diff --git a/2018/20xxx/CVE-2018-20060.json b/2018/20xxx/CVE-2018-20060.json index d181752375e..03a39c8da9d 100644 --- a/2018/20xxx/CVE-2018-20060.json +++ b/2018/20xxx/CVE-2018-20060.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2272", "url": "https://access.redhat.com/errata/RHSA-2019:2272" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2131", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html" } ] } diff --git a/2019/11xxx/CVE-2019-11236.json b/2019/11xxx/CVE-2019-11236.json index 61ce88b0a60..74e4e6be7c3 100644 --- a/2019/11xxx/CVE-2019-11236.json +++ b/2019/11xxx/CVE-2019-11236.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2272", "url": "https://access.redhat.com/errata/RHSA-2019:2272" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2131", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html" } ] } diff --git a/2019/11xxx/CVE-2019-11324.json b/2019/11xxx/CVE-2019-11324.json index d229703ca73..b2bbfc820bf 100644 --- a/2019/11xxx/CVE-2019-11324.json +++ b/2019/11xxx/CVE-2019-11324.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-3990-1", "url": "https://usn.ubuntu.com/3990-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2131", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html" } ] } diff --git a/2019/14xxx/CVE-2019-14809.json b/2019/14xxx/CVE-2019-14809.json index db7ee7bbb27..c0dc1d3ccb9 100644 --- a/2019/14xxx/CVE-2019-14809.json +++ b/2019/14xxx/CVE-2019-14809.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2085", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2130", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html" } ] } diff --git a/2019/16xxx/CVE-2019-16317.json b/2019/16xxx/CVE-2019-16317.json new file mode 100644 index 00000000000..3018e462e28 --- /dev/null +++ b/2019/16xxx/CVE-2019-16317.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9" + }, + { + "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599", + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16318.json b/2019/16xxx/CVE-2019-16318.json new file mode 100644 index 00000000000..29f311cce34 --- /dev/null +++ b/2019/16xxx/CVE-2019-16318.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f" + }, + { + "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598", + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9512.json b/2019/9xxx/CVE-2019-9512.json index 689e11d9d3d..135879e8e0c 100644 --- a/2019/9xxx/CVE-2019-9512.json +++ b/2019/9xxx/CVE-2019-9512.json @@ -258,6 +258,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2766", "url": "https://access.redhat.com/errata/RHSA-2019:2766" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2130", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index 4ccd27f7f9b..23e70d07d7d 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -258,6 +258,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2766", "url": "https://access.redhat.com/errata/RHSA-2019:2766" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2130", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9740.json b/2019/9xxx/CVE-2019-9740.json index f3d74d2aeb6..7e4492a09e8 100644 --- a/2019/9xxx/CVE-2019-9740.json +++ b/2019/9xxx/CVE-2019-9740.json @@ -116,6 +116,11 @@ "refsource": "UBUNTU", "name": "USN-4127-2", "url": "https://usn.ubuntu.com/4127-2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2131", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html" } ] }