From b6fadc8c3d9a3bacc5bc6f2860a58f6a40c901c5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 7 Jan 2020 19:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10465.json | 48 +++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10776.json | 55 ++++++++++++++++++++++++++-- 2019/16xxx/CVE-2019-16154.json | 62 ++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17427.json | 5 +++ 2019/17xxx/CVE-2019-17571.json | 10 ++++++ 2019/18xxx/CVE-2019-18386.json | 65 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20354.json | 5 +++ 2019/6xxx/CVE-2019-6700.json | 58 ++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9465.json | 58 ++++++++++++++++++++++++++---- 2020/5xxx/CVE-2020-5307.json | 56 +++++++++++++++++++++++++---- 10 files changed, 397 insertions(+), 25 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16154.json create mode 100644 2019/18xxx/CVE-2019-18386.json diff --git a/2018/10xxx/CVE-2018-10465.json b/2018/10xxx/CVE-2018-10465.json index b6e13c4e549..dc4fc3f67a4 100644 --- a/2018/10xxx/CVE-2018-10465.json +++ b/2018/10xxx/CVE-2018-10465.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10465", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of account privileges or privilege sets. An authenticated Jamf Pro account without required privileges could be used to perform CRUD actions (GET, POST, PUT, DELETE) on UAPI endpoints, which could result in unauthorized information disclosure, compromised data integrity, and data loss. For a full listing of available UAPI endpoints and associated CRUD actions you can navigate to /uapi/doc in your instance of Jamf Pro." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.jamf.com/10.3.0/jamf-pro/release-notes/Bug_Fixes_and_Enhancements.html", + "url": "https://docs.jamf.com/10.3.0/jamf-pro/release-notes/Bug_Fixes_and_Enhancements.html" } ] } diff --git a/2019/10xxx/CVE-2019-10776.json b/2019/10xxx/CVE-2019-10776.json index 8e4446310ba..ff3f3527508 100644 --- a/2019/10xxx/CVE-2019-10776.json +++ b/2019/10xxx/CVE-2019-10776.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10776", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "git-diff-apply", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 0.22.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5", + "url": "https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5" + }, + { + "refsource": "CONFIRM", + "name": "https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,", + "url": "https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774," + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In \"index.js\" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2." } ] } diff --git a/2019/16xxx/CVE-2019-16154.json b/2019/16xxx/CVE-2019-16154.json new file mode 100644 index 00000000000..84202cf9b41 --- /dev/null +++ b/2019/16xxx/CVE-2019-16154.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16154", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiAuthenticator WEB UI", + "version": { + "version_data": [ + { + "version_value": "6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-104", + "url": "https://fortiguard.com/advisory/FG-IR-19-104" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17427.json b/2019/17xxx/CVE-2019-17427.json index 1113383c561..9e5bcd0835e 100644 --- a/2019/17xxx/CVE-2019-17427.json +++ b/2019/17xxx/CVE-2019-17427.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4200-1", "url": "https://usn.ubuntu.com/4200-1/" + }, + { + "refsource": "MISC", + "name": "https://github.com/RealLinkers/CVE-2019-17427", + "url": "https://github.com/RealLinkers/CVE-2019-17427" } ] } diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 0eacdf6bb77..466db6323b4 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -108,6 +108,16 @@ "refsource": "MLIST", "name": "[kafka-jira] 20200107 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571", "url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870@%3Cjira.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd@%3Cdev.zookeeper.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18386.json b/2019/18xxx/CVE-2019-18386.json new file mode 100644 index 00000000000..b29a631b300 --- /dev/null +++ b/2019/18xxx/CVE-2019-18386.json @@ -0,0 +1,65 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Systems management on Unisys Libra and Libra Software Series, with MCP-FIRMWARE through 2019-10-23, can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=53", + "url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=53" + } + ] + }, + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20354.json b/2019/20xxx/CVE-2019-20354.json index ced48c6255b..a3e361f5488 100644 --- a/2019/20xxx/CVE-2019-20354.json +++ b/2019/20xxx/CVE-2019-20354.json @@ -61,6 +61,11 @@ "url": "https://github.com/colloqi/piSignage/blob/master/RELEASE%20NOTES.md", "refsource": "MISC", "name": "https://github.com/colloqi/piSignage/blob/master/RELEASE%20NOTES.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155864/piSignage-2.6.4-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/155864/piSignage-2.6.4-Directory-Traversal.html" } ] } diff --git a/2019/6xxx/CVE-2019-6700.json b/2019/6xxx/CVE-2019-6700.json index bd54409df01..697db9759ae 100644 --- a/2019/6xxx/CVE-2019-6700.json +++ b/2019/6xxx/CVE-2019-6700.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6700", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6700", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "FortiSIEM 5.2.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-100", + "url": "https://fortiguard.com/advisory/FG-IR-19-100" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code." } ] } diff --git a/2019/9xxx/CVE-2019-9465.json b/2019/9xxx/CVE-2019-9465.json index 084035b7ff2..8bf5b0419b6 100644 --- a/2019/9xxx/CVE-2019-9465.json +++ b/2019/9xxx/CVE-2019-9465.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9465", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9465", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/pixel/2019-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2019-12-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003" } ] } diff --git a/2020/5xxx/CVE-2020-5307.json b/2020/5xxx/CVE-2020-5307.json index d7e986c6868..0431f7c7a6f 100644 --- a/2020/5xxx/CVE-2020-5307.json +++ b/2020/5xxx/CVE-2020-5307.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5307", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5307", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "47846", + "url": "https://www.exploit-db.com/exploits/47846" } ] }