From a29525911277dbd627e25faedfd891909141e1a4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Jul 2019 21:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/3xxx/CVE-2015-3907.json | 48 ++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13074.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13179.json | 2 +- 2019/9xxx/CVE-2019-9827.json | 48 ++++++++++++++++++++++++-- 4 files changed, 155 insertions(+), 5 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13074.json diff --git a/2015/3xxx/CVE-2015-3907.json b/2015/3xxx/CVE-2015-3907.json index 34ed9a693e4..8bc925fcee7 100644 --- a/2015/3xxx/CVE-2015-3907.json +++ b/2015/3xxx/CVE-2015-3907.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3907", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907", + "url": "https://kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907" } ] } diff --git a/2019/13xxx/CVE-2019-13074.json b/2019/13xxx/CVE-2019-13074.json new file mode 100644 index 00000000000..2b3a7a31156 --- /dev/null +++ b/2019/13xxx/CVE-2019-13074.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://mikrotik.com/download/changelogs/stable-release-tree", + "url": "https://mikrotik.com/download/changelogs/stable-release-tree" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13179.json b/2019/13xxx/CVE-2019-13179.json index 41dabe825ea..c9220aa4563 100644 --- a/2019/13xxx/CVE-2019-13179.json +++ b/2019/13xxx/CVE-2019-13179.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Calamares through 3.2.4 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption." + "value": "Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption." } ] }, diff --git a/2019/9xxx/CVE-2019-9827.json b/2019/9xxx/CVE-2019-9827.json index b701dc6eefa..ad6ea3ee50e 100644 --- a/2019/9xxx/CVE-2019-9827.json +++ b/2019/9xxx/CVE-2019-9827.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9827", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.ciphertechs.com/hawtio-advisory/", + "url": "https://www.ciphertechs.com/hawtio-advisory/" } ] }