From 94dfaf4726729932716c3d8e949e6e92ed3e93dc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 26 Aug 2019 18:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/18xxx/CVE-2017-18588.json | 62 +++++++++++++++++++++++++++ 2017/18xxx/CVE-2017-18589.json | 62 +++++++++++++++++++++++++++ 2018/15xxx/CVE-2018-15756.json | 10 +++++ 2018/20xxx/CVE-2018-20989.json | 62 +++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20995.json | 62 +++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20996.json | 62 +++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20997.json | 62 +++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20998.json | 62 +++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12532.json | 61 ++++++++++++++++++++++++--- 2019/13xxx/CVE-2019-13020.json | 62 +++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13476.json | 5 +++ 2019/13xxx/CVE-2019-13477.json | 5 +++ 2019/14xxx/CVE-2019-14685.json | 5 +++ 2019/15xxx/CVE-2019-15092.json | 5 +++ 2019/15xxx/CVE-2019-15304.json | 5 +++ 2019/15xxx/CVE-2019-15501.json | 5 +++ 2019/15xxx/CVE-2019-15503.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15515.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15533.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15542.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15543.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15544.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15545.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15546.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15547.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15548.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15641.json | 62 +++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15642.json | 77 ++++++++++++++++++++++++++++++++++ 2019/7xxx/CVE-2019-7968.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7969.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7970.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7971.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7972.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7973.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7974.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7976.json | 62 +++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7977.json | 62 +++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9648.json | 5 +++ 2019/9xxx/CVE-2019-9649.json | 5 +++ 39 files changed, 1837 insertions(+), 87 deletions(-) create mode 100644 2017/18xxx/CVE-2017-18588.json create mode 100644 2017/18xxx/CVE-2017-18589.json create mode 100644 2018/20xxx/CVE-2018-20989.json create mode 100644 2018/20xxx/CVE-2018-20995.json create mode 100644 2018/20xxx/CVE-2018-20996.json create mode 100644 2018/20xxx/CVE-2018-20997.json create mode 100644 2018/20xxx/CVE-2018-20998.json create mode 100644 2019/13xxx/CVE-2019-13020.json create mode 100644 2019/15xxx/CVE-2019-15503.json create mode 100644 2019/15xxx/CVE-2019-15515.json create mode 100644 2019/15xxx/CVE-2019-15533.json create mode 100644 2019/15xxx/CVE-2019-15542.json create mode 100644 2019/15xxx/CVE-2019-15543.json create mode 100644 2019/15xxx/CVE-2019-15544.json create mode 100644 2019/15xxx/CVE-2019-15545.json create mode 100644 2019/15xxx/CVE-2019-15546.json create mode 100644 2019/15xxx/CVE-2019-15547.json create mode 100644 2019/15xxx/CVE-2019-15548.json create mode 100644 2019/15xxx/CVE-2019-15641.json create mode 100644 2019/15xxx/CVE-2019-15642.json diff --git a/2017/18xxx/CVE-2017-18588.json b/2017/18xxx/CVE-2017-18588.json new file mode 100644 index 00000000000..8f32f17d178 --- /dev/null +++ b/2017/18xxx/CVE-2017-18588.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2017-0003.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2017-0003.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18589.json b/2017/18xxx/CVE-2017-18589.json new file mode 100644 index 00000000000..cb244905342 --- /dev/null +++ b/2017/18xxx/CVE-2017-18589.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2017-0005.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2017-0005.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index d67a289af1b..2bb14746c0b 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -131,6 +131,16 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2018/20xxx/CVE-2018-20989.json b/2018/20xxx/CVE-2018-20989.json new file mode 100644 index 00000000000..59ed0d42ec4 --- /dev/null +++ b/2018/20xxx/CVE-2018-20989.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0001.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20995.json b/2018/20xxx/CVE-2018-20995.json new file mode 100644 index 00000000000..a1d5110d7ee --- /dev/null +++ b/2018/20xxx/CVE-2018-20995.