From b1e60f27eccd577e0f4459a289f0fb3d0853ad82 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 11 Jul 2019 19:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/11xxx/CVE-2017-11774.json | 12 ++- 2018/17xxx/CVE-2018-17150.json | 48 ++++++++- 2018/17xxx/CVE-2018-17151.json | 48 ++++++++- 2018/17xxx/CVE-2018-17152.json | 48 ++++++++- 2018/19xxx/CVE-2018-19588.json | 48 ++++++++- 2019/0xxx/CVE-2019-0319.json | 5 + 2019/10xxx/CVE-2019-10135.json | 7 +- 2019/10xxx/CVE-2019-10192.json | 21 ++-- 2019/10xxx/CVE-2019-10193.json | 21 ++-- 2019/10xxx/CVE-2019-10194.json | 7 +- 2019/11xxx/CVE-2019-11062.json | 12 +-- 2019/11xxx/CVE-2019-11268.json | 12 +-- 2019/12xxx/CVE-2019-12525.json | 66 +++++++++++-- 2019/12xxx/CVE-2019-12527.json | 66 +++++++++++-- 2019/12xxx/CVE-2019-12529.json | 66 +++++++++++-- 2019/13xxx/CVE-2019-13029.json | 62 ++++++++++++ 2019/3xxx/CVE-2019-3889.json | 5 +- 2019/7xxx/CVE-2019-7003.json | 172 ++++++++++++++++----------------- 2019/9xxx/CVE-2019-9657.json | 48 ++++++++- 2019/9xxx/CVE-2019-9886.json | 2 +- 2019/9xxx/CVE-2019-9948.json | 5 + 21 files changed, 624 insertions(+), 157 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13029.json diff --git a/2017/11xxx/CVE-2017-11774.json b/2017/11xxx/CVE-2017-11774.json index 5ea561346d4..dd6e0a0646a 100644 --- a/2017/11xxx/CVE-2017-11774.json +++ b/2017/11xxx/CVE-2017-11774.json @@ -9,6 +9,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Microsoft Corporation", "product": { "product_data": [ { @@ -16,14 +17,19 @@ "version": { "version_data": [ { - "version_value": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016." + "version_value": "Microsoft Outlook 2010 SP2" + }, + { + "version_value": "Outlook 2013 SP1 and RT SP1" + }, + { + "version_value": "Outlook 2016" } ] } } ] - }, - "vendor_name": "Microsoft Corporation" + } } ] } diff --git a/2018/17xxx/CVE-2018-17150.json b/2018/17xxx/CVE-2018-17150.json index f2e32b5361e..5c857f26259 100644 --- a/2018/17xxx/CVE-2018-17150.json +++ b/2018/17xxx/CVE-2018-17150.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17150", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intersystems Cache 2017.2.2.865.0 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities", + "url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities" } ] } diff --git a/2018/17xxx/CVE-2018-17151.json b/2018/17xxx/CVE-2018-17151.json index a7dee18cf33..7f71a880a5b 100644 --- a/2018/17xxx/CVE-2018-17151.json +++ b/2018/17xxx/CVE-2018-17151.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17151", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities", + "url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities" } ] } diff --git a/2018/17xxx/CVE-2018-17152.json b/2018/17xxx/CVE-2018-17152.json index 71345d20cc5..c0f3ec6cd49 100644 --- a/2018/17xxx/CVE-2018-17152.json +++ b/2018/17xxx/CVE-2018-17152.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17152", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intersystems Cache 2017.2.2.865.0 allows XXE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities", + "url": "https://know.bishopfox.com/advisories/intersystems-cache-2017-2-2-865-0-vulnerabilities" } ] } diff --git a/2018/19xxx/CVE-2018-19588.json b/2018/19xxx/CVE-2018-19588.json index afb92e6228c..8446e4d83df 100644 --- a/2018/19xxx/CVE-2018-19588.json +++ b/2018/19xxx/CVE-2018-19588.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19588", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vfxcomputing.com/?CVE-2018-19588", + "url": "https://www.vfxcomputing.com/?CVE-2018-19588" } ] } diff --git a/2019/0xxx/CVE-2019-0319.json b/2019/0xxx/CVE-2019-0319.json index ea02832331b..64312725607 100644 --- a/2019/0xxx/CVE-2019-0319.json +++ b/2019/0xxx/CVE-2019-0319.json @@ -79,6 +79,11 @@ "refsource": "CONFIRM", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/ascii/WLB-2019050283", + "url": "https://cxsecurity.com/ascii/WLB-2019050283" } ] } diff --git a/2019/10xxx/CVE-2019-10135.json b/2019/10xxx/CVE-2019-10135.json index f0b078c56da..afd228b4967 100644 --- a/2019/10xxx/CVE-2019-10135.json +++ b/2019/10xxx/CVE-2019-10135.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10135", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -48,7 +49,7 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10135", "refsource": "CONFIRM" }, - { + { "url": "https://github.com/containerbuildsystem/osbs-client/pull/865", "refsource": "CONFIRM", "name": "https://github.com/containerbuildsystem/osbs-client/pull/865" @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10192.json b/2019/10xxx/CVE-2019-10192.json index c8fa85eb65e..819aea7cf0d 100644 --- a/2019/10xxx/CVE-2019-10192.json +++ b/2019/10xxx/CVE-2019-10192.