"-Synchronized-Data."

2025-05-07 11:06:39 +00:00 · 2019-11-21 19:01:56 +00:00 · 2019-11-21 19:01:56 +00:00 · b1d2bc3f18
commit b1d2bc3f18
parent 0c43738320
15 changed files with 224 additions and 2 deletions
--- a/2009/4xxx/CVE-2009-4611.json
+++ b/2009/4xxx/CVE-2009-4611.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application."
+                "value": "Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application."
            }
        ]
    },
--- a/2009/5xxx/CVE-2009-5047.json
+++ b/2009/5xxx/CVE-2009-5047.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string."
+                "value": "Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a consonant string (string including only letters)."
            }
        ]
    },
--- a/2019/12xxx/CVE-2019-12525.json
+++ b/2019/12xxx/CVE-2019-12525.json
@ -96,6 +96,16 @@
                "refsource": "BUGTRAQ",
                "name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
                "url": "https://seclists.org/bugtraq/2019/Aug/42"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2540",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2541",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
            }
        ]
    }
--- a/2019/12xxx/CVE-2019-12527.json
+++ b/2019/12xxx/CVE-2019-12527.json
@ -96,6 +96,16 @@
                "refsource": "REDHAT",
                "name": "RHSA-2019:2593",
                "url": "https://access.redhat.com/errata/RHSA-2019:2593"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2540",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2541",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
            }
        ]
    }
--- a/2019/12xxx/CVE-2019-12529.json
+++ b/2019/12xxx/CVE-2019-12529.json
@ -96,6 +96,16 @@
                "refsource": "BUGTRAQ",
                "name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
                "url": "https://seclists.org/bugtraq/2019/Aug/42"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2540",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2541",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
            }
        ]
    }
--- a/2019/12xxx/CVE-2019-12854.json
+++ b/2019/12xxx/CVE-2019-12854.json
@ -81,6 +81,16 @@
                "refsource": "BUGTRAQ",
                "name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
                "url": "https://seclists.org/bugtraq/2019/Aug/42"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2540",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2541",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
            }
        ]
    }
--- a/2019/13xxx/CVE-2019-13345.json
+++ b/2019/13xxx/CVE-2019-13345.json
@ -111,6 +111,16 @@
                "refsource": "REDHAT",
                "name": "RHSA-2019:3476",
                "url": "https://access.redhat.com/errata/RHSA-2019:3476"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2540",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2541",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
            }
        ]
    }
--- a/2019/19xxx/CVE-2019-19033.json
+++ b/2019/19xxx/CVE-2019-19033.json
@ -76,6 +76,11 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/155419/Jalios-JCMS-10-Backdoor-Account-Authentication-Bypass.html",
                "url": "http://packetstormsecurity.com/files/155419/Jalios-JCMS-10-Backdoor-Account-Authentication-Bypass.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/ricardojoserf/CVE-2019-19033",
+                "url": "https://github.com/ricardojoserf/CVE-2019-19033"
            }
        ]
    }
--- a/2019/19xxx/CVE-2019-19192.json
+++ b/2019/19xxx/CVE-2019-19192.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-19192",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2019/19xxx/CVE-2019-19193.json
+++ b/2019/19xxx/CVE-2019-19193.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-19193",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2019/19xxx/CVE-2019-19194.json
+++ b/2019/19xxx/CVE-2019-19194.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-19194",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2019/19xxx/CVE-2019-19195.json
+++ b/2019/19xxx/CVE-2019-19195.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-19195",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2019/19xxx/CVE-2019-19196.json
+++ b/2019/19xxx/CVE-2019-19196.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-19196",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2019/19xxx/CVE-2019-19197.json
+++ b/2019/19xxx/CVE-2019-19197.json
@ -0,0 +1,67 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2019-19197",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://nafiez.github.io/security/vulnerability/2019/11/16/kyrol-internet-security-driver-issue.html",
+                "refsource": "MISC",
+                "name": "https://nafiez.github.io/security/vulnerability/2019/11/16/kyrol-internet-security-driver-issue.html"
+            },
+            {
+                "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-11-16-kyrol-internet-security-driver-issue.md",
+                "refsource": "MISC",
+                "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-11-16-kyrol-internet-security-driver-issue.md"
+            }
+        ]
+    }
+}
--- a/2019/3xxx/CVE-2019-3688.json
+++ b/2019/3xxx/CVE-2019-3688.json
@ -91,6 +91,16 @@
                "name": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
                "refsource": "CONFIRM",
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2540",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2541",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
            }
        ]
    },