From 8ad0b78bbf15f6695aa2f5d1fee045ae2492c016 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Jul 2019 21:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10979.json | 55 +++++++++++++++++++++-- 2019/12xxx/CVE-2019-12098.json | 5 +++ 2019/5xxx/CVE-2019-5497.json | 58 +++++++++++++++++++++--- 2019/6xxx/CVE-2019-6642.json | 82 +++++++++++++++++++++++++++++++--- 2019/7xxx/CVE-2019-7271.json | 53 +++++++++++++++++++++- 2019/7xxx/CVE-2019-7272.json | 58 +++++++++++++++++++++++- 2019/7xxx/CVE-2019-7273.json | 58 +++++++++++++++++++++++- 2019/7xxx/CVE-2019-7274.json | 58 +++++++++++++++++++++++- 2019/9xxx/CVE-2019-9702.json | 63 +++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9703.json | 63 +++++++++++++++++++++++--- 10 files changed, 514 insertions(+), 39 deletions(-) diff --git a/2019/10xxx/CVE-2019-10979.json b/2019/10xxx/CVE-2019-10979.json index 4549cb7e046..f64b25d8ada 100644 --- a/2019/10xxx/CVE-2019-10979.json +++ b/2019/10xxx/CVE-2019-10979.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SICK", + "product": { + "product_data": [ + { + "product_name": "MSC800", + "version": { + "version_data": [ + { + "version_value": "all versions prior to Version 4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "108924", + "url": "http://www.securityfocus.com/bid/108924" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password." } ] } diff --git a/2019/12xxx/CVE-2019-12098.json b/2019/12xxx/CVE-2019-12098.json index 86177765acc..0e2d68a10d9 100644 --- a/2019/12xxx/CVE-2019-12098.json +++ b/2019/12xxx/CVE-2019-12098.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1682", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1688", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html" } ] } diff --git a/2019/5xxx/CVE-2019-5497.json b/2019/5xxx/CVE-2019-5497.json index 2d8c851af02..5f8a68f45e1 100644 --- a/2019/5xxx/CVE-2019-5497.json +++ b/2019/5xxx/CVE-2019-5497.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5497", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5497", + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetApp", + "product": { + "product_data": [ + { + "product_name": "AFF A700s Baseboard Management Controller", + "version": { + "version_data": [ + { + "version_value": "1.22 and higher" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Default Privileged Account" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190627-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190627-0001/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution." } ] } diff --git a/2019/6xxx/CVE-2019-6642.json b/2019/6xxx/CVE-2019-6642.json index 281be1ee89b..66f0b88e242 100644 --- a/2019/6xxx/CVE-2019-6642.json +++ b/2019/6xxx/CVE-2019-6642.json @@ -1,17 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6642", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6642", + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP, BIG-IQ, iWorkflow, Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "BIG-IP 15.0.0" + }, + { + "version_value": "14.0.0-14.1.0.5" + }, + { + "version_value": "13.0.0-13.1.1.5" + }, + { + "version_value": "12.1.0-12.1.4.2" + }, + { + "version_value": "11.5.2-11.6.4" + }, + { + "version_value": "BIG-IQ 6.0.0-6.1.0" + }, + { + "version_value": "5.1.0-5.4.0" + }, + { + "version_value": "iWorkflow 2.3.0" + }, + { + "version_value": "Enterprise Manager 3.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K40378764", + "url": "https://support.f5.com/csp/article/K40378764" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp." } ] } diff --git a/2019/7xxx/CVE-2019-7271.json b/2019/7xxx/CVE-2019-7271.json index 1262912d314..46cebc79663 100644 --- a/2019/7xxx/CVE-2019-7271.json +++ b/2019/7xxx/CVE-2019-7271.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7271", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nortek Linear eMerge 50P/5000P devices have Default Credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://www.applied-risk.com/resources/ar-2019-006", + "url": "https://www.applied-risk.com/resources/ar-2019-006" } ] } diff --git a/2019/7xxx/CVE-2019-7272.json b/2019/7xxx/CVE-2019-7272.json index 336c886a651..64db6b9ec11 100644 --- a/2019/7xxx/CVE-2019-7272.json +++ b/2019/7xxx/CVE-2019-7272.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7272", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Optergy Proton/Enterprise devices allow Username Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "BID", + "name": "108686", + "url": "http://www.securityfocus.com/bid/108686" + }, + { + "refsource": "MISC", + "name": "https://www.applied-risk.com/resources/ar-2019-008", + "url": "https://www.applied-risk.com/resources/ar-2019-008" } ] } diff --git a/2019/7xxx/CVE-2019-7273.json b/2019/7xxx/CVE-2019-7273.json index 47c60e342a4..5255481d8b7 100644 --- a/2019/7xxx/CVE-2019-7273.json +++ b/2019/7xxx/CVE-2019-7273.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7273", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "BID", + "name": "108686", + "url": "http://www.securityfocus.com/bid/108686" + }, + { + "refsource": "MISC", + "name": "https://www.applied-risk.com/resources/ar-2019-008", + "url": "https://www.applied-risk.com/resources/ar-2019-008" } ] } diff --git a/2019/7xxx/CVE-2019-7274.json b/2019/7xxx/CVE-2019-7274.json index 3a9b18c4361..5fc6d7dfbc6 100644 --- a/2019/7xxx/CVE-2019-7274.json +++ b/2019/7xxx/CVE-2019-7274.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7274", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "BID", + "name": "108686", + "url": "http://www.securityfocus.com/bid/108686" + }, + { + "refsource": "MISC", + "name": "https://www.applied-risk.com/resources/ar-2019-008", + "url": "https://www.applied-risk.com/resources/ar-2019-008" } ] } diff --git a/2019/9xxx/CVE-2019-9702.json b/2019/9xxx/CVE-2019-9702.json index f1a725a1b2d..f7f319e2d63 100644 --- a/2019/9xxx/CVE-2019-9702.json +++ b/2019/9xxx/CVE-2019-9702.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9702", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9702", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Endpoint Encryption", + "version": { + "version_data": [ + { + "version_value": "Prior to SEE 11.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "108795", + "url": "http://www.securityfocus.com/bid/108795" + }, + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1485.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1485.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels." } ] } diff --git a/2019/9xxx/CVE-2019-9703.json b/2019/9xxx/CVE-2019-9703.json index 99632d05340..5d6a4dd62b0 100644 --- a/2019/9xxx/CVE-2019-9703.json +++ b/2019/9xxx/CVE-2019-9703.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9703", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9703", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Endpoint Encryption", + "version": { + "version_data": [ + { + "version_value": "Prior to SEE 11.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "108796", + "url": "http://www.securityfocus.com/bid/108796" + }, + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1485.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1485.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels." } ] }