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10192", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -50,18 +51,24 @@ "references": { "reference_data": [ { - "url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES" + "url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES" }, { - "url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES" + "url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES" + }, + { + "url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192", "refsource": "CONFIRM" - }, - { - "url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES" } ] }, @@ -83,4 +90,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10193.json b/2019/10xxx/CVE-2019-10193.json index 6613d12afae..eb9ddc49d09 100644 --- a/2019/10xxx/CVE-2019-10193.json +++ b/2019/10xxx/CVE-2019-10193.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10193", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -50,18 +51,24 @@ "references": { "reference_data": [ { - "url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES" + "url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES" }, { - "url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES" + "url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES" + }, + { + "url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193", "refsource": "CONFIRM" - }, - { - "url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES" } ] }, @@ -83,4 +90,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10194.json b/2019/10xxx/CVE-2019-10194.json index 2900ae8dcc8..2ed061bf5ad 100644 --- a/2019/10xxx/CVE-2019-10194.json +++ b/2019/10xxx/CVE-2019-10194.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10194", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -54,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts." + "value": "Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts." } ] }, @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11062.json b/2019/11xxx/CVE-2019-11062.json index 709e9c2f0b3..10921d48e5a 100644 --- a/2019/11xxx/CVE-2019-11062.json +++ b/2019/11xxx/CVE-2019-11062.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "SUNNET", "product": { "product_data": [ { @@ -17,21 +18,16 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_name": "5", - "version_value": "0" + "version_value": "5.0" }, { - "version_affected": "=", - "version_name": "5", - "version_value": "1" + "version_value": "5.1" } ] } } ] - }, - "vendor_name": "SUNNET" + } } ] } diff --git a/2019/11xxx/CVE-2019-11268.json b/2019/11xxx/CVE-2019-11268.json index 074a45e0eb0..de06aa4a8a9 100644 --- a/2019/11xxx/CVE-2019-11268.json +++ b/2019/11xxx/CVE-2019-11268.json @@ -16,6 +16,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Cloud Foundry", "product": { "product_data": [ { @@ -23,16 +24,13 @@ "version": { "version_data": [ { - "affected": "<", - "version_name": "All", - "version_value": "v73.3.0" + "version_value": "prior to v73.3.0" } ] } } ] - }, - "vendor_name": "Cloud Foundry" + } } ] } @@ -41,7 +39,7 @@ "description_data": [ { "lang": "eng", - "value": "UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones." + "value": "Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones." } ] }, @@ -82,4 +80,4 @@ "version": "3.0" } } -} +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12525.json b/2019/12xxx/CVE-2019-12525.json index 04c443485f5..6740498a43e 100644 --- a/2019/12xxx/CVE-2019-12525.json +++ b/2019/12xxx/CVE-2019-12525.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12525", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12525", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Versions/v4/changesets/", + "url": "http://www.squid-cache.org/Versions/v4/changesets/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/squid-cache/squid/commits/v4", + "url": "https://github.com/squid-cache/squid/commits/v4" + }, + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch" } ] } diff --git a/2019/12xxx/CVE-2019-12527.json b/2019/12xxx/CVE-2019-12527.json index 8e441c2ff08..bad354a2ebe 100644 --- a/2019/12xxx/CVE-2019-12527.json +++ b/2019/12xxx/CVE-2019-12527.