From ade68a064a330127fbf3fd48f5548baf7e0b39a5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 12 Jul 2019 20:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/18xxx/CVE-2017-18364.json | 5 +++ 2019/11xxx/CVE-2019-11242.json | 56 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12827.json | 61 ++++++++++++++++++++++++++++--- 2019/13xxx/CVE-2019-13161.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13567.json | 7 +++- 5 files changed, 183 insertions(+), 13 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13161.json diff --git a/2017/18xxx/CVE-2017-18364.json b/2017/18xxx/CVE-2017-18364.json index feb016a2cd0..2985d020195 100644 --- a/2017/18xxx/CVE-2017-18364.json +++ b/2017/18xxx/CVE-2017-18364.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153591/phpFK-lite-version-Cross-Site-Scripting.html", "url": "http://packetstormsecurity.com/files/153591/phpFK-lite-version-Cross-Site-Scripting.html" + }, + { + "refsource": "FULLDISC", + "name": "20190712 Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4", + "url": "http://seclists.org/fulldisclosure/2019/Jul/15" } ] }, diff --git a/2019/11xxx/CVE-2019-11242.json b/2019/11xxx/CVE-2019-11242.json index 0e39b05b192..944e7623079 100644 --- a/2019/11xxx/CVE-2019-11242.json +++ b/2019/11xxx/CVE-2019-11242.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11242", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11242", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/cohesity/SecAdvisory/blob/master/README.md", + "url": "https://github.com/cohesity/SecAdvisory/blob/master/README.md" } ] } diff --git a/2019/12xxx/CVE-2019-12827.json b/2019/12xxx/CVE-2019-12827.json index 9afab125d25..5378f8315eb 100644 --- a/2019/12xxx/CVE-2019-12827.json +++ b/2019/12xxx/CVE-2019-12827.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12827", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12827", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28447", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447" + }, + { + "refsource": "CONFIRM", + "name": "http://downloads.digium.com/pub/security/AST-2019-002.html", + "url": "http://downloads.digium.com/pub/security/AST-2019-002.html" } ] } diff --git a/2019/13xxx/CVE-2019-13161.json b/2019/13xxx/CVE-2019-13161.json new file mode 100644 index 00000000000..43ff5fc28bc --- /dev/null +++ b/2019/13xxx/CVE-2019-13161.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://downloads.digium.com/pub/security/AST-2019-003.html", + "url": "http://downloads.digium.com/pub/security/AST-2019-003.html" + }, + { + "refsource": "CONFIRM", + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28465", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13567.json b/2019/13xxx/CVE-2019-13567.json index 246b1fb8064..c497192f58f 100644 --- a/2019/13xxx/CVE-2019-13567.json +++ b/2019/13xxx/CVE-2019-13567.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Zoom Client before 4.4.2 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData." + "value": "The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData." } ] }, @@ -71,6 +71,11 @@ "url": "https://twitter.com/JLLeitschuh/status/1149422543658520578", "refsource": "MISC", "name": "https://twitter.com/JLLeitschuh/status/1149422543658520578" + }, + { + "refsource": "MISC", + "name": "https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS", + "url": "https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS" } ] }