From c402e3d5d7c7bed028ccccda3c0a921c69e3f1ef Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 May 2019 20:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/8xxx/CVE-2018-8812.json | 58 ++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11000.json | 61 ++++++++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11059.json | 61 ++++++++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11066.json | 56 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5495.json | 58 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5496.json | 58 ++++++++++++++++++++++++++++---- 6 files changed, 318 insertions(+), 34 deletions(-) diff --git a/2018/8xxx/CVE-2018-8812.json b/2018/8xxx/CVE-2018-8812.json index dfe533a0c0a..100460e7701 100644 --- a/2018/8xxx/CVE-2018-8812.json +++ b/2018/8xxx/CVE-2018-8812.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-8812", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious user capable of intercepting the HTTP request would be able to modify folder and filename parameters in order to get access to any file on the underlying operating system, as demonstrated by a folder=/etc/&filename=passwd query string. Additionally it could cause a DoS, as this functions also implements file deletion after downloading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://avaya.com", + "refsource": "MISC", + "name": "http://avaya.com" + }, + { + "url": "http://one-x.com", + "refsource": "MISC", + "name": "http://one-x.com" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html", + "url": "https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html" } ] } diff --git a/2019/11xxx/CVE-2019-11000.json b/2019/11xxx/CVE-2019-11000.json index 963e144ee96..2a462b2117d 100644 --- a/2019/11xxx/CVE-2019-11000.json +++ b/2019/11xxx/CVE-2019-11000.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11000", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11000", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/", + "url": "https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/" } ] } diff --git a/2019/11xxx/CVE-2019-11059.json b/2019/11xxx/CVE-2019-11059.json index e770561895f..e21da479dbc 100644 --- a/2019/11xxx/CVE-2019-11059.json +++ b/2019/11xxx/CVE-2019-11059.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11059", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/u-boot/u-boot/commits/master", + "refsource": "MISC", + "name": "https://github.com/u-boot/u-boot/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://git.denx.de/?p=u-boot.git;a=commit;h=febbc583319b567fe3d83e521cc2ace9be8d1501", + "url": "https://git.denx.de/?p=u-boot.git;a=commit;h=febbc583319b567fe3d83e521cc2ace9be8d1501" } ] } diff --git a/2019/11xxx/CVE-2019-11066.json b/2019/11xxx/CVE-2019-11066.json index a0cbbf89c22..62439713d58 100644 --- a/2019/11xxx/CVE-2019-11066.json +++ b/2019/11xxx/CVE-2019-11066.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11066", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11066", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://marc.info/?l=openid-security&m=155477050605610&w=2", + "refsource": "MISC", + "name": "https://marc.info/?l=openid-security&m=155477050605610&w=2" } ] } diff --git a/2019/5xxx/CVE-2019-5495.json b/2019/5xxx/CVE-2019-5495.json index 29e35e0213a..c28279612bd 100644 --- a/2019/5xxx/CVE-2019-5495.json +++ b/2019/5xxx/CVE-2019-5495.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5495", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5495", + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetApp", + "product": { + "product_data": [ + { + "product_name": "OnCommand Unified Manager for VMware vSphere,Linux and Windows 7.2 and above", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190509-0007/", + "url": "https://security.netapp.com/advisory/ntap-20190509-0007/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Oncommand Unified Manager for VMware vSphere,Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors." } ] } diff --git a/2019/5xxx/CVE-2019-5496.json b/2019/5xxx/CVE-2019-5496.json index fe0f5e5c9cf..b402f3ea6d5 100644 --- a/2019/5xxx/CVE-2019-5496.json +++ b/2019/5xxx/CVE-2019-5496.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5496", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5496", + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetApp", + "product": { + "product_data": [ + { + "product_name": "OnCommand Insight", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 7.3.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190509-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190509-0005/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors." } ] }