From b9c21bc89ef9b52d92386de2943191a2e05664f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Nov 2019 19:01:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2010/4xxx/CVE-2010-4533.json | 70 ++++++++++++++++++++++++++++++++-- 2013/3xxx/CVE-2013-3517.json | 53 ++++++++++++++++++++++++- 2018/14xxx/CVE-2018-14498.json | 5 +++ 2018/19xxx/CVE-2018-19664.json | 5 +++ 2018/20xxx/CVE-2018-20330.json | 5 +++ 2019/16xxx/CVE-2019-16950.json | 62 ++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16951.json | 62 ++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18396.json | 5 +++ 2019/2xxx/CVE-2019-2201.json | 5 +++ 2019/9xxx/CVE-2019-9055.json | 5 +++ 10 files changed, 272 insertions(+), 5 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16950.json create mode 100644 2019/16xxx/CVE-2019-16951.json diff --git a/2010/4xxx/CVE-2010-4533.json b/2010/4xxx/CVE-2010-4533.json index a95b48c2538..5e57e49a7d9 100644 --- a/2010/4xxx/CVE-2010-4533.json +++ b/2010/4xxx/CVE-2010-4533.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4533", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "offlineimap", + "product": { + "product_data": [ + { + "product_name": "offlineimap", + "version": { + "version_data": [ + { + "version_value": "before 6.3.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4533", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4533" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4533", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4533" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4533", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4533" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2010/12/23/2", + "url": "https://www.openwall.com/lists/oss-security/2010/12/23/2" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606962", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606962" } ] } diff --git a/2013/3xxx/CVE-2013-3517.json b/2013/3xxx/CVE-2013-3517.json index b3e478eb300..461dcdc00bb 100644 --- a/2013/3xxx/CVE-2013-3517.json +++ b/2013/3xxx/CVE-2013-3517.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3517", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" } ] } diff --git a/2018/14xxx/CVE-2018-14498.json b/2018/14xxx/CVE-2018-14498.json index 94cd198fbbb..d5cf80114aa 100644 --- a/2018/14xxx/CVE-2018-14498.json +++ b/2018/14xxx/CVE-2018-14498.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3705", "url": "https://access.redhat.com/errata/RHSA-2019:3705" + }, + { + "refsource": "UBUNTU", + "name": "USN-4190-1", + "url": "https://usn.ubuntu.com/4190-1/" } ] } diff --git a/2018/19xxx/CVE-2018-19664.json b/2018/19xxx/CVE-2018-19664.json index 64e2f8a2f62..4b6a185e8b5 100644 --- a/2018/19xxx/CVE-2018-19664.json +++ b/2018/19xxx/CVE-2018-19664.json @@ -56,6 +56,11 @@ "name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305", "refsource": "MISC", "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305" + }, + { + "refsource": "UBUNTU", + "name": "USN-4190-1", + "url": "https://usn.ubuntu.com/4190-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20330.json b/2018/20xxx/CVE-2018-20330.json index 62e0404529a..a782396b105 100644 --- a/2018/20xxx/CVE-2018-20330.json +++ b/2018/20xxx/CVE-2018-20330.json @@ -56,6 +56,11 @@ "name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304", "refsource": "MISC", "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304" + }, + { + "refsource": "UBUNTU", + "name": "USN-4190-1", + "url": "https://usn.ubuntu.com/4190-1/" } ] } diff --git a/2019/16xxx/CVE-2019-16950.json b/2019/16xxx/CVE-2019-16950.json new file mode 100644 index 00000000000..ca47e58d94e --- /dev/null +++ b/2019/16xxx/CVE-2019-16950.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/", + "url": "https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16951.json b/2019/16xxx/CVE-2019-16951.json new file mode 100644 index 00000000000..7539f32472a --- /dev/null +++ b/2019/16xxx/CVE-2019-16951.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/", + "url": "https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18396.json b/2019/18xxx/CVE-2019-18396.json index 37aca4def27..7cb93ae10be 100644 --- a/2019/18xxx/CVE-2019-18396.json +++ b/2019/18xxx/CVE-2019-18396.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://medium.com/@c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052", "url": "https://medium.com/@c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155296/Technicolor-TD5130.2-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/155296/Technicolor-TD5130.2-Remote-Command-Execution.html" } ] } diff --git a/2019/2xxx/CVE-2019-2201.json b/2019/2xxx/CVE-2019-2201.json index 802ece63b4f..ceedbb049a7 100644 --- a/2019/2xxx/CVE-2019-2201.json +++ b/2019/2xxx/CVE-2019-2201.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2019-11-01", "url": "https://source.android.com/security/bulletin/2019-11-01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4190-1", + "url": "https://usn.ubuntu.com/4190-1/" } ] }, diff --git a/2019/9xxx/CVE-2019-9055.json b/2019/9xxx/CVE-2019-9055.json index d2994dc701b..211e9891999 100644 --- a/2019/9xxx/CVE-2019-9055.json +++ b/2019/9xxx/CVE-2019-9055.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155322/CMS-Made-Simple-2.2.8-Remote-Code-Execution.html" } ] }