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0008.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0008.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20996.json b/2018/20xxx/CVE-2018-20996.json new file mode 100644 index 00000000000..2d51b2288b1 --- /dev/null +++ b/2018/20xxx/CVE-2018-20996.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0009.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0009.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20997.json b/2018/20xxx/CVE-2018-20997.json new file mode 100644 index 00000000000..cd2c30fa841 --- /dev/null +++ b/2018/20xxx/CVE-2018-20997.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0010.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0010.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20998.json b/2018/20xxx/CVE-2018-20998.json new file mode 100644 index 00000000000..38e6e67ebee --- /dev/null +++ b/2018/20xxx/CVE-2018-20998.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2018-0011.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2018-0011.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12532.json b/2019/12xxx/CVE-2019-12532.json index a5b5f4da517..c3218e5e157 100644 --- a/2019/12xxx/CVE-2019-12532.json +++ b/2019/12xxx/CVE-2019-12532.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12532", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12532", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/", + "url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.insyde.com/security-pledge/SA-2019001", + "url": "https://www.insyde.com/security-pledge/SA-2019001" } ] } diff --git a/2019/13xxx/CVE-2019-13020.json b/2019/13xxx/CVE-2019-13020.json new file mode 100644 index 00000000000..4f429f60f51 --- /dev/null +++ b/2019/13xxx/CVE-2019-13020.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.carouselsignage.com/release-notes/carousel-7-1-3", + "url": "https://www.carouselsignage.com/release-notes/carousel-7-1-3" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13476.json b/2019/13xxx/CVE-2019-13476.json index a8978cc2167..0abfe0000d3 100644 --- a/2019/13xxx/CVE-2019-13476.json +++ b/2019/13xxx/CVE-2019-13476.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13476.md", "url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13476.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154216/CentOS-7.6.1810-Control-Web-Panel-0.9.8.837-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/154216/CentOS-7.6.1810-Control-Web-Panel-0.9.8.837-Cross-Site-Scripting.html" } ] } diff --git a/2019/13xxx/CVE-2019-13477.json b/2019/13xxx/CVE-2019-13477.json index 809c8879a4c..5221f91d8dd 100644 --- a/2019/13xxx/CVE-2019-13477.json +++ b/2019/13xxx/CVE-2019-13477.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13477.md", "url": "https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13477.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154217/CentOS-7.6.1810-Control-Web-Panel-0.9.8.837-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/154217/CentOS-7.6.1810-Control-Web-Panel-0.9.8.837-Cross-Site-Request-Forgery.html" } ] } diff --git a/2019/14xxx/CVE-2019-14685.json b/2019/14xxx/CVE-2019-14685.json index 2e8df024d1e..e39f37dd915 100644 --- a/2019/14xxx/CVE-2019-14685.json +++ b/2019/14xxx/CVE-2019-14685.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20190825 Unquoted Path - Trend Micro", "url": "http://seclists.org/fulldisclosure/2019/Aug/26" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html", + "url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html" } ] } diff --git a/2019/15xxx/CVE-2019-15092.json b/2019/15xxx/CVE-2019-15092.json index 12dafbe58d6..e6f34624b6b 100644 --- a/2019/15xxx/CVE-2019-15092.json +++ b/2019/15xxx/CVE-2019-15092.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/9704", "url": "https://wpvulndb.com/vulnerabilities/9704" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html", + "url": "http://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html" } ] } diff --git a/2019/15xxx/CVE-2019-15304.json b/2019/15xxx/CVE-2019-15304.json index dbd1203008f..30cf0e35372 100644 --- a/2019/15xxx/CVE-2019-15304.json +++ b/2019/15xxx/CVE-2019-15304.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2019/Aug/24", "url": "http://seclists.org/fulldisclosure/2019/Aug/24" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154221/ProGrade-Lierda-Grill-Temperature-1.00_50006-Hardcoded-Credentials.html", + "url": "http://packetstormsecurity.com/files/154221/ProGrade-Lierda-Grill-Temperature-1.00_50006-Hardcoded-Credentials.html" } ] } diff --git a/2019/15xxx/CVE-2019-15501.json b/2019/15xxx/CVE-2019-15501.json index b5877c22b69..fc260158a27 100644 --- a/2019/15xxx/CVE-2019-15501.json +++ b/2019/15xxx/CVE-2019-15501.json @@ -56,6 +56,11 @@ "refsource": "EXPLOIT-DB", "name": "47302", "url": "https://www.exploit-db.com/exploits/47302" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154202/LSoft-ListServ-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/154202/LSoft-ListServ-Cross-Site-Scripting.html" } ] } diff --git a/2019/15xxx/CVE-2019-15503.json b/2019/15xxx/CVE-2019-15503.json new file mode 100644 index 00000000000..b8595aac6f6 --- /dev/null +++ b/2019/15xxx/CVE-2019-15503.