diff --git a/2018/8xxx/CVE-2018-8035.json b/2018/8xxx/CVE-2018-8035.json index 86553881978..05b6e704184 100644 --- a/2018/8xxx/CVE-2018-8035.json +++ b/2018/8xxx/CVE-2018-8035.json @@ -53,6 +53,11 @@ "refsource": "BID", "name": "108195", "url": "http://www.securityfocus.com/bid/108195" + }, + { + "refsource": "MLIST", + "name": "[uima-dev] 20190606 Re: upcoming board report", + "url": "https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053@%3Cdev.uima.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0119.json b/2019/0xxx/CVE-2019-0119.json index 25ada8abd3b..f327825251b 100644 --- a/2019/0xxx/CVE-2019-0119.json +++ b/2019/0xxx/CVE-2019-0119.json @@ -53,6 +53,11 @@ "refsource": "BID", "name": "108485", "url": "http://www.securityfocus.com/bid/108485" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K85585101", + "url": "https://support.f5.com/csp/article/K85585101" } ] }, diff --git a/2019/0xxx/CVE-2019-0223.json b/2019/0xxx/CVE-2019-0223.json index cc3c9a79079..be1af0c86db 100644 --- a/2019/0xxx/CVE-2019-0223.json +++ b/2019/0xxx/CVE-2019-0223.json @@ -88,6 +88,21 @@ "refsource": "REDHAT", "name": "RHSA-2019:0886", "url": "https://access.redhat.com/errata/RHSA-2019:0886" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1399", + "url": "https://access.redhat.com/errata/RHSA-2019:1399" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1400", + "url": "https://access.redhat.com/errata/RHSA-2019:1400" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1398", + "url": "https://access.redhat.com/errata/RHSA-2019:1398" } ] }, diff --git a/2019/10xxx/CVE-2019-10009.json b/2019/10xxx/CVE-2019-10009.json index 63da6a11e67..0f8ef26e8fd 100644 --- a/2019/10xxx/CVE-2019-10009.json +++ b/2019/10xxx/CVE-2019-10009.json @@ -52,6 +52,21 @@ }, "references": { "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20190326 CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion", + "url": "http://seclists.org/fulldisclosure/2019/Mar/47" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46611", + "url": "https://www.exploit-db.com/exploits/46611/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html" + }, { "refsource": "MISC", "name": "https://seclists.org/fulldisclosure/2019/Mar/47", @@ -61,6 +76,11 @@ "refsource": "EXPLOIT-DB", "name": "46611", "url": "https://www.exploit-db.com/exploits/46611" + }, + { + "refsource": "CONFIRM", + "name": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html", + "url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html" } ] } diff --git a/2019/10xxx/CVE-2019-10149.json b/2019/10xxx/CVE-2019-10149.json index ec9d9beeb02..7720ba4471b 100644 --- a/2019/10xxx/CVE-2019-10149.json +++ b/2019/10xxx/CVE-2019-10149.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190605 [SECURITY] [DSA 4456-1] exim4 security update", "url": "https://seclists.org/bugtraq/2019/Jun/5" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201906-01", + "url": "https://security.gentoo.org/glsa/201906-01" } ] }, diff --git a/2019/11xxx/CVE-2019-11523.json b/2019/11xxx/CVE-2019-11523.json index e7266f20e29..5e7f57a3ada 100644 --- a/2019/11xxx/CVE-2019-11523.json +++ b/2019/11xxx/CVE-2019-11523.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11523", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11523", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the \"open door\" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc", + "url": "https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc" } ] } diff --git a/2019/12xxx/CVE-2019-12492.json b/2019/12xxx/CVE-2019-12492.json index 26c839a5e05..9c750ee8360 100644 --- a/2019/12xxx/CVE-2019-12492.json +++ b/2019/12xxx/CVE-2019-12492.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12492", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12492", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.gallagher.com/CVE-2019-12492", + "url": "https://security.gallagher.com/CVE-2019-12492" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gallagher.com/security-advisories", + "url": "https://security.gallagher.com/security-advisories" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12762.json b/2019/12xxx/CVE-2019-12762.json new file mode 100644 index 00000000000..ca2aea1f3fd --- /dev/null +++ b/2019/12xxx/CVE-2019-12762.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", + "refsource": "MISC", + "name": "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607" + }, + { + "url": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", + "refsource": "MISC", + "name": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3722.json b/2019/3xxx/CVE-2019-3722.json index 5d968dbbde4..2a8b7696975 100644 --- a/2019/3xxx/CVE-2019-3722.json +++ b/2019/3xxx/CVE-2019-3722.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", + "ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-06-03T17:00:00.000Z", "ID": "CVE-2019-3722", "STATE": "PUBLIC", @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.\n\n" + "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request." } ] }, @@ -82,6 +82,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en", "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en" } ] diff --git a/2019/3xxx/CVE-2019-3723.json b/2019/3xxx/CVE-2019-3723.json index 26603e23910..21e5a30c5f1 100644 --- a/2019/3xxx/CVE-2019-3723.json +++ b/2019/3xxx/CVE-2019-3723.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", + "ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-06-03T17:00:00.000Z", "ID": "CVE-2019-3723", "STATE": "PUBLIC", @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation\n\n" + "value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation" } ] }, @@ -82,6 +82,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en", "url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en" } ] diff --git a/2019/3xxx/CVE-2019-3790.json b/2019/3xxx/CVE-2019-3790.json index 7408ddd74e5..d6de14d2eac 100644 --- a/2019/3xxx/CVE-2019-3790.json +++ b/2019/3xxx/CVE-2019-3790.json @@ -1,100 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-05-28T13:47:10.000Z", - "ID": "CVE-2019-3790", - "STATE": "PUBLIC", - "TITLE": "Ops Manager uaa client issues tokens after refresh token expiration" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Pivotal Ops Manager", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "2.3", - "version_value": "2.3.16" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-05-28T13:47:10.000Z", + "ID": "CVE-2019-3790", + "STATE": "PUBLIC", + "TITLE": "Ops Manager uaa client issues tokens after refresh token expiration" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pivotal Ops Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.3", + "version_value": "2.3.16" + }, + { + "affected": "<", + "version_name": "2.4", + "version_value": "2.4.11" + }, + { + "affected": "<", + "version_name": "2.2", + "version_value": "2.2.23" + }, + { + "affected": "<", + "version_name": "2.5", + "version_value": "2.5.3" + } + ] + } + } + ] }, - { - "affected": "<", - "version_name": "2.4", - "version_value": "2.4.11" - }, - { - "affected": "<", - "version_name": "2.2", - "version_value": "2.2.23" - }, - { - "affected": "<", - "version_name": "2.5", - "version_value": "2.5.3" - } - ] + "vendor_name": "Pivotal" } - } ] - }, - "vendor_name": "Pivotal" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-324: Use of a Key Past its Expiration Date" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2019-3790", - "name": "https://pivotal.io/security/cve-2019-3790" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-324: Use of a Key Past its Expiration Date" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "108512", + "url": "http://www.securityfocus.com/bid/108512" + }, + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3790", + "name": "https://pivotal.io/security/cve-2019-3790" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9621.json b/2019/9xxx/CVE-2019-9621.json index f5af5967465..2cd190c0f20 100644 --- a/2019/9xxx/CVE-2019-9621.json +++ b/2019/9xxx/CVE-2019-9621.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html", "url": "https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html" } ] }