diff --git a/2017/17xxx/CVE-2017-17848.json b/2017/17xxx/CVE-2017-17848.json index 6000a2d12b6..a5b4e6c8aa7 100644 --- a/2017/17xxx/CVE-2017-17848.json +++ b/2017/17xxx/CVE-2017-17848.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2018/12xxx/CVE-2018-12019.json b/2018/12xxx/CVE-2018-12019.json index d8e7f2e5120..1584b1efcf2 100644 --- a/2018/12xxx/CVE-2018-12019.json +++ b/2018/12xxx/CVE-2018-12019.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2018/12xxx/CVE-2018-12020.json b/2018/12xxx/CVE-2018-12020.json index 9edfb69eea6..ebb4d78ec2b 100644 --- a/2018/12xxx/CVE-2018-12020.json +++ b/2018/12xxx/CVE-2018-12020.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2018/12xxx/CVE-2018-12356.json b/2018/12xxx/CVE-2018-12356.json index 1183facae4a..099e1aebf98 100644 --- a/2018/12xxx/CVE-2018-12356.json +++ b/2018/12xxx/CVE-2018-12356.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2018/14xxx/CVE-2018-14874.json b/2018/14xxx/CVE-2018-14874.json index e871ef21173..89eb165d7b7 100644 --- a/2018/14xxx/CVE-2018-14874.json +++ b/2018/14xxx/CVE-2018-14874.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14874", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://neetech18.blogspot.com/2019/03/error-based-sql-injection-vulnerability.html", + "url": "https://neetech18.blogspot.com/2019/03/error-based-sql-injection-vulnerability.html" } ] } diff --git a/2018/14xxx/CVE-2018-14875.json b/2018/14xxx/CVE-2018-14875.json index 407dad619da..3fcf630a28e 100644 --- a/2018/14xxx/CVE-2018-14875.json +++ b/2018/14xxx/CVE-2018-14875.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14875", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://neetech18.blogspot.com/2019/03/reflected-xss-vulnerability-in-polaris.html", + "url": "https://neetech18.blogspot.com/2019/03/reflected-xss-vulnerability-in-polaris.html" } ] } diff --git a/2018/14xxx/CVE-2018-14930.json b/2018/14xxx/CVE-2018-14930.json index a63506356b3..2b3ace5596f 100644 --- a/2018/14xxx/CVE-2018-14930.json +++ b/2018/14xxx/CVE-2018-14930.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14930", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software.html", + "url": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software.html" } ] } diff --git a/2018/14xxx/CVE-2018-14931.json b/2018/14xxx/CVE-2018-14931.json index d200da1fb1e..033c8a527c0 100644 --- a/2018/14xxx/CVE-2018-14931.json +++ b/2018/14xxx/CVE-2018-14931.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14931", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html", + "refsource": "MISC", + "name": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html" } ] } diff --git a/2018/15xxx/CVE-2018-15206.json b/2018/15xxx/CVE-2018-15206.json index fab808edea7..c16688a2e82 100644 --- a/2018/15xxx/CVE-2018-15206.json +++ b/2018/15xxx/CVE-2018-15206.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15206", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://neetech18.blogspot.com/2019/03/cross-site-request-forgery-smartvista.html", + "url": "https://neetech18.blogspot.com/2019/03/cross-site-request-forgery-smartvista.html" } ] } diff --git a/2018/15xxx/CVE-2018-15207.json b/2018/15xxx/CVE-2018-15207.json index 83ebe50007d..8df4ce3ada2 100644 --- a/2018/15xxx/CVE-2018-15207.json +++ b/2018/15xxx/CVE-2018-15207.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15207", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://neetech18.blogspot.com/2019/03/incorrect-access-control-smart-vista.html", + "url": "https://neetech18.blogspot.com/2019/03/incorrect-access-control-smart-vista.html" } ] } diff --git a/2018/15xxx/CVE-2018-15208.json b/2018/15xxx/CVE-2018-15208.json index 2f7d72e949f..4a62cfb23ef 100644 --- a/2018/15xxx/CVE-2018-15208.json +++ b/2018/15xxx/CVE-2018-15208.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15208", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://neetech18.blogspot.com/2019/03/session-fixation-smart-vista-svfe-2.html", + "url": "https://neetech18.blogspot.com/2019/03/session-fixation-smart-vista-svfe-2.html" } ] } diff --git a/2018/15xxx/CVE-2018-15586.json b/2018/15xxx/CVE-2018-15586.json index 89b16d885ba..0d426eef8b0 100644 --- a/2018/15xxx/CVE-2018-15586.json +++ b/2018/15xxx/CVE-2018-15586.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2018/15xxx/CVE-2018-15587.json b/2018/15xxx/CVE-2018-15587.json index 57839b9f003..db535a64390 100644 --- a/2018/15xxx/CVE-2018-15587.json +++ b/2018/15xxx/CVE-2018-15587.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2018/15xxx/CVE-2018-15588.json b/2018/15xxx/CVE-2018-15588.json index 09ea6e9b905..7a922685ac9 100644 --- a/2018/15xxx/CVE-2018-15588.json +++ b/2018/15xxx/CVE-2018-15588.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2018/18xxx/CVE-2018-18509.json b/2018/18xxx/CVE-2018-18509.json index 8ead2cdb539..28973ebf895 100644 --- a/2018/18xxx/CVE-2018-18509.json +++ b/2018/18xxx/CVE-2018-18509.json @@ -16,6 +16,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] }, diff --git a/2018/19xxx/CVE-2018-19039.json b/2018/19xxx/CVE-2018-19039.json index 8170c858168..1799893dc25 100644 --- a/2018/19xxx/CVE-2018-19039.json +++ b/2018/19xxx/CVE-2018-19039.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190416-0004/", "url": "https://security.netapp.com/advisory/ntap-20190416-0004/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0911", + "url": "https://access.redhat.com/errata/RHSA-2019:0911" } ] } diff --git a/2018/20xxx/CVE-2018-20834.json b/2018/20xxx/CVE-2018-20834.json index 36c85741dd9..78196d10833 100644 --- a/2018/20xxx/CVE-2018-20834.json +++ b/2018/20xxx/CVE-2018-20834.