From b831eafec7b6d3bb479154844cb60057f67f39ab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 11 Apr 2019 20:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/19xxx/CVE-2018-19202.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19300.json | 7 +++- 2018/1xxx/CVE-2018-1320.json | 5 +++ 2019/11xxx/CVE-2019-11188.json | 18 ++++++++++ 2019/11xxx/CVE-2019-11189.json | 18 ++++++++++ 2019/5xxx/CVE-2019-5672.json | 2 +- 2019/5xxx/CVE-2019-5673.json | 2 +- 2019/6xxx/CVE-2019-6493.json | 53 ++++++++++++++++++++++++++-- 2019/6xxx/CVE-2019-6796.json | 63 ++++++++++++++++++++++++++++++++-- 2019/7xxx/CVE-2019-7644.json | 48 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9056.json | 53 ++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9628.json | 63 ++++++++++++++++++++++++++++++++-- 12 files changed, 370 insertions(+), 15 deletions(-) create mode 100644 2019/11xxx/CVE-2019-11188.json create mode 100644 2019/11xxx/CVE-2019-11189.json diff --git a/2018/19xxx/CVE-2018-19202.json b/2018/19xxx/CVE-2018-19202.json index 6615e9e05c9..38b97ffaf03 100644 --- a/2018/19xxx/CVE-2018-19202.json +++ b/2018/19xxx/CVE-2018-19202.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.mybb.com/", + "url": "https://blog.mybb.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://mybb.com/versions/1.8.20/", + "url": "https://mybb.com/versions/1.8.20/" } ] } diff --git a/2018/19xxx/CVE-2018-19300.json b/2018/19xxx/CVE-2018-19300.json index 0abdfe91413..61ccb7e6aaf 100644 --- a/2018/19xxx/CVE-2018-19300.json +++ b/2018/19xxx/CVE-2018-19300.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "On D-Link DAP-1530 (All A revisions) before firmware version 1.06b01, DAP-1610 (All A revisions) before firmware version 1.06b01, DWR-111 (All A revisions) before firmware version 1.02v02, DWR-116 (All A revisions) before firmware version 1.06b03, DWR-512 (All B revisions) before firmware version 2.02b01, DWR-711 (All A revisions) through firmware version 1.11, DWR-712 (All B revisions) before firmware version 2.04b01, DWR-921 (All A revisions) before firmware version 1.02b01, and DWR-921 (All B revisions) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well." + "value": "On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well." } ] }, @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://eu.dlink.com/de/de/support/support-news/2019/march/19/remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers", "url": "https://eu.dlink.com/de/de/support/support-news/2019/march/19/remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers" + }, + { + "refsource": "MISC", + "name": "https://www.greenbone.net/en/serious-vulnerability-discovered-in-d-link-routers/", + "url": "https://www.greenbone.net/en/serious-vulnerability-discovered-in-d-link-routers/" } ] } diff --git a/2018/1xxx/CVE-2018-1320.json b/2018/1xxx/CVE-2018-1320.json index 38fe67fcae7..bb5f9fea659 100644 --- a/2018/1xxx/CVE-2018-1320.json +++ b/2018/1xxx/CVE-2018-1320.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[infra-devnull] 20190324 [GitHub] [thrift] luciferous opened pull request #1771: THRIFT-4506: fix use of assert for correctness in Java SASL negotiation", "url": "https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9@%3Cdevnull.infra.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K36361684", + "url": "https://support.f5.com/csp/article/K36361684" } ] } diff --git a/2019/11xxx/CVE-2019-11188.json b/2019/11xxx/CVE-2019-11188.json new file mode 100644 index 00000000000..5fac170f200 --- /dev/null +++ b/2019/11xxx/CVE-2019-11188.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11188", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11189.json b/2019/11xxx/CVE-2019-11189.json new file mode 100644 index 00000000000..44d242e7afe --- /dev/null +++ b/2019/11xxx/CVE-2019-11189.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11189", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5672.json b/2019/5xxx/CVE-2019-5672.json index 5806570b1c8..ef1fab6b0fe 100644 --- a/2019/5xxx/CVE-2019-5672.json +++ b/2019/5xxx/CVE-2019-5672.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "NVIDIA Linux for Tegra (L4T) contains a vulnerability where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3." + "value": "NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3." } ] } diff --git a/2019/5xxx/CVE-2019-5673.json b/2019/5xxx/CVE-2019-5673.json index d0f06ce0d1b..c9ac8bff62b 100644 --- a/2019/5xxx/CVE-2019-5673.json +++ b/2019/5xxx/CVE-2019-5673.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "NVIDIA Tegra kernel driver contains a vulnerability in the ARM System Memory Management Unit (SMMU) where an improper check for a fault condition causes transactions to be discarded, which may lead to denial of service. The updates apply to all versions prior to and including R28.3." + "value": "NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service. The updates apply to all versions prior to and including R28.3." } ] } diff --git a/2019/6xxx/CVE-2019-6493.json b/2019/6xxx/CVE-2019-6493.json index 7218d9e5949..79ba603ceee 100644 --- a/2019/6xxx/CVE-2019-6493.json +++ b/2019/6xxx/CVE-2019-6493.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6493", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a \"big\" pool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://downwithup.github.io/CVEPosts.html", + "refsource": "MISC", + "name": "https://downwithup.github.io/CVEPosts.html" + }, + { + "url": "https://www.iobit.com/en/iobitsmartdefrag.php", + "refsource": "MISC", + "name": "https://www.iobit.com/en/iobitsmartdefrag.php" } ] } diff --git a/2019/6xxx/CVE-2019-6796.json b/2019/6xxx/CVE-2019-6796.json index 95c372e937f..5cc233b3f51 100644 --- a/2019/6xxx/CVE-2019-6796.json +++ b/2019/6xxx/CVE-2019-6796.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6796", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/" + }, + { + "url": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57112", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57112" } ] } diff --git a/2019/7xxx/CVE-2019-7644.json b/2019/7xxx/CVE-2019-7644.json index b768bd3a934..5f0b1238f5e 100644 --- a/2019/7xxx/CVE-2019-7644.json +++ b/2019/7xxx/CVE-2019-7644.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7644", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://auth0.com/docs/security/bulletins/cve-2019-7644", + "refsource": "MISC", + "name": "https://auth0.com/docs/security/bulletins/cve-2019-7644" } ] } diff --git a/2019/9xxx/CVE-2019-9056.json b/2019/9xxx/CVE-2019-9056.json index a69580f31aa..a1d68ccbb72 100644 --- a/2019/9xxx/CVE-2019-9056.json +++ b/2019/9xxx/CVE-2019-9056.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9056", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum", + "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum" + }, + { + "refsource": "CONFIRM", + "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", + "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" } ] } diff --git a/2019/9xxx/CVE-2019-9628.json b/2019/9xxx/CVE-2019-9628.json index f61fb7547d3..26a1c87aa22 100644 --- a/2019/9xxx/CVE-2019-9628.json +++ b/2019/9xxx/CVE-2019-9628.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9628", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shibboleth.net/community/advisories/secadv_20190311.txt", + "refsource": "MISC", + "name": "https://shibboleth.net/community/advisories/secadv_20190311.txt" + }, + { + "refsource": "UBUNTU", + "name": "USN-3921-1", + "url": "https://usn.ubuntu.com/3921-1/" + }, + { + "refsource": "MISC", + "name": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories", + "url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912", + "url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912" } ] }