diff --git a/2018/13xxx/CVE-2018-13443.json b/2018/13xxx/CVE-2018-13443.json index 889be281a91..a4ad9b92e8c 100644 --- a/2018/13xxx/CVE-2018-13443.json +++ b/2018/13xxx/CVE-2018-13443.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13443", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/eosio", + "refsource": "MISC", + "name": "https://hackerone.com/eosio" + }, + { + "url": "https://github.com/EOSIO/eos", + "refsource": "MISC", + "name": "https://github.com/EOSIO/eos" + }, + { + "url": "https://github.com/EOSIO/eos/issues/6585", + "refsource": "MISC", + "name": "https://github.com/EOSIO/eos/issues/6585" } ] } diff --git a/2018/19xxx/CVE-2018-19917.json b/2018/19xxx/CVE-2018-19917.json index 380caafa2d2..31a2aa09cdf 100644 --- a/2018/19xxx/CVE-2018-19917.json +++ b/2018/19xxx/CVE-2018-19917.json @@ -71,6 +71,11 @@ "url": "https://github.com/microweber/microweber/commits/master", "refsource": "MISC", "name": "https://github.com/microweber/microweber/commits/master" + }, + { + "refsource": "MISC", + "name": "https://www.netsparker.com/web-applications-advisories/ns-18-038-reflected-cross-site-scripting-in-microweber/", + "url": "https://www.netsparker.com/web-applications-advisories/ns-18-038-reflected-cross-site-scripting-in-microweber/" } ] } diff --git a/2019/10xxx/CVE-2019-10239.json b/2019/10xxx/CVE-2019-10239.json index f7cefeb2c24..7cc0f4e70c5 100644 --- a/2019/10xxx/CVE-2019-10239.json +++ b/2019/10xxx/CVE-2019-10239.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10239", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10239", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.to.com/advisory-runasspc-cve-2019-10239/", + "url": "https://blog.to.com/advisory-runasspc-cve-2019-10239/" } ] } diff --git a/2019/11xxx/CVE-2019-11032.json b/2019/11xxx/CVE-2019-11032.json index e184ec15db9..4a193086f2d 100644 --- a/2019/11xxx/CVE-2019-11032.json +++ b/2019/11xxx/CVE-2019-11032.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11032", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11032", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.excellium-services.com/cert-xlm-advisory/", + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/" + }, + { + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-11032/", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-11032/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11081.json b/2019/11xxx/CVE-2019-11081.json index 6784797ab2d..a200ff68a5d 100644 --- a/2019/11xxx/CVE-2019-11081.json +++ b/2019/11xxx/CVE-2019-11081.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11081", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11081", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A default username and password in Dentsply Sirona Sidexis 4.2 and possibly others allows an attacker to gain administrative access to the application server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bastolino.de/sidexis4vuln.html", + "refsource": "MISC", + "name": "https://bastolino.de/sidexis4vuln.html" } ] } diff --git a/2019/11xxx/CVE-2019-11487.json b/2019/11xxx/CVE-2019-11487.json index 67a6708e849..5ebbaa832d7 100644 --- a/2019/11xxx/CVE-2019-11487.json +++ b/2019/11xxx/CVE-2019-11487.json @@ -111,6 +111,11 @@ "url": "https://lwn.net/Articles/786044/", "refsource": "MISC", "name": "https://lwn.net/Articles/786044/" + }, + { + "refsource": "BID", + "name": "108054", + "url": "http://www.securityfocus.com/bid/108054" } ] } diff --git a/2019/3xxx/CVE-2019-3398.json b/2019/3xxx/CVE-2019-3398.json index 004c8901876..c3a389f20e1 100644 --- a/2019/3xxx/CVE-2019-3398.json +++ b/2019/3xxx/CVE-2019-3398.json @@ -99,6 +99,11 @@ "refsource": "BUGTRAQ", "name": "20190424 Confluence Security Advisory - 2019-04-17", "url": "https://seclists.org/bugtraq/2019/Apr/33" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html" } ] } diff --git a/2019/3xxx/CVE-2019-3901.json b/2019/3xxx/CVE-2019-3901.json index 3e81bbb71e4..653576d0319 100644 --- a/2019/3xxx/CVE-2019-3901.json +++ b/2019/3xxx/CVE-2019-3901.json @@ -48,6 +48,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901", "refsource": "CONFIRM" + }, + { + "refsource": "BID", + "name": "89937", + "url": "http://www.securityfocus.com/bid/89937" } ] }, diff --git a/2019/7xxx/CVE-2019-7211.json b/2019/7xxx/CVE-2019-7211.json index 75c1ab41fc6..646f4e00778 100644 --- a/2019/7xxx/CVE-2019-7211.json +++ b/2019/7xxx/CVE-2019-7211.