From ada90e972882c0ca6d2ad9590c640aba19988b9f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Dec 2019 21:01:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15903.json | 5 +++ 2019/17xxx/CVE-2019-17267.json | 5 +++ 2019/17xxx/CVE-2019-17270.json | 62 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17531.json | 5 +++ 2019/18xxx/CVE-2019-18346.json | 15 ++++++++ 2019/18xxx/CVE-2019-18347.json | 15 ++++++++ 2019/19xxx/CVE-2019-19230.json | 5 +++ 2019/19xxx/CVE-2019-19706.json | 18 ++++++++++ 8 files changed, 130 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17270.json create mode 100644 2019/19xxx/CVE-2019-19706.json diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index 80021b61df5..055b382e58e 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -261,6 +261,11 @@ "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT210785", "url": "https://support.apple.com/kb/HT210785" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210789", + "url": "https://support.apple.com/kb/HT210789" } ] } diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index b41bbfc164b..3193bde5b3f 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3200", "url": "https://access.redhat.com/errata/RHSA-2019:3200" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17270.json b/2019/17xxx/CVE-2019-17270.json new file mode 100644 index 00000000000..62c4a325afa --- /dev/null +++ b/2019/17xxx/CVE-2019-17270.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the \"/pages/systemcall.php?command={COMMAND}\" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155582/Yachtcontrol-2019-10-06-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155582/Yachtcontrol-2019-10-06-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 6ce6953d373..53774035636 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4192", "url": "https://access.redhat.com/errata/RHSA-2019:4192" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" } ] } diff --git a/2019/18xxx/CVE-2019-18346.json b/2019/18xxx/CVE-2019-18346.json index 179d787821e..ac3ea7255f6 100644 --- a/2019/18xxx/CVE-2019-18346.json +++ b/2019/18xxx/CVE-2019-18346.json @@ -66,6 +66,21 @@ "refsource": "MISC", "name": "https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/", "url": "https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/" + }, + { + "refsource": "FULLDISC", + "name": "20191210 CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server", + "url": "http://seclists.org/fulldisclosure/2019/Dec/17" + }, + { + "refsource": "FULLDISC", + "name": "20191210 CVE-2019-18345 Reflected Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server", + "url": "http://seclists.org/fulldisclosure/2019/Dec/19" + }, + { + "refsource": "FULLDISC", + "name": "20191210 CVE-2019-18346 Cross-Site Request Forgery (CSRF) vulnerability in DAViCal CalDAV Server", + "url": "http://seclists.org/fulldisclosure/2019/Dec/18" } ] } diff --git a/2019/18xxx/CVE-2019-18347.json b/2019/18xxx/CVE-2019-18347.json index 3d0bac6259e..1b516e77f0b 100644 --- a/2019/18xxx/CVE-2019-18347.json +++ b/2019/18xxx/CVE-2019-18347.json @@ -66,6 +66,21 @@ "refsource": "MISC", "name": "https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/", "url": "https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/" + }, + { + "refsource": "FULLDISC", + "name": "20191210 CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server", + "url": "http://seclists.org/fulldisclosure/2019/Dec/17" + }, + { + "refsource": "FULLDISC", + "name": "20191210 CVE-2019-18345 Reflected Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server", + "url": "http://seclists.org/fulldisclosure/2019/Dec/19" + }, + { + "refsource": "FULLDISC", + "name": "20191210 CVE-2019-18346 Cross-Site Request Forgery (CSRF) vulnerability in DAViCal CalDAV Server", + "url": "http://seclists.org/fulldisclosure/2019/Dec/18" } ] } diff --git a/2019/19xxx/CVE-2019-19230.json b/2019/19xxx/CVE-2019-19230.json index 0b6c9b467ff..d3c693f405f 100644 --- a/2019/19xxx/CVE-2019-19230.json +++ b/2019/19xxx/CVE-2019-19230.json @@ -78,6 +78,11 @@ "refsource": "CONFIRM", "name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2", "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2" + }, + { + "refsource": "FULLDISC", + "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)", + "url": "http://seclists.org/fulldisclosure/2019/Dec/16" } ] }, diff --git a/2019/19xxx/CVE-2019-19706.json b/2019/19xxx/CVE-2019-19706.json new file mode 100644 index 00000000000..6c2299ff221 --- /dev/null +++ b/2019/19xxx/CVE-2019-19706.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19706", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file