From 818f7d0820d00a0d5699ab4b15287c4ea22ae581 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 May 2019 17:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/1xxx/CVE-2017-1274.json | 5 +++ 2018/16xxx/CVE-2018-16476.json | 17 +++++++--- 2018/16xxx/CVE-2018-16477.json | 8 ++--- 2018/5xxx/CVE-2018-5408.json | 5 +++ 2018/5xxx/CVE-2018-5409.json | 5 +++ 2018/7xxx/CVE-2018-7082.json | 58 ++++++++++++++++++++++++++++++---- 2018/7xxx/CVE-2018-7083.json | 58 ++++++++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11880.json | 18 +++++++++++ 2019/11xxx/CVE-2019-11881.json | 18 +++++++++++ 2019/9xxx/CVE-2019-9505.json | 5 +++ 10 files changed, 175 insertions(+), 22 deletions(-) create mode 100644 2019/11xxx/CVE-2019-11880.json create mode 100644 2019/11xxx/CVE-2019-11881.json diff --git a/2017/1xxx/CVE-2017-1274.json b/2017/1xxx/CVE-2017-1274.json index 666b7d4065e..c669f0e0032 100644 --- a/2017/1xxx/CVE-2017-1274.json +++ b/2017/1xxx/CVE-2017-1274.json @@ -76,6 +76,11 @@ "name": "VU#676632", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/676632" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html" } ] } diff --git a/2018/16xxx/CVE-2018-16476.json b/2018/16xxx/CVE-2018-16476.json index f9532b357d9..d15f39637ab 100644 --- a/2018/16xxx/CVE-2018-16476.json +++ b/2018/16xxx/CVE-2018-16476.json @@ -8,6 +8,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "n/a", "product": { "product_data": [ { @@ -15,14 +16,22 @@ "version": { "version_data": [ { - "version_value": "4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1" + "version_value": "4.2.0 up to and before 4.2.11" + }, + { + "version_value": "4.2.0 up to and before 5.0.7.1" + }, + { + "version_value": "4.2.0 up to and before 5.1.6.1" + }, + { + "version_value": "4.2.0 up to and before 5.2.1.1" } ] } } ] - }, - "vendor_name": "n/a" + } } ] } @@ -34,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have." + "value": "A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1." } ] }, diff --git a/2018/16xxx/CVE-2018-16477.json b/2018/16xxx/CVE-2018-16477.json index c05631fb7fc..1fedebb3105 100644 --- a/2018/16xxx/CVE-2018-16477.json +++ b/2018/16xxx/CVE-2018-16477.json @@ -8,6 +8,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "n/a", "product": { "product_data": [ { @@ -15,14 +16,13 @@ "version": { "version_data": [ { - "version_value": "5.2.1.1" + "version_value": "5.2.0 and later and before 5.2.1.1" } ] } } ] - }, - "vendor_name": "n/a" + } } ] } @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path." + "value": "A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1." } ] }, diff --git a/2018/5xxx/CVE-2018-5408.json b/2018/5xxx/CVE-2018-5408.json index 50a9ade1eac..c6a98a5a72c 100644 --- a/2018/5xxx/CVE-2018-5408.json +++ b/2018/5xxx/CVE-2018-5408.json @@ -62,6 +62,11 @@ "name": "VU#", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/169249/" + }, + { + "refsource": "BID", + "name": "108285", + "url": "http://www.securityfocus.com/bid/108285" } ] }, diff --git a/2018/5xxx/CVE-2018-5409.json b/2018/5xxx/CVE-2018-5409.json index 9a855847c27..1e2aa6ab0cd 100644 --- a/2018/5xxx/CVE-2018-5409.json +++ b/2018/5xxx/CVE-2018-5409.json @@ -62,6 +62,11 @@ "name": "VU#", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/169249/" + }, + { + "refsource": "BID", + "name": "108285", + "url": "http://www.securityfocus.com/bid/108285" } ] }, diff --git a/2018/7xxx/CVE-2018-7082.json b/2018/7xxx/CVE-2018-7082.json index 39fc1d575f3..3bb5ade1fc3 100644 --- a/2018/7xxx/CVE-2018-7082.json +++ b/2018/7xxx/CVE-2018-7082.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-7082", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7082", + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant (IAP)", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated command injection " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0" } ] } diff --git a/2018/7xxx/CVE-2018-7083.json b/2018/7xxx/CVE-2018-7083.json index ba08c1b815a..0c0e795d4c1 100644 --- a/2018/7xxx/CVE-2018-7083.json +++ b/2018/7xxx/CVE-2018-7083.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-7083", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7083", + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant (IAP)", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Core dumps are publicly accessible " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If a process running within Aruba Instant crashes, it may leave behind a \"core dump\", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0" } ] } diff --git a/2019/11xxx/CVE-2019-11880.json b/2019/11xxx/CVE-2019-11880.json new file mode 100644 index 00000000000..77e53242c63 --- /dev/null +++ b/2019/11xxx/CVE-2019-11880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11881.json b/2019/11xxx/CVE-2019-11881.json new file mode 100644 index 00000000000..f8b6cc78812 --- /dev/null +++ b/2019/11xxx/CVE-2019-11881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9505.json b/2019/9xxx/CVE-2019-9505.json index 78ec92531a2..5bc530da75e 100644 --- a/2019/9xxx/CVE-2019-9505.json +++ b/2019/9xxx/CVE-2019-9505.json @@ -62,6 +62,11 @@ "name": "VU#", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/169249/" + }, + { + "refsource": "BID", + "name": "108285", + "url": "http://www.securityfocus.com/bid/108285" } ] },