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7211", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.smartertools.com/smartermail/release-notes/current", + "url": "https://www.smartertools.com/smartermail/release-notes/current" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/" } ] } diff --git a/2019/7xxx/CVE-2019-7212.json b/2019/7xxx/CVE-2019-7212.json index 5e2dfae9433..6fef56fd47b 100644 --- a/2019/7xxx/CVE-2019-7212.json +++ b/2019/7xxx/CVE-2019-7212.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7212", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users\u2019 emails and file attachments. It was also possible to interact with mailing lists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.smartertools.com/smartermail/release-notes/current", + "url": "https://www.smartertools.com/smartermail/release-notes/current" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/" } ] } diff --git a/2019/7xxx/CVE-2019-7213.json b/2019/7xxx/CVE-2019-7213.json index 7f5f62bdb35..84869ef753a 100644 --- a/2019/7xxx/CVE-2019-7213.json +++ b/2019/7xxx/CVE-2019-7213.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7213", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.smartertools.com/smartermail/release-notes/current", + "url": "https://www.smartertools.com/smartermail/release-notes/current" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/" } ] } diff --git a/2019/7xxx/CVE-2019-7214.json b/2019/7xxx/CVE-2019-7214.json index 7e50fdd1d81..9904999275e 100644 --- a/2019/7xxx/CVE-2019-7214.json +++ b/2019/7xxx/CVE-2019-7214.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7214", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.smartertools.com/smartermail/release-notes/current", + "url": "https://www.smartertools.com/smartermail/release-notes/current" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/" } ] } diff --git a/2019/9xxx/CVE-2019-9734.json b/2019/9xxx/CVE-2019-9734.json index 6df61318851..821729b1ea3 100644 --- a/2019/9xxx/CVE-2019-9734.json +++ b/2019/9xxx/CVE-2019-9734.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9734", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file because of incorrect if/else usage in the Log-File writer component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/aquaverde/aquarius-core/commit/d1dfa5b8280388a0b6f2f341f0681522dbea03b0", + "url": "https://github.com/aquaverde/aquarius-core/commit/d1dfa5b8280388a0b6f2f341f0681522dbea03b0" + }, + { + "refsource": "MISC", + "name": "https://www.tryption.ch/2019/04/19/cve-2019-9734-password-leakage-im-aquarius-cms/", + "url": "https://www.tryption.ch/2019/04/19/cve-2019-9734-password-leakage-im-aquarius-cms/" } ] } diff --git a/2019/9xxx/CVE-2019-9928.json b/2019/9xxx/CVE-2019-9928.json index 2b1175067f8..85b0e187179 100644 --- a/2019/9xxx/CVE-2019-9928.json +++ b/2019/9xxx/CVE-2019-9928.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9928", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9928", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gstreamer.freedesktop.org/security/", + "url": "https://gstreamer.freedesktop.org/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://gstreamer.freedesktop.org/security/sa-2019-0001.html", + "url": "https://gstreamer.freedesktop.org/security/sa-2019-0001.html" } ] }