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-20834", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-20834", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/344595", + "refsource": "MISC", + "name": "https://hackerone.com/reports/344595" + }, + { + "url": "https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8", + "refsource": "MISC", + "name": "https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8" + }, + { + "url": "https://github.com/npm/node-tar/compare/58a8d43...a5f7779", + "refsource": "MISC", + "name": "https://github.com/npm/node-tar/compare/58a8d43...a5f7779" } ] } diff --git a/2018/20xxx/CVE-2018-20835.json b/2018/20xxx/CVE-2018-20835.json index 21e93da678e..8aa22289bdd 100644 --- a/2018/20xxx/CVE-2018-20835.json +++ b/2018/20xxx/CVE-2018-20835.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-20835", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-20835", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/344595", + "refsource": "MISC", + "name": "https://hackerone.com/reports/344595" + }, + { + "url": "https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2", + "refsource": "MISC", + "name": "https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2" + }, + { + "url": "https://github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2f", + "refsource": "MISC", + "name": "https://github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2f" } ] } diff --git a/2019/0xxx/CVE-2019-0728.json b/2019/0xxx/CVE-2019-0728.json index d36e7a6ecfe..7290a0b3e3b 100644 --- a/2019/0xxx/CVE-2019-0728.json +++ b/2019/0xxx/CVE-2019-0728.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4" + }, + { + "refsource": "FULLDISC", + "name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", + "url": "http://seclists.org/fulldisclosure/2019/Apr/38" } ] } diff --git a/2019/10xxx/CVE-2019-10131.json b/2019/10xxx/CVE-2019-10131.json index 14e25b9313f..d4a52109fef 100644 --- a/2019/10xxx/CVE-2019-10131.json +++ b/2019/10xxx/CVE-2019-10131.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10131", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11193.json b/2019/11xxx/CVE-2019-11193.json index ecdb5c54062..f052b793dd3 100644 --- a/2019/11xxx/CVE-2019-11193.json +++ b/2019/11xxx/CVE-2019-11193.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11193", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11193", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://numanozdemir.com/respdisc/directadmin.pdf", + "refsource": "MISC", + "name": "https://numanozdemir.com/respdisc/directadmin.pdf" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46694", + "url": "https://www.exploit-db.com/exploits/46694" } ] } diff --git a/2019/11xxx/CVE-2019-11557.json b/2019/11xxx/CVE-2019-11557.json index 03e28413fb7..254746fa3cc 100644 --- a/2019/11xxx/CVE-2019-11557.json +++ b/2019/11xxx/CVE-2019-11557.json @@ -61,6 +61,11 @@ "url": "https://wordpress.org/plugins/contact-form-builder/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/contact-form-builder/#developers" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Apr/35", + "url": "http://seclists.org/fulldisclosure/2019/Apr/35" } ] } diff --git a/2019/11xxx/CVE-2019-11590.json b/2019/11xxx/CVE-2019-11590.json index f3b41c5f97c..6336dc892d1 100644 --- a/2019/11xxx/CVE-2019-11590.json +++ b/2019/11xxx/CVE-2019-11590.json @@ -61,6 +61,11 @@ "url": "https://lists.openwall.net/full-disclosure/2019/04/05/11", "refsource": "MISC", "name": "https://lists.openwall.net/full-disclosure/2019/04/05/11" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Apr/36", + "url": "http://seclists.org/fulldisclosure/2019/Apr/36" } ] } diff --git a/2019/11xxx/CVE-2019-11591.json b/2019/11xxx/CVE-2019-11591.json index 43824387bad..c3a39e0c9eb 100644 --- a/2019/11xxx/CVE-2019-11591.json +++ b/2019/11xxx/CVE-2019-11591.json @@ -61,6 +61,11 @@ "url": "https://wordpress.org/plugins/contact-form-maker/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/contact-form-maker/#developers" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Apr/37", + "url": "http://seclists.org/fulldisclosure/2019/Apr/37" } ] } diff --git a/2019/11xxx/CVE-2019-11599.json b/2019/11xxx/CVE-2019-11599.json index d8b3815a638..f0d74861556 100644 --- a/2019/11xxx/CVE-2019-11599.json +++ b/2019/11xxx/CVE-2019-11599.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190430 Re: Linux kernel: multiple issues", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/1" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46781", + "url": "https://www.exploit-db.com/exploits/46781/" } ] } diff --git a/2019/11xxx/CVE-2019-11604.json b/2019/11xxx/CVE-2019-11604.json new file mode 100644 index 00000000000..e0cabc578f2 --- /dev/null +++ b/2019/11xxx/CVE-2019-11604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11605.json b/2019/11xxx/CVE-2019-11605.json new file mode 100644 index 00000000000..96d8c3c6cf8 --- /dev/null +++ b/2019/11xxx/CVE-2019-11605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9486.json b/2019/9xxx/CVE-2019-9486.json index 3f6b372b7e4..d0c1bb49f9f 100644 --- a/2019/9xxx/CVE-2019-9486.json +++ b/2019/9xxx/CVE-2019-9486.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9486", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://zer0-day.pw/articles/2019-04/HiDrive-LPE-via-Insecure-WCF-endpoint", + "url": "https://zer0-day.pw/articles/2019-04/HiDrive-LPE-via-Insecure-WCF-endpoint" } ] }