diff --git a/2018/17xxx/CVE-2018-17198.json b/2018/17xxx/CVE-2018-17198.json index 8f1a9898643..83fe54b95e7 100644 --- a/2018/17xxx/CVE-2018-17198.json +++ b/2018/17xxx/CVE-2018-17198.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-17198", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17198", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Roller", + "version": { + "version_data": [ + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.0" + }, + { + "version_value": "earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E", + "url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: " } ] } diff --git a/2018/5xxx/CVE-2018-5995.json b/2018/5xxx/CVE-2018-5995.json index a63c9bb5425..66f0f0d8d08 100644 --- a/2018/5xxx/CVE-2018-5995.json +++ b/2018/5xxx/CVE-2018-5995.json @@ -61,6 +61,11 @@ "name": "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md", "refsource": "MISC", "url": "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] } diff --git a/2018/7xxx/CVE-2018-7832.json b/2018/7xxx/CVE-2018-7832.json index 54ec85e0cb9..00433bb5a59 100644 --- a/2018/7xxx/CVE-2018-7832.json +++ b/2018/7xxx/CVE-2018-7832.json @@ -61,6 +61,11 @@ "name": "106441", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106441" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01" } ] } diff --git a/2019/11xxx/CVE-2019-11190.json b/2019/11xxx/CVE-2019-11190.json index 23c34d3627c..64ac9ca2793 100644 --- a/2019/11xxx/CVE-2019-11190.json +++ b/2019/11xxx/CVE-2019-11190.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190415 Re: Linux kernel < 4.8 local generic ASLR - CVE-ID", "url": "http://www.openwall.com/lists/oss-security/2019/04/15/1" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] } diff --git a/2019/11xxx/CVE-2019-11486.json b/2019/11xxx/CVE-2019-11486.json index 38bdd74d2cd..a8c81978e74 100644 --- a/2019/11xxx/CVE-2019-11486.json +++ b/2019/11xxx/CVE-2019-11486.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1407", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] } diff --git a/2019/11xxx/CVE-2019-11599.json b/2019/11xxx/CVE-2019-11599.json index 3cf28e763a2..74693079c1b 100644 --- a/2019/11xxx/CVE-2019-11599.json +++ b/2019/11xxx/CVE-2019-11599.json @@ -116,6 +116,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190517-0002/", "url": "https://security.netapp.com/advisory/ntap-20190517-0002/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] } diff --git a/2019/3xxx/CVE-2019-3459.json b/2019/3xxx/CVE-2019-3459.json index a1d2376bece..1384c6c7b2f 100644 --- a/2019/3xxx/CVE-2019-3459.json +++ b/2019/3xxx/CVE-2019-3459.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3460.json b/2019/3xxx/CVE-2019-3460.json index d7798a0d380..7f960f3bc53 100644 --- a/2019/3xxx/CVE-2019-3460.json +++ b/2019/3xxx/CVE-2019-3460.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3882.json b/2019/3xxx/CVE-2019-3882.json index 63e85de5a06..96334dfbb5a 100644 --- a/2019/3xxx/CVE-2019-3882.json +++ b/2019/3xxx/CVE-2019-3882.json @@ -93,6 +93,11 @@ "refsource": "UBUNTU", "name": "USN-3980-2", "url": "https://usn.ubuntu.com/3980-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3901.json b/2019/3xxx/CVE-2019-3901.json index 0e84afd5c1b..875cd1831d3 100644 --- a/2019/3xxx/CVE-2019-3901.json +++ b/2019/3xxx/CVE-2019-3901.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190517-0005/", "url": "https://security.netapp.com/advisory/ntap-20190517-0005/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] }, diff --git a/2019/6xxx/CVE-2019-6133.json b/2019/6xxx/CVE-2019-6133.json index b598bb9fbd3..c81dc4a0d16 100644 --- a/2019/6xxx/CVE-2019-6133.json +++ b/2019/6xxx/CVE-2019-6133.json @@ -146,6 +146,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:0832", "url": "https://access.redhat.com/errata/RHSA-2019:0832" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" } ] } diff --git a/2019/9xxx/CVE-2019-9740.json b/2019/9xxx/CVE-2019-9740.json index 9d6811787f4..107ca2ce325 100644 --- a/2019/9xxx/CVE-2019-9740.json +++ b/2019/9xxx/CVE-2019-9740.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n followed by an HTTP header or a Redis command." + "value": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command." } ] }, diff --git a/2019/9xxx/CVE-2019-9792.json b/2019/9xxx/CVE-2019-9792.json index 14f68715555..645e9136a8f 100644 --- a/2019/9xxx/CVE-2019-9792.json +++ b/2019/9xxx/CVE-2019-9792.json @@ -31,6 +31,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1144", "url": "https://access.redhat.com/errata/RHSA-2019:1144" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html", + "url": "http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9949.json b/2019/9xxx/CVE-2019-9949.json index 0ed8df9e600..0fa10b3f78c 100644 --- a/2019/9xxx/CVE-2019-9949.json +++ b/2019/9xxx/CVE-2019-9949.json @@ -56,6 +56,16 @@ "refsource": "CONFIRM", "name": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20-2019/237717", "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20-2019/237717" + }, + { + "refsource": "MISC", + "name": "https://bnbdr.github.io/posts/wd/", + "url": "https://bnbdr.github.io/posts/wd/" + }, + { + "refsource": "MISC", + "name": "https://github.com/bnbdr/wd-rce/", + "url": "https://github.com/bnbdr/wd-rce/" } ] } diff --git a/2019/9xxx/CVE-2019-9950.json b/2019/9xxx/CVE-2019-9950.json index 241d4c81073..b2e8ff4edd5 100644 --- a/2019/9xxx/CVE-2019-9950.json +++ b/2019/9xxx/CVE-2019-9950.json @@ -61,6 +61,16 @@ "refsource": "CONFIRM", "name": "https://support.wdc.com/downloads.aspx?g=2702&lang=en", "url": "https://support.wdc.com/downloads.aspx?g=2702&lang=en" + }, + { + "refsource": "MISC", + "name": "https://bnbdr.github.io/posts/wd/", + "url": "https://bnbdr.github.io/posts/wd/" + }, + { + "refsource": "MISC", + "name": "https://github.com/bnbdr/wd-rce/", + "url": "https://github.com/bnbdr/wd-rce/" } ] } diff --git a/2019/9xxx/CVE-2019-9951.json b/2019/9xxx/CVE-2019-9951.json index e20ef6dd5f8..9b9a749e176 100644 --- a/2019/9xxx/CVE-2019-9951.json +++ b/2019/9xxx/CVE-2019-9951.json @@ -61,6 +61,16 @@ "refsource": "CONFIRM", "name": "https://support.wdc.com/downloads.aspx?g=2702&lang=en", "url": "https://support.wdc.com/downloads.aspx?g=2702&lang=en" + }, + { + "refsource": "MISC", + "name": "https://bnbdr.github.io/posts/wd/", + "url": "https://bnbdr.github.io/posts/wd/" + }, + { + "refsource": "MISC", + "name": "https://github.com/bnbdr/wd-rce/", + "url": "https://github.com/bnbdr/wd-rce/" } ] }