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has \"Improper Neutralization of Special Elements used in an OS Command,\" allowing attackers to execute OS commands via an HTTP GET parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.nivel4.com/investigaciones/vulnerabilidad-de-ejecucion-de-comandos-remotos-rce-en-prontuscms/", + "refsource": "MISC", + "name": "https://blog.nivel4.com/investigaciones/vulnerabilidad-de-ejecucion-de-comandos-remotos-rce-en-prontuscms/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15515.json b/2019/15xxx/CVE-2019-15515.json new file mode 100644 index 00000000000..f0f275ba109 --- /dev/null +++ b/2019/15xxx/CVE-2019-15515.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Discourse 2.3.2 sends the CSRF token in the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/pull/8026", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/pull/8026" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15533.json b/2019/15xxx/CVE-2019-15533.json new file mode 100644 index 00000000000..ee7cfd30517 --- /dev/null +++ b/2019/15xxx/CVE-2019-15533.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/XAYRGA/XENFCoreSharp/pull/1", + "refsource": "MISC", + "name": "https://github.com/XAYRGA/XENFCoreSharp/pull/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15542.json b/2019/15xxx/CVE-2019-15542.json new file mode 100644 index 00000000000..76dbf8a9b30 --- /dev/null +++ b/2019/15xxx/CVE-2019-15542.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0001.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15543.json b/2019/15xxx/CVE-2019-15543.json new file mode 100644 index 00000000000..d9cf2e80414 --- /dev/null +++ b/2019/15xxx/CVE-2019-15543.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0002.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15544.json b/2019/15xxx/CVE-2019-15544.json new file mode 100644 index 00000000000..190aac00c1a --- /dev/null +++ b/2019/15xxx/CVE-2019-15544.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0003.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0003.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15545.json b/2019/15xxx/CVE-2019-15545.json new file mode 100644 index 00000000000..5e59ca5b936 --- /dev/null +++ b/2019/15xxx/CVE-2019-15545.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0004.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0004.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15546.json b/2019/15xxx/CVE-2019-15546.json new file mode 100644 index 00000000000..21bde0ef4e2 --- /dev/null +++ b/2019/15xxx/CVE-2019-15546.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0005.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0005.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15547.json b/2019/15xxx/CVE-2019-15547.json new file mode 100644 index 00000000000..6dd9af0af68 --- /dev/null +++ b/2019/15xxx/CVE-2019-15547.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0006.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0006.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15548.json b/2019/15xxx/CVE-2019-15548.json new file mode 100644 index 00000000000..61b68ed3a1a --- /dev/null +++ b/2019/15xxx/CVE-2019-15548.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2019-0006.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2019-0006.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15641.json b/2019/15xxx/CVE-2019-15641.json new file mode 100644 index 00000000000..7af24bc2e87 --- /dev/null +++ b/2019/15xxx/CVE-2019-15641.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/", + "refsource": "MISC", + "name": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15642.json b/2019/15xxx/CVE-2019-15642.json new file mode 100644 index 00000000000..6701d02fb33 --- /dev/null +++ b/2019/15xxx/CVE-2019-15642.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/", + "refsource": "MISC", + "name": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/" + }, + { + "url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c", + "refsource": "MISC", + "name": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c" + }, + { + "refsource": "MISC", + "name": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37", + "url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37" + }, + { + "refsource": "MISC", + "name": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index", + "url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7968.json b/2019/7xxx/CVE-2019-7968.json index b0678fa3515..072d7be3d99 100644 --- a/2019/7xxx/CVE-2019-7968.json +++ b/2019/7xxx/CVE-2019-7968.