From a47dcd69e6879f1b0eb29e5a3204f748b900eaa3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Nov 2019 00:01:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/0xxx/CVE-2011-0544.json | 55 ++++++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10215.json | 5 +++ 2019/10xxx/CVE-2019-10744.json | 5 +++ 2019/18xxx/CVE-2019-18954.json | 67 ++++++++++++++++++++++++++++++++++ 2019/3xxx/CVE-2019-3660.json | 9 +++-- 2019/3xxx/CVE-2019-3661.json | 9 +++-- 2019/3xxx/CVE-2019-3662.json | 9 +++-- 2019/3xxx/CVE-2019-3663.json | 9 +++-- 2019/3xxx/CVE-2019-3889.json | 5 +++ 9 files changed, 154 insertions(+), 19 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18954.json diff --git a/2011/0xxx/CVE-2011-0544.json b/2011/0xxx/CVE-2011-0544.json index eeabaeed907..cfe1890d1a5 100644 --- a/2011/0xxx/CVE-2011-0544.json +++ b/2011/0xxx/CVE-2011-0544.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-0544", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "phpbb3", + "product": { + "product_data": [ + { + "product_name": "phpbb3", + "version": { + "version_data": [ + { + "version_value": "3.0.x-3.0.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2011-0544", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2011-0544" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2011-0544", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2011-0544" } ] } diff --git a/2019/10xxx/CVE-2019-10215.json b/2019/10xxx/CVE-2019-10215.json index 4e836100be1..fecfefb0527 100644 --- a/2019/10xxx/CVE-2019-10215.json +++ b/2019/10xxx/CVE-2019-10215.json @@ -48,6 +48,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10215", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10215", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3771", + "url": "https://access.redhat.com/errata/RHSA-2019:3771" } ] }, diff --git a/2019/10xxx/CVE-2019-10744.json b/2019/10xxx/CVE-2019-10744.json index ef02c228546..bbffcde26eb 100644 --- a/2019/10xxx/CVE-2019-10744.json +++ b/2019/10xxx/CVE-2019-10744.json @@ -58,6 +58,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3024", "url": "https://access.redhat.com/errata/RHSA-2019:3024" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS" } ] }, diff --git a/2019/18xxx/CVE-2019-18954.json b/2019/18xxx/CVE-2019-18954.json new file mode 100644 index 00000000000..cfe26fa2321 --- /dev/null +++ b/2019/18xxx/CVE-2019-18954.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation", + "refsource": "MISC", + "name": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation" + }, + { + "url": "https://github.com/NetEase/pomelo/issues/1149", + "refsource": "MISC", + "name": "https://github.com/NetEase/pomelo/issues/1149" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3660.json b/2019/3xxx/CVE-2019-3660.json index adf0616deb9..1d54b2ea093 100644 --- a/2019/3xxx/CVE-2019-3660.json +++ b/2019/3xxx/CVE-2019-3660.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.\n\n\n\n\n" + "value": "Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests." } ] }, @@ -74,8 +74,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" + "refsource": "MISC", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" } ] }, @@ -83,4 +84,4 @@ "advisory": "SB10304", "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3661.json b/2019/3xxx/CVE-2019-3661.json index 5b5d4e4e8e6..d15cd08903e 100644 --- a/2019/3xxx/CVE-2019-3661.json +++ b/2019/3xxx/CVE-2019-3661.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.\n\n\n\n\n\n" + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads." } ] }, @@ -74,8 +74,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" + "refsource": "MISC", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" } ] }, @@ -83,4 +84,4 @@ "advisory": "SB10304", "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3662.json b/2019/3xxx/CVE-2019-3662.json index bec3f34c57c..b389b11e10d 100644 --- a/2019/3xxx/CVE-2019-3662.json +++ b/2019/3xxx/CVE-2019-3662.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.\n\n\n\n\n\n\n" + "value": "Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests." } ] }, @@ -74,8 +74,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" + "refsource": "MISC", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" } ] }, @@ -83,4 +84,4 @@ "advisory": "SB10304", "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3663.json b/2019/3xxx/CVE-2019-3663.json index a7d74fef470..ccb905c9302 100644 --- a/2019/3xxx/CVE-2019-3663.json +++ b/2019/3xxx/CVE-2019-3663.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system.\n\n\n\n\n\n\n\n" + "value": "Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system." } ] }, @@ -74,8 +74,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" + "refsource": "MISC", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10304" } ] }, @@ -83,4 +84,4 @@ "advisory": "SB10304", "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3889.json b/2019/3xxx/CVE-2019-3889.json index eadc697e673..f919112f298 100644 --- a/2019/3xxx/CVE-2019-3889.json +++ b/2019/3xxx/CVE-2019-3889.json @@ -53,6 +53,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3722", "url": "https://access.redhat.com/errata/RHSA-2019:3722" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3770", + "url": "https://access.redhat.com/errata/RHSA-2019:3770" } ] },