From b1d2bc3f18ef83fb6840b0ae22032c0f990ba08b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 Nov 2019 19:01:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2009/4xxx/CVE-2009-4611.json | 2 +- 2009/5xxx/CVE-2009-5047.json | 2 +- 2019/12xxx/CVE-2019-12525.json | 10 +++++ 2019/12xxx/CVE-2019-12527.json | 10 +++++ 2019/12xxx/CVE-2019-12529.json | 10 +++++ 2019/12xxx/CVE-2019-12854.json | 10 +++++ 2019/13xxx/CVE-2019-13345.json | 10 +++++ 2019/19xxx/CVE-2019-19033.json | 5 +++ 2019/19xxx/CVE-2019-19192.json | 18 +++++++++ 2019/19xxx/CVE-2019-19193.json | 18 +++++++++ 2019/19xxx/CVE-2019-19194.json | 18 +++++++++ 2019/19xxx/CVE-2019-19195.json | 18 +++++++++ 2019/19xxx/CVE-2019-19196.json | 18 +++++++++ 2019/19xxx/CVE-2019-19197.json | 67 ++++++++++++++++++++++++++++++++++ 2019/3xxx/CVE-2019-3688.json | 10 +++++ 15 files changed, 224 insertions(+), 2 deletions(-) create mode 100644 2019/19xxx/CVE-2019-19192.json create mode 100644 2019/19xxx/CVE-2019-19193.json create mode 100644 2019/19xxx/CVE-2019-19194.json create mode 100644 2019/19xxx/CVE-2019-19195.json create mode 100644 2019/19xxx/CVE-2019-19196.json create mode 100644 2019/19xxx/CVE-2019-19197.json diff --git a/2009/4xxx/CVE-2009-4611.json b/2009/4xxx/CVE-2009-4611.json index 4ccb4ab5b54..e664f32608e 100644 --- a/2009/4xxx/CVE-2009-4611.json +++ b/2009/4xxx/CVE-2009-4611.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application." + "value": "Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application." } ] }, diff --git a/2009/5xxx/CVE-2009-5047.json b/2009/5xxx/CVE-2009-5047.json index 411021e7754..975a624eeb8 100644 --- a/2009/5xxx/CVE-2009-5047.json +++ b/2009/5xxx/CVE-2009-5047.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string." + "value": "Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a consonant string (string including only letters)." } ] }, diff --git a/2019/12xxx/CVE-2019-12525.json b/2019/12xxx/CVE-2019-12525.json index 8141187783e..56c89b2d8c2 100644 --- a/2019/12xxx/CVE-2019-12525.json +++ b/2019/12xxx/CVE-2019-12525.json @@ -96,6 +96,16 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4507-1] squid security update", "url": "https://seclists.org/bugtraq/2019/Aug/42" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2540", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2541", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" } ] } diff --git a/2019/12xxx/CVE-2019-12527.json b/2019/12xxx/CVE-2019-12527.json index 2bea39400e2..79e4456a633 100644 --- a/2019/12xxx/CVE-2019-12527.json +++ b/2019/12xxx/CVE-2019-12527.json @@ -96,6 +96,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:2593", "url": "https://access.redhat.com/errata/RHSA-2019:2593" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2540", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2541", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" } ] } diff --git a/2019/12xxx/CVE-2019-12529.json b/2019/12xxx/CVE-2019-12529.json index 71188f2f01d..19720c13c4b 100644 --- a/2019/12xxx/CVE-2019-12529.json +++ b/2019/12xxx/CVE-2019-12529.json @@ -96,6 +96,16 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4507-1] squid security update", "url": "https://seclists.org/bugtraq/2019/Aug/42" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2540", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2541", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" } ] } diff --git a/2019/12xxx/CVE-2019-12854.json b/2019/12xxx/CVE-2019-12854.json index 2f9fa3a4195..8aa981edc5f 100644 --- a/2019/12xxx/CVE-2019-12854.json +++ b/2019/12xxx/CVE-2019-12854.json @@ -81,6 +81,16 @@ "refsource": "BUGTRAQ", "name": "20190825 [SECURITY] [DSA 4507-1] squid security update", "url": "https://seclists.org/bugtraq/2019/Aug/42" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2540", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2541", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" } ] } diff --git a/2019/13xxx/CVE-2019-13345.json b/2019/13xxx/CVE-2019-13345.json index db29a4efa9c..ea2e94e064f 100644 --- a/2019/13xxx/CVE-2019-13345.json +++ b/2019/13xxx/CVE-2019-13345.json @@ -111,6 +111,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3476", "url": "https://access.redhat.com/errata/RHSA-2019:3476" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2540", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2541", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" } ] } diff --git a/2019/19xxx/CVE-2019-19033.json b/2019/19xxx/CVE-2019-19033.json index bcdba8e0b65..5546a59c24d 100644 --- a/2019/19xxx/CVE-2019-19033.json +++ b/2019/19xxx/CVE-2019-19033.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155419/Jalios-JCMS-10-Backdoor-Account-Authentication-Bypass.html", "url": "http://packetstormsecurity.com/files/155419/Jalios-JCMS-10-Backdoor-Account-Authentication-Bypass.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/ricardojoserf/CVE-2019-19033", + "url": "https://github.com/ricardojoserf/CVE-2019-19033" } ] } diff --git a/2019/19xxx/CVE-2019-19192.json b/2019/19xxx/CVE-2019-19192.json new file mode 100644 index 00000000000..907d75cd0b6 --- /dev/null +++ b/2019/19xxx/CVE-2019-19192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19193.json b/2019/19xxx/CVE-2019-19193.json new file mode 100644 index 00000000000..8bea998b6f0 --- /dev/null +++ b/2019/19xxx/CVE-2019-19193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19194.json b/2019/19xxx/CVE-2019-19194.json new file mode 100644 index 00000000000..f1b7219eb3a --- /dev/null +++ b/2019/19xxx/CVE-2019-19194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19195.json b/2019/19xxx/CVE-2019-19195.json new file mode 100644 index 00000000000..c128698bae3 --- /dev/null +++ b/2019/19xxx/CVE-2019-19195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19196.json b/2019/19xxx/CVE-2019-19196.json new file mode 100644 index 00000000000..3f1816d77f2 --- /dev/null +++ b/2019/19xxx/CVE-2019-19196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19197.json b/2019/19xxx/CVE-2019-19197.json new file mode 100644 index 00000000000..16d4f170685 --- /dev/null +++ b/2019/19xxx/CVE-2019-19197.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nafiez.github.io/security/vulnerability/2019/11/16/kyrol-internet-security-driver-issue.html", + "refsource": "MISC", + "name": "https://nafiez.github.io/security/vulnerability/2019/11/16/kyrol-internet-security-driver-issue.html" + }, + { + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-11-16-kyrol-internet-security-driver-issue.md", + "refsource": "MISC", + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-11-16-kyrol-internet-security-driver-issue.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3688.json b/2019/3xxx/CVE-2019-3688.json index bf46095730d..5f9c481761d 100644 --- a/2019/3xxx/CVE-2019-3688.json +++ b/2019/3xxx/CVE-2019-3688.json @@ -91,6 +91,16 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1093414", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2540", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2541", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" } ] },