diff --git a/2018/20xxx/CVE-2018-20800.json b/2018/20xxx/CVE-2018-20800.json new file mode 100644 index 00000000000..94fac2a507d --- /dev/null +++ b/2018/20xxx/CVE-2018-20800.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20800", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework", + "refsource" : "MISC", + "url" : "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework" + } + ] + } +} diff --git a/2019/3xxx/CVE-2019-3711.json b/2019/3xxx/CVE-2019-3711.json index 38a6d50c6ee..2119b58a845 100644 --- a/2019/3xxx/CVE-2019-3711.json +++ b/2019/3xxx/CVE-2019-3711.json @@ -1,84 +1,85 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-02-28T05:00:00.000Z", - "ID": "CVE-2019-3711", - "STATE": "PUBLIC", - "TITLE": "DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "RSA Authentication Manager", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "8.4", - "version_value": "P1" - } - ] - } - } - ] - }, - "vendor_name": "Dell" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A \nmalicious Operations Console administrator may be able to obtain the value of a domain password that another Operations \nConsole administrator had set previously and use it for attacks." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "insecure credential management" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://seclists.org/fulldisclosure/2019/Mar/5" - } - ] - }, - "source": { - "discovery": "UNKNOWN" - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2019-02-28T05:00:00.000Z", + "ID" : "CVE-2019-3711", + "STATE" : "PUBLIC", + "TITLE" : "DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "RSA Authentication Manager", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_name" : "8.4", + "version_value" : "P1" + } + ] + } + } + ] + }, + "vendor_name" : "Dell" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks." + } + ] + }, + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 5.8, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "NONE", + "privilegesRequired" : "HIGH", + "scope" : "CHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "insecure credential management" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190228 DSA-2019-038: RSA Authentication Manager Insecure Credential Management Vulnerability", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2019/Mar/5" + } + ] + }, + "source" : { + "discovery" : "UNKNOWN" + } +} diff --git a/2019/3xxx/CVE-2019-3715.json b/2019/3xxx/CVE-2019-3715.json index 027fa1875cc..3a9b528501f 100644 --- a/2019/3xxx/CVE-2019-3715.json +++ b/2019/3xxx/CVE-2019-3715.json @@ -1,83 +1,84 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-03-09T05:00:00.000Z", - "ID": "CVE-2019-3715", - "STATE": "PUBLIC", - "TITLE": "Information Exposure Vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2019-03-09T05:00:00.000Z", + "ID" : "CVE-2019-3715", + "STATE" : "PUBLIC", + "TITLE" : "Information Exposure Vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "RSA Archer", - "version": { - "version_data": [ + "product_name" : "RSA Archer", + "version" : { + "version_data" : [ { - "affected": "<", - "version_value": "6.5 P1" + "affected" : "<", + "version_value" : "6.5 P1" } ] } } ] }, - "vendor_name": "Dell" + "vendor_name" : "Dell" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks." + "lang" : "eng", + "value" : "RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "LOCAL", + "availabilityImpact" : "HIGH", + "baseScore" : 7.8, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "LOW", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Information Exposure Vulnerability" + "lang" : "eng", + "value" : "Information Exposure Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "CONFIRM", - "url": "https://seclists.org/fulldisclosure/2019/Mar/19" + "name" : "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2019/Mar/19" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2019/3xxx/CVE-2019-3716.json b/2019/3xxx/CVE-2019-3716.json index 7aa5b0ca677..ccb20693271 100644 --- a/2019/3xxx/CVE-2019-3716.json +++ b/2019/3xxx/CVE-2019-3716.json @@ -1,83 +1,84 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-03-09T05:00:00.000Z", - "ID": "CVE-2019-3716", - "STATE": "PUBLIC", - "TITLE": "Information Exposure Vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2019-03-09T05:00:00.000Z", + "ID" : "CVE-2019-3716", + "STATE" : "PUBLIC", + "TITLE" : "Information Exposure Vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "RSA Archer", - "version": { - "version_data": [ + "product_name" : "RSA Archer", + "version" : { + "version_data" : [ { - "affected": "<", - "version_value": "6.5 P2" + "affected" : "<", + "version_value" : "6.5 P2" } ] } } ] }, - "vendor_name": "Dell" + "vendor_name" : "Dell" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks." + "lang" : "eng", + "value" : "RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "LOCAL", + "availabilityImpact" : "HIGH", + "baseScore" : 7.8, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "LOW", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Information Exposure Vulnerability" + "lang" : "eng", + "value" : "Information Exposure Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "CONFIRM", - "url": "https://seclists.org/fulldisclosure/2019/Mar/19" + "name" : "20190306 DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2019/Mar/19" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2019/3xxx/CVE-2019-3785.json b/2019/3xxx/CVE-2019-3785.json index 81575d80848..ccfbe3826f8 100644 --- a/2019/3xxx/CVE-2019-3785.json +++ b/2019/3xxx/CVE-2019-3785.json @@ -1,84 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-03-12T00:00:00.000Z", - "ID": "CVE-2019-3785", - "STATE": "PUBLIC", - "TITLE": "Cloud Controller provides signed URL with write authorization to read only user" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "CAPI", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "All", - "version_value": "1.78.0" - } + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2019-03-12T00:00:00.000Z", + "ID" : "CVE-2019-3785", + "STATE" : "PUBLIC", + "TITLE" : "Cloud Controller provides signed URL with write authorization to read only user" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "CAPI", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_name" : "All", + "version_value" : "1.78.0" + } + ] + } + } ] - } - } - ] - }, - "vendor_name": "Cloud Foundry" - } + }, + "vendor_name" : "Cloud Foundry" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service." + } ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service." + }, + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "HIGH", + "baseScore" : 6.5, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "NONE", + "integrityImpact" : "HIGH", + "privilegesRequired" : "HIGH", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version" : "3.0" } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-285: Improper Authorization" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://www.cloudfoundry.org/blog/cve-2019-3785", - "name": "https://www.cloudfoundry.org/blog/cve-2019-3785" - } - ]}, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", - "version": "3.0" - } - } -} \ No newline at end of file + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.cloudfoundry.org/blog/cve-2019-3785", + "refsource" : "CONFIRM", + "url" : "https://www.cloudfoundry.org/blog/cve-2019-3785" + } + ] + }, + "source" : { + "discovery" : "UNKNOWN" + } +} diff --git a/2019/6xxx/CVE-2019-6596.json b/2019/6xxx/CVE-2019-6596.json index 8fdba00844f..8e792e97826 100644 --- a/2019/6xxx/CVE-2019-6596.json +++ b/2019/6xxx/CVE-2019-6596.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K97241515", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K97241515" } ] diff --git a/2019/6xxx/CVE-2019-6597.json b/2019/6xxx/CVE-2019-6597.json index 29fe78e4693..1bb1c15f573 100644 --- a/2019/6xxx/CVE-2019-6597.json +++ b/2019/6xxx/CVE-2019-6597.json @@ -57,6 +57,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K29280193", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K29280193" } ] diff --git a/2019/6xxx/CVE-2019-6598.json b/2019/6xxx/CVE-2019-6598.json index ad928364dd4..d791d303005 100644 --- a/2019/6xxx/CVE-2019-6598.json +++ b/2019/6xxx/CVE-2019-6598.json @@ -57,6 +57,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K44603900", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K44603900" } ] diff --git a/2019/6xxx/CVE-2019-6599.json b/2019/6xxx/CVE-2019-6599.json index dd10b8929ce..7decbef6b72 100644 --- a/2019/6xxx/CVE-2019-6599.json +++ b/2019/6xxx/CVE-2019-6599.json @@ -57,6 +57,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K46401178", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K46401178" } ] diff --git a/2019/6xxx/CVE-2019-6600.json b/2019/6xxx/CVE-2019-6600.json index 565951bf8c2..3b9cf056e20 100644 --- a/2019/6xxx/CVE-2019-6600.json +++ b/2019/6xxx/CVE-2019-6600.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K23734425", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K23734425" } ] diff --git a/2019/6xxx/CVE-2019-6601.json b/2019/6xxx/CVE-2019-6601.json index a8554e393b9..d79eef3d4cc 100644 --- a/2019/6xxx/CVE-2019-6601.json +++ b/2019/6xxx/CVE-2019-6601.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K25359902", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K25359902" } ] diff --git a/2019/9xxx/CVE-2019-9751.json b/2019/9xxx/CVE-2019-9751.json new file mode 100644 index 00000000000..2cf4b4ff9d8 --- /dev/null +++ b/2019/9xxx/CVE-2019-9751.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9751", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework", + "refsource" : "MISC", + "url" : "https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9752.json b/2019/9xxx/CVE-2019-9752.json new file mode 100644 index 00000000000..63b11ace905 --- /dev/null +++ b/2019/9xxx/CVE-2019-9752.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9752", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework", + "refsource" : "MISC", + "url" : "https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9753.json b/2019/9xxx/CVE-2019-9753.json new file mode 100644 index 00000000000..22271c60d37 --- /dev/null +++ b/2019/9xxx/CVE-2019-9753.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9753", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9754.json b/2019/9xxx/CVE-2019-9754.json new file mode 100644 index 00000000000..5316cfdd11e --- /dev/null +++ b/2019/9xxx/CVE-2019-9754.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9754", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html", + "refsource" : "MISC", + "url" : "https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html" + } + ] + } +}