diff --git a/2018/18xxx/CVE-2018-18370.json b/2018/18xxx/CVE-2018-18370.json index 7a675f2c829..0af87eca317 100644 --- a/2018/18xxx/CVE-2018-18370.json +++ b/2018/18xxx/CVE-2018-18370.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18370", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18370", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec Corporation", + "product": { + "product_data": [ + { + "product_name": "Symantec Advanced Secure Gateway (ASG)", + "version": { + "version_data": [ + { + "version_value": "6.6 and 6.7 prior to 6.7.4.2" + } + ] + } + }, + { + "product_name": "Symantec ProxySG", + "version": { + "version_data": [ + { + "version_value": "6.5 prior to 6.5.10.15" + }, + { + "version_value": "6.6" + }, + { + "version_value": "6.7 prior to 6.7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site-scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1472.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." } ] } diff --git a/2018/18xxx/CVE-2018-18371.json b/2018/18xxx/CVE-2018-18371.json index 2f87296774f..0acfafbee48 100644 --- a/2018/18xxx/CVE-2018-18371.json +++ b/2018/18xxx/CVE-2018-18371.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18371", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18371", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec Corporation", + "product": { + "product_data": [ + { + "product_name": "Symantec Advanced Secure Gateway (ASG)", + "version": { + "version_data": [ + { + "version_value": "6.6 and 6.7 prior to 6.7.4.2" + } + ] + } + }, + { + "product_name": "Symantec ProxySG", + "version": { + "version_data": [ + { + "version_value": "6.5 prior to 6.5.10.15" + }, + { + "version_value": "6.6" + }, + { + "version_value": "6.7 prior to 6.7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1472.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1472.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2." } ] } diff --git a/2019/11xxx/CVE-2019-11658.json b/2019/11xxx/CVE-2019-11658.json index 50c0239a43c..17c8e7cd1de 100644 --- a/2019/11xxx/CVE-2019-11658.json +++ b/2019/11xxx/CVE-2019-11658.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus", + "product": { + "product_data": [ + { + "product_name": "Content Manager", + "version": { + "version_data": [ + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03496282", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state." } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 38a5a0f9e96..32068e097e7 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Commons Compress", + "version": { + "version_data": [ + { + "version_value": "1.15 to 1.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E", + "url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress." } ] } diff --git a/2019/12xxx/CVE-2019-12753.json b/2019/12xxx/CVE-2019-12753.json index 7e01392bd28..66b18fffa43 100644 --- a/2019/12xxx/CVE-2019-12753.json +++ b/2019/12xxx/CVE-2019-12753.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec Corporation", + "product": { + "product_data": [ + { + "product_name": "Symantec Reporter", + "version": { + "version_data": [ + { + "version_value": "Reporter 10.3 prior to 10.3.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1489.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1489.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users." } ] } diff --git a/2019/12xxx/CVE-2019-12754.json b/2019/12xxx/CVE-2019-12754.json index 89ffbd9d01d..f1e09b58206 100644 --- a/2019/12xxx/CVE-2019-12754.json +++ b/2019/12xxx/CVE-2019-12754.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec Corporation", + "product": { + "product_data": [ + { + "product_name": "My VIP Portal", + "version": { + "version_data": [ + { + "version_value": "Previous My VIP portal" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1491.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1491.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy." } ] } diff --git a/2019/13xxx/CVE-2019-13526.json b/2019/13xxx/CVE-2019-13526.json new file mode 100644 index 00000000000..bdf2cb6275e --- /dev/null +++ b/2019/13xxx/CVE-2019-13526.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13526", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Datalogic AV7000 Linear barcode scanner", + "version": { + "version_data": [ + { + "version_value": "all versions prior to 4.6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15142.json b/2019/15xxx/CVE-2019-15142.json index 6e0959fbb21..f18459cc2e2 100644 --- a/2019/15xxx/CVE-2019-15142.json +++ b/2019/15xxx/CVE-2019-15142.json @@ -61,6 +61,11 @@ "url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/", "refsource": "MISC", "name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html" } ] } diff --git a/2019/15xxx/CVE-2019-15143.json b/2019/15xxx/CVE-2019-15143.json index 18fdf4da1fd..48ba9154a85 100644 --- a/2019/15xxx/CVE-2019-15143.json +++ b/2019/15xxx/CVE-2019-15143.json @@ -61,6 +61,11 @@ "url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/", "refsource": "MISC", "name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html" } ] } diff --git a/2019/15xxx/CVE-2019-15144.json b/2019/15xxx/CVE-2019-15144.json index b261eb4e148..2c2e7c4eea7 100644 --- a/2019/15xxx/CVE-2019-15144.json +++ b/2019/15xxx/CVE-2019-15144.json @@ -61,6 +61,11 @@ "url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/", "refsource": "MISC", "name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html" } ] } diff --git a/2019/15xxx/CVE-2019-15145.json b/2019/15xxx/CVE-2019-15145.json index 549d94d661f..dc29d1bcbe9 100644 --- a/2019/15xxx/CVE-2019-15145.json +++ b/2019/15xxx/CVE-2019-15145.json @@ -61,6 +61,11 @@ "url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/", "refsource": "MISC", "name": "https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html" } ] } diff --git a/2019/3xxx/CVE-2019-3394.json b/2019/3xxx/CVE-2019-3394.json index b8e7755ff23..28bc4175fb0 100644 --- a/2019/3xxx/CVE-2019-3394.json +++ b/2019/3xxx/CVE-2019-3394.json @@ -63,6 +63,11 @@ "url": "https://jira.atlassian.com/browse/CONFSERVER-58734", "refsource": "MISC", "name": "https://jira.atlassian.com/browse/CONFSERVER-58734" + }, + { + "refsource": "MISC", + "name": "https://confluence.atlassian.com/x/uAsvOg", + "url": "https://confluence.atlassian.com/x/uAsvOg" } ] } diff --git a/2019/5xxx/CVE-2019-5612.json b/2019/5xxx/CVE-2019-5612.json index 3d28791a5c1..83db1f83d52 100644 --- a/2019/5xxx/CVE-2019-5612.json +++ b/2019/5xxx/CVE-2019-5612.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5612", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5612", + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "before 12.0-RELEASE-p10" + }, + { + "version_value": "before 11.3-RELEASE-p3" + }, + { + "version_value": "before 11.2-RELEASE-p14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper check for unusual conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer." } ] } diff --git a/2019/9xxx/CVE-2019-9697.json b/2019/9xxx/CVE-2019-9697.json index 4fb6a9cb4d2..5f540f6fd05 100644 --- a/2019/9xxx/CVE-2019-9697.json +++ b/2019/9xxx/CVE-2019-9697.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9697", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9697", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec Corporation", + "product": { + "product_data": [ + { + "product_name": "Management Center (MC)", + "version": { + "version_data": [ + { + "version_value": "2.0" + }, + { + "version_value": "2.1" + }, + { + "version_value": "2.2 prior to 2.2.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1480.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1480.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access." } ] }