diff --git a/2013/3xxx/CVE-2013-3311.json b/2013/3xxx/CVE-2013-3311.json index b249f47a0a3..cde9675cec9 100644 --- a/2013/3xxx/CVE-2013-3311.json +++ b/2013/3xxx/CVE-2013-3311.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3311", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera", + "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27878", + "url": "http://www.exploit-db.com/exploits/27878" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61970", + "url": "http://www.securityfocus.com/bid/61970" } ] } diff --git a/2013/3xxx/CVE-2013-3312.json b/2013/3xxx/CVE-2013-3312.json index eaf4bd18233..ed6f41dc8a2 100644 --- a/2013/3xxx/CVE-2013-3312.json +++ b/2013/3xxx/CVE-2013-3312.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3312", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera", + "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/27878", + "url": "https://www.exploit-db.com/exploits/27878" } ] } diff --git a/2013/3xxx/CVE-2013-3313.json b/2013/3xxx/CVE-2013-3313.json index fcc26cbc5ba..89bcf248cee 100644 --- a/2013/3xxx/CVE-2013-3313.json +++ b/2013/3xxx/CVE-2013-3313.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3313", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera", + "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61971", + "url": "http://www.securityfocus.com/bid/61971" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/27878", + "url": "https://www.exploit-db.com/exploits/27878" } ] } diff --git a/2013/3xxx/CVE-2013-3314.json b/2013/3xxx/CVE-2013-3314.json index 73681afb094..33992701877 100644 --- a/2013/3xxx/CVE-2013-3314.json +++ b/2013/3xxx/CVE-2013-3314.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3314", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera", + "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27878", + "url": "http://www.exploit-db.com/exploits/27878" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61969", + "url": "http://www.securityfocus.com/bid/61969" } ] } diff --git a/2015/2xxx/CVE-2015-2793.json b/2015/2xxx/CVE-2015-2793.json index 272e315ba56..18923871a8e 100644 --- a/2015/2xxx/CVE-2015-2793.json +++ b/2015/2xxx/CVE-2015-2793.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2793", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,91 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ikiwiki", + "product": { + "product_data": [ + { + "product_name": "ikiwiki", + "version": { + "version_data": [ + { + "version_value": "before 3.20150329" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html" + }, + { + "refsource": "MISC", + "name": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/", + "url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210" + }, + { + "refsource": "MISC", + "name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77", + "url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/03/30/5", + "url": "http://openwall.com/lists/oss-security/2015/03/30/5" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/03/31/1", + "url": "http://openwall.com/lists/oss-security/2015/03/31/1" } ] } diff --git a/2019/19xxx/CVE-2019-19033.json b/2019/19xxx/CVE-2019-19033.json index 5546a59c24d..39758b38876 100644 --- a/2019/19xxx/CVE-2019-19033.json +++ b/2019/19xxx/CVE-2019-19033.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://twitter.com/ricardojoserf", - "refsource": "MISC", - "name": "https://twitter.com/ricardojoserf" - }, - { - "url": "https://github.com/ricardojoserf", - "refsource": "MISC", - "name": "https://github.com/ricardojoserf" - }, { "url": "https://community.jalios.com/jcms/frt_74021/en/blog-jalios-community", "refsource": "MISC", diff --git a/2019/19xxx/CVE-2019-19198.json b/2019/19xxx/CVE-2019-19198.json new file mode 100644 index 00000000000..888b633445b --- /dev/null +++ b/2019/19xxx/CVE-2019-19198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19199.json b/2019/19xxx/CVE-2019-19199.json new file mode 100644 index 00000000000..df85b21b546 --- /dev/null +++ b/2019/19xxx/CVE-2019-19199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19200.json b/2019/19xxx/CVE-2019-19200.json new file mode 100644 index 00000000000..4131048fd1b --- /dev/null +++ b/2019/19xxx/CVE-2019-19200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19201.json b/2019/19xxx/CVE-2019-19201.json new file mode 100644 index 00000000000..e8ab585ea0e --- /dev/null +++ b/2019/19xxx/CVE-2019-19201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19202.json b/2019/19xxx/CVE-2019-19202.json new file mode 100644 index 00000000000..99477a5e597 --- /dev/null +++ b/2019/19xxx/CVE-2019-19202.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://code.vtiger.com/vtiger/vtigercrm/issues/1126", + "refsource": "MISC", + "name": "https://code.vtiger.com/vtiger/vtigercrm/issues/1126" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5637.json b/2019/5xxx/CVE-2019-5637.json index ae55b0aa201..653070c382a 100644 --- a/2019/5xxx/CVE-2019-5637.json +++ b/2019/5xxx/CVE-2019-5637.json @@ -93,15 +93,15 @@ }, "references": { "reference_data": [ - { - "name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf", - "refsource": "CONFIRM", - "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf" - }, { "name": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/", "refsource": "MISC", "url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/" + }, + { + "name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf", + "refsource": "CONFIRM", + "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf" } ] }, @@ -109,4 +109,4 @@ "advisory": "R7-2019-32", "discovery": "EXTERNAL" } -} +} \ No newline at end of file