From b051d9133d2ba45e953b005db906b453292f2679 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 28 Mar 2019 17:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16529.json | 63 ++++++++++++++++++++++++++++---- 2018/19xxx/CVE-2018-19879.json | 67 +++++++++++++++++++++++++++++++++- 2019/10xxx/CVE-2019-10258.json | 18 +++++++++ 2019/10xxx/CVE-2019-10259.json | 18 +++++++++ 2019/10xxx/CVE-2019-10260.json | 67 ++++++++++++++++++++++++++++++++++ 2019/10xxx/CVE-2019-10261.json | 18 +++++++++ 2019/5xxx/CVE-2019-5737.json | 67 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5739.json | 58 +++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7251.json | 53 ++++++++++++++++++++++++++- 2019/9xxx/CVE-2019-9164.json | 48 +++++++++++++++++++++++- 10 files changed, 450 insertions(+), 27 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10258.json create mode 100644 2019/10xxx/CVE-2019-10259.json create mode 100644 2019/10xxx/CVE-2019-10260.json create mode 100644 2019/10xxx/CVE-2019-10261.json diff --git a/2018/16xxx/CVE-2018-16529.json b/2018/16xxx/CVE-2018-16529.json index a99a08a85bb..3026ebe2e4c 100644 --- a/2018/16xxx/CVE-2018-16529.json +++ b/2018/16xxx/CVE-2018-16529.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16529", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16529", + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Forcepoint", + "product": { + "product_data": [ + { + "product_name": "Forcepoint Email Security", + "version": { + "version_data": [ + { + "version_value": "8.5.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.forcepoint.com/KBArticle?id=000016655", + "url": "https://support.forcepoint.com/KBArticle?id=000016655" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2018/Nov/23", + "url": "https://seclists.org/fulldisclosure/2018/Nov/23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password." } ] } diff --git a/2018/19xxx/CVE-2018-19879.json b/2018/19xxx/CVE-2018-19879.json index afb96c3b28f..5237d3b0527 100644 --- a/2018/19xxx/CVE-2018-19879.json +++ b/2018/19xxx/CVE-2018-19879.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19879", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware", + "refsource": "MISC", + "name": "https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware" + }, + { + "url": "https://www.triadsec.com/CVE-2018-19878.pdf", + "refsource": "MISC", + "name": "https://www.triadsec.com/CVE-2018-19878.pdf" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:L/I:L/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10258.json b/2019/10xxx/CVE-2019-10258.json new file mode 100644 index 00000000000..bfffc5a5fc0 --- /dev/null +++ b/2019/10xxx/CVE-2019-10258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10259.json b/2019/10xxx/CVE-2019-10259.json new file mode 100644 index 00000000000..1a8020c4004 --- /dev/null +++ b/2019/10xxx/CVE-2019-10259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10260.json b/2019/10xxx/CVE-2019-10260.json new file mode 100644 index 00000000000..9718ca70aee --- /dev/null +++ b/2019/10xxx/CVE-2019-10260.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/totaljs/cms/commit/8b9d7dada998c08d172481d9f0fc0397c4b3c78d", + "refsource": "MISC", + "name": "https://github.com/totaljs/cms/commit/8b9d7dada998c08d172481d9f0fc0397c4b3c78d" + }, + { + "url": "https://github.com/totaljs/cms/commit/75205f93009db3cf8c0b0f4f1fc8ab82d70da8ad", + "refsource": "MISC", + "name": "https://github.com/totaljs/cms/commit/75205f93009db3cf8c0b0f4f1fc8ab82d70da8ad" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10261.json b/2019/10xxx/CVE-2019-10261.json new file mode 100644 index 00000000000..794311cd09a --- /dev/null +++ b/2019/10xxx/CVE-2019-10261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5737.json b/2019/5xxx/CVE-2019-5737.json index 10bd36abe9d..9a2ffcd2d37 100644 --- a/2019/5xxx/CVE-2019-5737.json +++ b/2019/5xxx/CVE-2019-5737.json @@ -1,17 +1,70 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5737", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5737", + "ASSIGNER": "cve-request@iojs.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Node.js", + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 6.17.0" + }, + { + "version_value": "All versions prior to 8.15.1" + }, + { + "version_value": "All versions prior to 10.15.2" + }, + { + "version_value": "All versions prior to 11.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption / Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11." } ] } diff --git a/2019/5xxx/CVE-2019-5739.json b/2019/5xxx/CVE-2019-5739.json index 77adffafe04..7a4df6df9eb 100644 --- a/2019/5xxx/CVE-2019-5739.json +++ b/2019/5xxx/CVE-2019-5739.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5739", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5739", + "ASSIGNER": "cve-request@iojs.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Node.js", + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 6.17.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption / Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default." } ] } diff --git a/2019/7xxx/CVE-2019-7251.json b/2019/7xxx/CVE-2019-7251.json index 5ad847d1b53..3644e0cb6f3 100644 --- a/2019/7xxx/CVE-2019-7251.json +++ b/2019/7xxx/CVE-2019-7251.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7251", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28260", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260" + }, + { + "refsource": "CONFIRM", + "name": "https://downloads.asterisk.org/pub/security/AST-2019-001.html", + "url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html" } ] } diff --git a/2019/9xxx/CVE-2019-9164.json b/2019/9xxx/CVE-2019-9164.json index 4392c71d432..78dd4160201 100644 --- a/2019/9xxx/CVE-2019-9164.json +++ b/2019/9xxx/CVE-2019-9164.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9164", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command injection in Nagios XI before 5.5.11 allows an authenticated attacker to execute arbitrary remote commands via a new autodiscovery job." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.nagios.com/products/security/", + "url": "https://www.nagios.com/products/security/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] }