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7968", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "19.1.8 and earlier and 20.0.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7968", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7969.json b/2019/7xxx/CVE-2019-7969.json index 2dec2445dea..0b39f254e2e 100644 --- a/2019/7xxx/CVE-2019-7969.json +++ b/2019/7xxx/CVE-2019-7969.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7969", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "19.1.8 and earlier and 20.0.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7969", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7970.json b/2019/7xxx/CVE-2019-7970.json index 396f03e93a9..10c0b543d3d 100644 --- a/2019/7xxx/CVE-2019-7970.json +++ b/2019/7xxx/CVE-2019-7970.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7970", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "19.1.8 and earlier and 20.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7970", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7971.json b/2019/7xxx/CVE-2019-7971.json index 2da3f044b13..af642aa79bb 100644 --- a/2019/7xxx/CVE-2019-7971.json +++ b/2019/7xxx/CVE-2019-7971.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7971", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "19.1.8 and earlier and 20.0.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7971", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7972.json b/2019/7xxx/CVE-2019-7972.json index a701bbc4e6a..d68c8cf4e1e 100644 --- a/2019/7xxx/CVE-2019-7972.json +++ b/2019/7xxx/CVE-2019-7972.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7972", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "19.1.8 and earlier and 20.0.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7972", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7973.json b/2019/7xxx/CVE-2019-7973.json index 26d7a2394d7..0c527992dd4 100644 --- a/2019/7xxx/CVE-2019-7973.json +++ b/2019/7xxx/CVE-2019-7973.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7973", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "<=19.1.8 and <=20.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7973", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7974.json b/2019/7xxx/CVE-2019-7974.json index 245452656ed..82911af4d2d 100644 --- a/2019/7xxx/CVE-2019-7974.json +++ b/2019/7xxx/CVE-2019-7974.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7974", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "<=19.1.8 and <=20.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7974", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7976.json b/2019/7xxx/CVE-2019-7976.json index 53492d3fa74..08055d3e55b 100644 --- a/2019/7xxx/CVE-2019-7976.json +++ b/2019/7xxx/CVE-2019-7976.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7976", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "<=19.1.8 and <=20.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bound Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7976", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7977.json b/2019/7xxx/CVE-2019-7977.json index a3eba75e12b..675422cfe98 100644 --- a/2019/7xxx/CVE-2019-7977.json +++ b/2019/7xxx/CVE-2019-7977.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7977", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Photoshop CC", + "version": { + "version_data": [ + { + "version_value": "<=19.1.8 and <=20.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bound Read" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7977", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9648.json b/2019/9xxx/CVE-2019-9648.json index 2214e9067bf..a67ab30517f 100644 --- a/2019/9xxx/CVE-2019-9648.json +++ b/2019/9xxx/CVE-2019-9648.json @@ -64,6 +64,11 @@ "refsource": "FULLDISC", "name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "url": "http://seclists.org/fulldisclosure/2019/Aug/21" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9649.json b/2019/9xxx/CVE-2019-9649.json index 018e9e83d86..a7f558502ae 100644 --- a/2019/9xxx/CVE-2019-9649.json +++ b/2019/9xxx/CVE-2019-9649.json @@ -64,6 +64,11 @@ "refsource": "FULLDISC", "name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal (Metasploit) Exploit", "url": "http://seclists.org/fulldisclosure/2019/Aug/22" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.html" } ] },