From 96fa767e2c538dc184ef5ba52e65c2af207d6620 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 May 2019 18:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/6xxx/CVE-2017-6514.json | 53 +++++++++++- 2018/14xxx/CVE-2018-14729.json | 63 ++++++++++++++- 2018/7xxx/CVE-2018-7202.json | 48 ++++++++++- 2019/10xxx/CVE-2019-10132.json | 9 ++- 2019/11xxx/CVE-2019-11231.json | 61 ++++++++++++-- 2019/11xxx/CVE-2019-11536.json | 61 ++++++++++++-- 2019/12xxx/CVE-2019-12163.json | 5 ++ 2019/12xxx/CVE-2019-12167.json | 61 ++++++++++++-- 2019/3xxx/CVE-2019-3401.json | 132 +++++++++++++++--------------- 2019/3xxx/CVE-2019-3402.json | 132 +++++++++++++++--------------- 2019/3xxx/CVE-2019-3403.json | 143 +++++++++++++++------------------ 2019/3xxx/CVE-2019-3724.json | 14 +--- 2019/7xxx/CVE-2019-7818.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7821.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7822.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7823.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7824.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7825.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7826.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7827.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7828.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7829.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7830.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7831.json | 72 ++++++++++++++--- 2019/7xxx/CVE-2019-7832.json | 67 ++++++++++++--- 2019/7xxx/CVE-2019-7833.json | 67 ++++++++++++--- 2019/8xxx/CVE-2019-8442.json | 143 +++++++++++++++------------------ 2019/8xxx/CVE-2019-8443.json | 143 +++++++++++++++------------------ 28 files changed, 1537 insertions(+), 529 deletions(-) diff --git a/2017/6xxx/CVE-2017-6514.json b/2017/6xxx/CVE-2017-6514.json index e40ed01fda4..04e49f58ed3 100644 --- a/2017/6xxx/CVE-2017-6514.json +++ b/2017/6xxx/CVE-2017-6514.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-6514", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the \"author_name\":\" substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CFSECURITE/wordpress", + "refsource": "MISC", + "name": "https://github.com/CFSECURITE/wordpress" + }, + { + "url": "https://web.archive.org/web/20180612235401/https://github.com/CFSECURITE/wordpress", + "refsource": "MISC", + "name": "https://web.archive.org/web/20180612235401/https://github.com/CFSECURITE/wordpress" } ] } diff --git a/2018/14xxx/CVE-2018-14729.json b/2018/14xxx/CVE-2018-14729.json index 13244f52499..47de83fb617 100644 --- a/2018/14xxx/CVE-2018-14729.json +++ b/2018/14xxx/CVE-2018-14729.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14729", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tencent.com", + "refsource": "MISC", + "name": "http://tencent.com" + }, + { + "url": "http://discuz.com", + "refsource": "MISC", + "name": "http://discuz.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/FoolMitAh/CVE-2018-14729/blob/master/Discuz_backend_getshell.md", + "url": "https://github.com/FoolMitAh/CVE-2018-14729/blob/master/Discuz_backend_getshell.md" + }, + { + "refsource": "MISC", + "name": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-17059", + "url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-17059" } ] } diff --git a/2018/7xxx/CVE-2018-7202.json b/2018/7xxx/CVE-2018-7202.json index fbc8739bf59..a8321b42ce8 100644 --- a/2018/7xxx/CVE-2018-7202.json +++ b/2018/7xxx/CVE-2018-7202.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ProjectSend before r1053. XSS exists in the \"Name\" field on the My Account page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.projectsend.org/change-log-detail/r1053/", + "refsource": "MISC", + "name": "https://www.projectsend.org/change-log-detail/r1053/" } ] } diff --git a/2019/10xxx/CVE-2019-10132.json b/2019/10xxx/CVE-2019-10132.json index 9b34d98cb67..58ec20b2e7d 100644 --- a/2019/10xxx/CVE-2019-10132.json +++ b/2019/10xxx/CVE-2019-10132.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10132", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,7 +45,9 @@ "references": { "reference_data": [ { - "url": "https://security.libvirt.org/2019/0003.html" + "url": "https://security.libvirt.org/2019/0003.html", + "refsource": "MISC", + "name": "https://security.libvirt.org/2019/0003.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132", @@ -71,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11231.json b/2019/11xxx/CVE-2019-11231.json index a46520fcdd0..1fb316d58b1 100644 --- a/2019/11xxx/CVE-2019-11231.json +++ b/2019/11xxx/CVE-2019-11231.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11231", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11231", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ssd-disclosure.com/?p=3899&preview=true", + "refsource": "MISC", + "name": "https://ssd-disclosure.com/?p=3899&preview=true" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152961/GetSimpleCMS-3.3.15-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/152961/GetSimpleCMS-3.3.15-Remote-Code-Execution.html" } ] } diff --git a/2019/11xxx/CVE-2019-11536.json b/2019/11xxx/CVE-2019-11536.json index 4a432b2a531..54fc88c5950 100644 --- a/2019/11xxx/CVE-2019-11536.json +++ b/2019/11xxx/CVE-2019-11536.