}},"description":{"description_data":[{"lang":"eng","value":"Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89: SQL Injection"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3792","name":"https://pivotal.io/security/cve-2019-3792"}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","version":"3.0"}}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-03-26T00:00:00.000Z", + "ID": "CVE-2019-3792", + "STATE": "PUBLIC", + "TITLE": "Concourse 5.0.0 SQL Injection vulnerability" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Concourse", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "v5.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3792", + "name": "https://pivotal.io/security/cve-2019-3792" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3795.json b/2019/3xxx/CVE-2019-3795.json index dda0e422a2b..dabba038e5e 100644 --- a/2019/3xxx/CVE-2019-3795.json +++ b/2019/3xxx/CVE-2019-3795.json @@ -1 +1,95 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-04-04T18:01:40.000Z","ID":"CVE-2019-3795","STATE":"PUBLIC","TITLE":"Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Security","version":{"version_data":[{"affected":"<","version_name":"5.0","version_value":"5.0.11.RELEASE"},{"affected":"<","version_name":"5.1","version_value":"5.1.4.RELEASE"},{"affected":"<","version_name":"4.2","version_value":"4.2.11.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-330: Use of Insufficiently Random Values"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3795","name":"https://pivotal.io/security/cve-2019-3795"}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"PHYSICAL","availabilityImpact":"NONE","baseScore":3.8,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N","version":"3.0"}}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-04T18:01:40.000Z", + "ID": "CVE-2019-3795", + "STATE": "PUBLIC", + "TITLE": "Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Security", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.0", + "version_value": "5.0.11.RELEASE" + }, + { + "affected": "<", + "version_name": "5.1", + "version_value": "5.1.4.RELEASE" + }, + { + "affected": "<", + "version_name": "4.2", + "version_value": "4.2.11.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330: Use of Insufficiently Random Values" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3795", + "name": "https://pivotal.io/security/cve-2019-3795" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3870.json b/2019/3xxx/CVE-2019-3870.json index 433de33f05e..c5bbbe8ca01 100644 --- a/2019/3xxx/CVE-2019-3870.json +++ b/2019/3xxx/CVE-2019-3870.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3870", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -47,10 +48,14 @@ "references": { "reference_data": [ { - "url": "https://www.samba.org/samba/security/CVE-2019-3870.html" + "url": "https://www.samba.org/samba/security/CVE-2019-3870.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-3870.html" }, { - "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834" + "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834", + "refsource": "MISC", + "name": "https://bugzilla.samba.org/show_bug.cgi?id=13834" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870", @@ -63,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update." + "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update." } ] }, @@ -77,4 +82,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3880.json b/2019/3xxx/CVE-2019-3880.json index a13b07ab859..7fe58ee9a17 100644 --- a/2019/3xxx/CVE-2019-3880.json +++ b/2019/3xxx/CVE-2019-3880.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3880", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -50,7 +51,9 @@ "references": { "reference_data": [ { - "url": "https://www.samba.org/samba/security/CVE-2019-3880.html" + "url": "https://www.samba.org/samba/security/CVE-2019-3880.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-3880.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880", @@ -77,4 +80,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3887.json b/2019/3xxx/CVE-2019-3887.json index 837ba005244..00a1b70614a 100644 --- a/2019/3xxx/CVE-2019-3887.json +++ b/2019/3xxx/CVE-2019-3887.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3887", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3893.json b/2019/3xxx/CVE-2019-3893.json index 63ba3bb0dcf..65f7922a921 100644 --- a/2019/3xxx/CVE-2019-3893.json +++ b/2019/3xxx/CVE-2019-3893.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3893", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -49,16 +50,20 @@ }, "references": { "reference_data": [ - { - "url": "https://projects.theforeman.org/issues/26450" - }, - { - "url": "https://github.com/theforeman/foreman/pull/6621" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893", "refsource": "CONFIRM" + }, + { + "url": "https://projects.theforeman.org/issues/26450", + "refsource": "MISC", + "name": "https://projects.theforeman.org/issues/26450" + }, + { + "url": "https://github.com/theforeman/foreman/pull/6621", + "refsource": "MISC", + "name": "https://github.com/theforeman/foreman/pull/6621" } ] }, @@ -80,4 +85,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3940.json b/2019/3xxx/CVE-2019-3940.json index e8598bcf59d..66f8ce2b4fe 100644 --- a/2019/3xxx/CVE-2019-3940.json +++ b/2019/3xxx/CVE-2019-3940.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3940", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3940", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Advantech", + "product": { + "product_data": [ + { + "product_name": "WebAccess", + "version": { + "version_data": [ + { + "version_value": "8.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-15", + "url": "https://www.tenable.com/security/research/tra-2019-15" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code." } ] } diff --git a/2019/3xxx/CVE-2019-3941.json b/2019/3xxx/CVE-2019-3941.json index da8972703c4..a5202e1106e 100644 --- a/2019/3xxx/CVE-2019-3941.json +++ b/2019/3xxx/CVE-2019-3941.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3941", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3941", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Advantech", + "product": { + "product_data": [ + { + "product_name": "WebAccess", + "version": { + "version_data": [ + { + "version_value": "8.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestrived File Deletion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-15", + "url": "https://www.tenable.com/security/research/tra-2019-15" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC." } ] } diff --git a/2019/5xxx/CVE-2019-5615.json b/2019/5xxx/CVE-2019-5615.json index 82981b07498..c3a8f41749e 100644 --- a/2019/5xxx/CVE-2019-5615.json +++ b/2019/5xxx/CVE-2019-5615.json @@ -1,116 +1,116 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@rapid7.com", - "DATE_PUBLIC": "2019-01-30T14:00:00.000Z", - "ID": "CVE-2019-5615", - "STATE": "PUBLIC", - "TITLE": "Rapid7 InsightVM Stored Credential Exposure" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "InsightVM", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "6.5.49", - "version_value": "6.5.49" - }, - { - "version_affected": ">=", - "version_name": "6.5.11", - "version_value": "6.5.11" - } - ] - } - } - ] - }, - "vendor_name": "Rapid7" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered, and reported to Rapid7, by Robert Elliott from IBM Security. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "DATE_PUBLIC": "2019-01-30T14:00:00.000Z", + "ID": "CVE-2019-5615", + "STATE": "PUBLIC", + "TITLE": "Rapid7 InsightVM Stored Credential Exposure" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InsightVM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.5.49", + "version_value": "6.5.49" + }, + { + "version_affected": ">=", + "version_name": "6.5.11", + "version_value": "6.5.11" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } + ] + } + }, + "credit": [ + { "lang": "eng", - "value": "Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects:\nRapid7 InsightVM versions 6.5.11 through 6.5.49.\n" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.6" - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 3.1, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-257" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": " Storing Passwords in a Recoverable Format" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50", - "refsource": "CONFIRM", - "url": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Update the Security Console to version 6.5.50 or later." - } - ], - "source": { - "defect": [ - "NEX-51442" - ], - "discovery": "USER" - } -} + "value": "This issue was discovered, and reported to Rapid7, by Robert Elliott from IBM Security. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-257" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": " Storing Passwords in a Recoverable Format" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50", + "refsource": "CONFIRM", + "url": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update the Security Console to version 6.5.50 or later." + } + ], + "source": { + "defect": [ + "NEX-51442" + ], + "discovery": "USER" + } +} \ No newline at end of file