diff --git a/2019/0xxx/CVE-2019-0201.json b/2019/0xxx/CVE-2019-0201.json index 91fc6fdbc8e..1942cf00db7 100644 --- a/2019/0xxx/CVE-2019-0201.json +++ b/2019/0xxx/CVE-2019-0201.json @@ -121,6 +121,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3892", "url": "https://access.redhat.com/errata/RHSA-2019:3892" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" } ] }, diff --git a/2019/10xxx/CVE-2019-10173.json b/2019/10xxx/CVE-2019-10173.json index 0526a8ec1e3..92c557320b7 100644 --- a/2019/10xxx/CVE-2019-10173.json +++ b/2019/10xxx/CVE-2019-10173.json @@ -58,6 +58,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3892", "url": "https://access.redhat.com/errata/RHSA-2019:3892" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" } ] }, diff --git a/2019/12xxx/CVE-2019-12384.json b/2019/12xxx/CVE-2019-12384.json index f7a6fa4de65..4bd09f980ee 100644 --- a/2019/12xxx/CVE-2019-12384.json +++ b/2019/12xxx/CVE-2019-12384.json @@ -251,6 +251,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3901", "url": "https://access.redhat.com/errata/RHSA-2019:3901" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" } ] } diff --git a/2019/13xxx/CVE-2019-13942.json b/2019/13xxx/CVE-2019-13942.json index 54a55e143f6..43e51498163 100644 --- a/2019/13xxx/CVE-2019-13942.json +++ b/2019/13xxx/CVE-2019-13942.json @@ -92,10 +92,15 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + }, { "refsource": "MISC", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-07" } ] } diff --git a/2019/16xxx/CVE-2019-16386.json b/2019/16xxx/CVE-2019-16386.json index 31996d4dae1..ed0a0a06366 100644 --- a/2019/16xxx/CVE-2019-16386.json +++ b/2019/16xxx/CVE-2019-16386.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account." + "value": "** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect." } ] }, diff --git a/2019/16xxx/CVE-2019-16387.json b/2019/16xxx/CVE-2019-16387.json index 66fdb64aced..ad1bcbaaec4 100644 --- a/2019/16xxx/CVE-2019-16387.json +++ b/2019/16xxx/CVE-2019-16387.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.)" + "value": "** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect." } ] }, diff --git a/2019/16xxx/CVE-2019-16388.json b/2019/16xxx/CVE-2019-16388.json index be4734d6735..f8bd304edff 100644 --- a/2019/16xxx/CVE-2019-16388.json +++ b/2019/16xxx/CVE-2019-16388.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account." + "value": "** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect." } ] }, diff --git a/2019/18xxx/CVE-2019-18397.json b/2019/18xxx/CVE-2019-18397.json index 8b7be5461b2..0a42f01a92f 100644 --- a/2019/18xxx/CVE-2019-18397.json +++ b/2019/18xxx/CVE-2019-18397.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7075bc4ff8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5UJRTG32FDNI7T637Q6PZYL3UCRR5HR/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4326", + "url": "https://access.redhat.com/errata/RHSA-2019:4326" } ] } diff --git a/2019/19xxx/CVE-2019-19649.json b/2019/19xxx/CVE-2019-19649.json index 3562cdf13be..5c150239869 100644 --- a/2019/19xxx/CVE-2019-19649.json +++ b/2019/19xxx/CVE-2019-19649.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.manageengine.com/products/applications_manager/release-notes.html", "url": "https://www.manageengine.com/products/applications_manager/release-notes.html" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/eLeN3Re/CVE-2019-19649", + "url": "https://gitlab.com/eLeN3Re/CVE-2019-19649" } ] } diff --git a/2019/19xxx/CVE-2019-19650.json b/2019/19xxx/CVE-2019-19650.json index 619e86431a4..82d1740bd43 100644 --- a/2019/19xxx/CVE-2019-19650.json +++ b/2019/19xxx/CVE-2019-19650.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.manageengine.com/products/applications_manager/release-notes.html", "url": "https://www.manageengine.com/products/applications_manager/release-notes.html" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/eLeN3Re/CVE-2019-19650", + "url": "https://gitlab.com/eLeN3Re/CVE-2019-19650" } ] } diff --git a/2019/19xxx/CVE-2019-19915.json b/2019/19xxx/CVE-2019-19915.json new file mode 100644 index 00000000000..b6d1014ab04 --- /dev/null +++ b/2019/19xxx/CVE-2019-19915.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"301 Redirects - Easy Redirect Manager\" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9979", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9979" + }, + { + "url": "https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1387.json b/2019/1xxx/CVE-2019-1387.json index 16825c17afc..b698acb1463 100644 --- a/2019/1xxx/CVE-2019-1387.json +++ b/2019/1xxx/CVE-2019-1387.json @@ -78,6 +78,11 @@ "refsource": "CONFIRM", "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4356", + "url": "https://access.redhat.com/errata/RHSA-2019:4356" } ] }, diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index b6329914e08..819348bba61 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -65,6 +65,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" } ] } diff --git a/2019/9xxx/CVE-2019-9512.json b/2019/9xxx/CVE-2019-9512.json index 5ba1b5aea37..79e4263a80d 100644 --- a/2019/9xxx/CVE-2019-9512.json +++ b/2019/9xxx/CVE-2019-9512.json @@ -378,6 +378,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4273", "url": "https://access.redhat.com/errata/RHSA-2019:4273" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" } ] }, diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index 75fc7492cfa..c7560b0137f 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -378,6 +378,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4273", "url": "https://access.redhat.com/errata/RHSA-2019:4273" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" } ] }, diff --git a/2019/9xxx/CVE-2019-9515.json b/2019/9xxx/CVE-2019-9515.json index 91279600137..ad05e21dbf0 100644 --- a/2019/9xxx/CVE-2019-9515.json +++ b/2019/9xxx/CVE-2019-9515.json @@ -253,6 +253,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4041", "url": "https://access.redhat.com/errata/RHSA-2019:4041" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" } ] }, diff --git a/2019/9xxx/CVE-2019-9518.json b/2019/9xxx/CVE-2019-9518.json index 385642df74a..04f415ef114 100644 --- a/2019/9xxx/CVE-2019-9518.json +++ b/2019/9xxx/CVE-2019-9518.json @@ -193,6 +193,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4352", + "url": "https://access.redhat.com/errata/RHSA-2019:4352" } ] },