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11536", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11536", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kalkitech.com/cybersecurity/", + "refsource": "MISC", + "name": "https://www.kalkitech.com/cybersecurity/" + }, + { + "refsource": "MISC", + "name": "https://www.kalkitech.com/wp-content/uploads/CYB_19561_Advisory.pdf", + "url": "https://www.kalkitech.com/wp-content/uploads/CYB_19561_Advisory.pdf" } ] } diff --git a/2019/12xxx/CVE-2019-12163.json b/2019/12xxx/CVE-2019-12163.json index 5b963e2f1dd..87494b0d5db 100644 --- a/2019/12xxx/CVE-2019-12163.json +++ b/2019/12xxx/CVE-2019-12163.json @@ -57,6 +57,11 @@ "refsource": "MISC", "name": "https://seclists.org/fulldisclosure/2019/May/29" }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152964/GAT-Ship-Web-Module-1.30-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/152964/GAT-Ship-Web-Module-1.30-Information-Disclosure.html" + }, { "refsource": "FULLDISC", "name": "20190521 Re: GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability", diff --git a/2019/12xxx/CVE-2019-12167.json b/2019/12xxx/CVE-2019-12167.json index 25e02d4fc58..6011213a97c 100644 --- a/2019/12xxx/CVE-2019-12167.json +++ b/2019/12xxx/CVE-2019-12167.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12167", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12167", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.emerson.com/en-us/support", + "refsource": "MISC", + "name": "https://www.emerson.com/en-us/support" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2019/May/51", + "url": "https://seclists.org/bugtraq/2019/May/51" } ] } diff --git a/2019/3xxx/CVE-2019-3401.json b/2019/3xxx/CVE-2019-3401.json index e4c2a029e5f..45e87283748 100644 --- a/2019/3xxx/CVE-2019-3401.json +++ b/2019/3xxx/CVE-2019-3401.json @@ -1,70 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-05-08T00:00:00", - "ID": "CVE-2019-3401", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.3", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Incorrect Authorization (CWE-863)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-05-08T00:00:00", + "ID": "CVE-2019-3401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlassian", + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "versions prior to 7.13.3" + }, + { + "version_value": "from version 8.0.0 to versions before 8.1.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization (CWE-863)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69244", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69244" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3402.json b/2019/3xxx/CVE-2019-3402.json index fc8b93914d2..6ae58be4825 100644 --- a/2019/3xxx/CVE-2019-3402.json +++ b/2019/3xxx/CVE-2019-3402.json @@ -1,70 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-05-08T00:00:00", - "ID": "CVE-2019-3402", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.3", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-05-08T00:00:00", + "ID": "CVE-2019-3402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlassian", + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "before 7.13.3" + }, + { + "version_value": "from version 8.0.0 to versions before 8.1.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69243", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69243" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3403.json b/2019/3xxx/CVE-2019-3403.json index b8720309344..30d47e28dbe 100644 --- a/2019/3xxx/CVE-2019-3403.json +++ b/2019/3xxx/CVE-2019-3403.json @@ -1,78 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-05-08T00:00:00", - "ID": "CVE-2019-3403", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.3", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.0.4", - "version_affected": "<" - }, - { - "version_value": "8.1.0", - "version_affected": ">=" - }, - { - "version_value": "8.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Incorrect Authorization (CWE-863)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-05-08T00:00:00", + "ID": "CVE-2019-3403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlassian", + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "before 7.13.3" + }, + { + "version_value": "from 8.0.0 to versions before 8.0.4" + }, + { + "version_value": "from 8.1.0 to versions before 8.1.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization (CWE-863)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69242", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69242" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3724.json b/2019/3xxx/CVE-2019-3724.json index ac770045c55..0634a2fc33a 100644 --- a/2019/3xxx/CVE-2019-3724.json +++ b/2019/3xxx/CVE-2019-3724.