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12527", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12527", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Versions/v4/changesets/", + "url": "http://www.squid-cache.org/Versions/v4/changesets/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/squid-cache/squid/commits/v4", + "url": "https://github.com/squid-cache/squid/commits/v4" + }, + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch" } ] } diff --git a/2019/12xxx/CVE-2019-12529.json b/2019/12xxx/CVE-2019-12529.json index 20fe9e01f36..cb2ff34a19e 100644 --- a/2019/12xxx/CVE-2019-12529.json +++ b/2019/12xxx/CVE-2019-12529.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12529", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12529", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Versions/v4/changesets/", + "url": "http://www.squid-cache.org/Versions/v4/changesets/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/squid-cache/squid/commits/v4", + "url": "https://github.com/squid-cache/squid/commits/v4" + }, + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch" } ] } diff --git a/2019/13xxx/CVE-2019-13029.json b/2019/13xxx/CVE-2019-13029.json new file mode 100644 index 00000000000..a3ce63caee8 --- /dev/null +++ b/2019/13xxx/CVE-2019-13029.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/snippets/1874216", + "url": "https://gitlab.com/snippets/1874216" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3889.json b/2019/3xxx/CVE-2019-3889.json index 986460efe0a..82d17b2e5e9 100644 --- a/2019/3xxx/CVE-2019-3889.json +++ b/2019/3xxx/CVE-2019-3889.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3889", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7003.json b/2019/7xxx/CVE-2019-7003.json index 9d900f41637..83d562c1305 100644 --- a/2019/7xxx/CVE-2019-7003.json +++ b/2019/7xxx/CVE-2019-7003.json @@ -1,90 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "securityalerts@avaya.com", - "DATE_PUBLIC": "2019-07-09T23:00:00.000Z", - "ID": "CVE-2019-7003", - "STATE": "PUBLIC", - "TITLE": "ACM SQL Injection" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Avaya Control Manager", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "8.0.x", - "version_value": "8.0.4.0" - }, - { - "affected": "=", - "version_name": "7.x", - "version_value": "7.x" - } - ] - } - } - ] - }, - "vendor_name": "Avaya" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 9.3, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "DATE_PUBLIC": "2019-07-09T23:00:00.000Z", + "ID": "CVE-2019-7003", + "STATE": "PUBLIC", + "TITLE": "ACM SQL Injection" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Avaya", + "product": { + "product_data": [ + { + "product_name": "Avaya Control Manager", + "version": { + "version_data": [ + { + "version_value": "8.0.x prior to 8.0.4.0" + }, + { + "version_value": "7.x" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://downloads.avaya.com/css/P8/documents/101059368", - "refsource": "CONFIRM", - "url": "https://downloads.avaya.com/css/P8/documents/101059368" - } - ] - }, - "source": { - "advisory": "ASA-2019-119" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downloads.avaya.com/css/P8/documents/101059368", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/101059368" + } + ] + }, + "source": { + "advisory": "ASA-2019-119" + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9657.json b/2019/9xxx/CVE-2019-9657.json index 0b71d81a2a0..5aabe72c73b 100644 --- a/2019/9xxx/CVE-2019-9657.json +++ b/2019/9xxx/CVE-2019-9657.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9657", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vfxcomputing.com/?CVE-2019-9657", + "url": "https://www.vfxcomputing.com/?CVE-2019-9657" } ] } diff --git a/2019/9xxx/CVE-2019-9886.json b/2019/9xxx/CVE-2019-9886.json index e60e2c4b5c9..3e4ebc22ec5 100644 --- a/2019/9xxx/CVE-2019-9886.json +++ b/2019/9xxx/CVE-2019-9886.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login before eClass version ip.2.5.10.2.1. " + "value": "Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1." } ] }, diff --git a/2019/9xxx/CVE-2019-9948.json b/2019/9xxx/CVE-2019-9948.json index fff494ba5d7..36f230cdcee 100644 --- a/2019/9xxx/CVE-2019-9948.json +++ b/2019/9xxx/CVE-2019-9948.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1700", "url": "https://access.redhat.com/errata/RHSA-2019:1700" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190711 [SECURITY] [DLA 1852-1] python3.4 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html" } ] }