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including credentials." + "value": "RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including credentials." } ] }, @@ -84,20 +84,10 @@ "name": "https://community.rsa.com/docs/DOC-104202", "refsource": "CONFIRM", "url": "https://community.rsa.com/docs/DOC-104202" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/152943/RSA-NetWitness-Authorization-Bypass.html", - "url": "http://packetstormsecurity.com/files/152943/RSA-NetWitness-Authorization-Bypass.html" - }, - { - "refsource": "BID", - "name": "108357", - "url": "http://www.securityfocus.com/bid/108357" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7818.json b/2019/7xxx/CVE-2019-7818.json index 1ca15a27e1b..1f32420e9c9 100644 --- a/2019/7xxx/CVE-2019-7818.json +++ b/2019/7xxx/CVE-2019-7818.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7818", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108322", + "url": "http://www.securityfocus.com/bid/108322" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-503/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-503/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7818", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7821.json b/2019/7xxx/CVE-2019-7821.json index 99a5290507f..9bc435411e8 100644 --- a/2019/7xxx/CVE-2019-7821.json +++ b/2019/7xxx/CVE-2019-7821.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7821", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108320", + "url": "http://www.securityfocus.com/bid/108320" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-506/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-506/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7821", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7822.json b/2019/7xxx/CVE-2019-7822.json index 5a05fd6c6c0..ce90871548b 100644 --- a/2019/7xxx/CVE-2019-7822.json +++ b/2019/7xxx/CVE-2019-7822.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7822", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108322", + "url": "http://www.securityfocus.com/bid/108322" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-505/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-505/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7822", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7823.json b/2019/7xxx/CVE-2019-7823.json index 506b3fd58b9..fe86526e362 100644 --- a/2019/7xxx/CVE-2019-7823.json +++ b/2019/7xxx/CVE-2019-7823.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7823", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108320", + "url": "http://www.securityfocus.com/bid/108320" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-507/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-507/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7823", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7824.json b/2019/7xxx/CVE-2019-7824.json index a298841fa90..5d86098a2bd 100644 --- a/2019/7xxx/CVE-2019-7824.json +++ b/2019/7xxx/CVE-2019-7824.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7824", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Error" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108323", + "url": "http://www.securityfocus.com/bid/108323" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-508/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-508/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7824", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7825.json b/2019/7xxx/CVE-2019-7825.json index 69e3077ed46..030a6d07931 100644 --- a/2019/7xxx/CVE-2019-7825.json +++ b/2019/7xxx/CVE-2019-7825.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7825", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108322", + "url": "http://www.securityfocus.com/bid/108322" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-509/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-509/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7825", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7826.json b/2019/7xxx/CVE-2019-7826.json index 3317b627d94..db0166b2769 100644 --- a/2019/7xxx/CVE-2019-7826.json +++ b/2019/7xxx/CVE-2019-7826.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7826", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Read\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108326", + "url": "http://www.securityfocus.com/bid/108326" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-510/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-510/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7826", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7827.json b/2019/7xxx/CVE-2019-7827.json index 0338b8185e8..7bfcbae0adb 100644 --- a/2019/7xxx/CVE-2019-7827.json +++ b/2019/7xxx/CVE-2019-7827.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7827", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108325", + "url": "http://www.securityfocus.com/bid/108325" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-513/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-513/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7827", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7828.json b/2019/7xxx/CVE-2019-7828.json index 110d19725a9..b9aea7c96af 100644 --- a/2019/7xxx/CVE-2019-7828.json +++ b/2019/7xxx/CVE-2019-7828.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7828", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108325", + "url": "http://www.securityfocus.com/bid/108325" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-512/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-512/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7828", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7829.json b/2019/7xxx/CVE-2019-7829.json index ee08d7cf3a0..ee5a307e2bb 100644 --- a/2019/7xxx/CVE-2019-7829.json +++ b/2019/7xxx/CVE-2019-7829.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7829", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108322", + "url": "http://www.securityfocus.com/bid/108322" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-511/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-511/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7829", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7830.json b/2019/7xxx/CVE-2019-7830.json index 9d152e643ee..bb12dc5a751 100644 --- a/2019/7xxx/CVE-2019-7830.json +++ b/2019/7xxx/CVE-2019-7830.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7830", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108320", + "url": "http://www.securityfocus.com/bid/108320" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-514/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-514/" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7830", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7831.json b/2019/7xxx/CVE-2019-7831.json index 1942330db9e..efb70a84876 100644 --- a/2019/7xxx/CVE-2019-7831.json +++ b/2019/7xxx/CVE-2019-7831.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7831", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108320", + "url": "http://www.securityfocus.com/bid/108320" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0796", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0796" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7831", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7832.json b/2019/7xxx/CVE-2019-7832.json index 1ed32873234..de8bbcfdd73 100644 --- a/2019/7xxx/CVE-2019-7832.json +++ b/2019/7xxx/CVE-2019-7832.json @@ -1,18 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7832", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108320", + "url": "http://www.securityfocus.com/bid/108320" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7832", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7833.json b/2019/7xxx/CVE-2019-7833.json index 43d683374a9..17fcaaeb0eb 100644 --- a/2019/7xxx/CVE-2019-7833.json +++ b/2019/7xxx/CVE-2019-7833.json @@ -1,18 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7833", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html" + }, + { + "refsource": "BID", + "name": "108320", + "url": "http://www.securityfocus.com/bid/108320" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7833", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8442.json b/2019/8xxx/CVE-2019-8442.json index 2a64d95c4b3..7bf84a0eb88 100644 --- a/2019/8xxx/CVE-2019-8442.json +++ b/2019/8xxx/CVE-2019-8442.json @@ -1,78 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-05-08T00:00:00", - "ID": "CVE-2019-8442", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.4", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.0.4", - "version_affected": "<" - }, - { - "version_value": "8.1.0", - "version_affected": ">=" - }, - { - "version_value": "8.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-05-08T00:00:00", + "ID": "CVE-2019-8442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlassian", + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "before 7.13.4" + }, + { + "version_value": "from 8.0.0 to versions before 8.0.4" + }, + { + "version_value": "from 8.1.0 to versions before 8.1.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69241", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69241" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8443.json b/2019/8xxx/CVE-2019-8443.json index 0e957810992..a1840184b71 100644 --- a/2019/8xxx/CVE-2019-8443.json +++ b/2019/8xxx/CVE-2019-8443.json @@ -1,78 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-05-08T00:00:00", - "ID": "CVE-2019-8443", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.4", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.0.4", - "version_affected": "<" - }, - { - "version_value": "8.1.0", - "version_affected": ">=" - }, - { - "version_value": "8.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-05-08T00:00:00", + "ID": "CVE-2019-8443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlassian", + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "before 7.13.4" + }, + { + "version_value": "from 8.0.0 to versions before 8.0.4" + }, + { + "version_value": "from 8.1.0 to versions before 8.1.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69240", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69240" + } + ] + } +} \ No newline at end of file