From c6e90d91552ed92e05d9808e1f74c73b9f8c0159 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Nov 2019 17:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2012/1xxx/CVE-2012-1572.json | 55 ++++++++++++++++++++++++++-- 2018/6xxx/CVE-2018-6010.json | 12 +++++- 2019/17xxx/CVE-2019-17234.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17235.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17236.json | 67 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17237.json | 67 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18655.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18841.json | 5 +++ 2019/18xxx/CVE-2019-18924.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18925.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18926.json | 62 +++++++++++++++++++++++++++++++ 11 files changed, 584 insertions(+), 4 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17234.json create mode 100644 2019/17xxx/CVE-2019-17235.json create mode 100644 2019/17xxx/CVE-2019-17236.json create mode 100644 2019/17xxx/CVE-2019-17237.json create mode 100644 2019/18xxx/CVE-2019-18655.json create mode 100644 2019/18xxx/CVE-2019-18924.json create mode 100644 2019/18xxx/CVE-2019-18925.json create mode 100644 2019/18xxx/CVE-2019-18926.json diff --git a/2012/1xxx/CVE-2012-1572.json b/2012/1xxx/CVE-2012-1572.json index d63f6c69196..e3441df5bae 100644 --- a/2012/1xxx/CVE-2012-1572.json +++ b/2012/1xxx/CVE-2012-1572.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1572", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "keystone", + "product": { + "product_data": [ + { + "product_name": "Keystone", + "version": { + "version_data": [ + { + "version_value": "2014.1.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "extremely long passwords can crash Keystone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-1572", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-1572" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572" } ] } diff --git a/2018/6xxx/CVE-2018-6010.json b/2018/6xxx/CVE-2018-6010.json index a4bd9a3b4d4..680368114de 100644 --- a/2018/6xxx/CVE-2018-6010.json +++ b/2018/6xxx/CVE-2018-6010.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php." + "value": "In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php." } ] }, @@ -56,6 +56,16 @@ "name": "https://github.com/yiisoft/yii2/pull/15534", "refsource": "CONFIRM", "url": "https://github.com/yiisoft/yii2/pull/15534" + }, + { + "refsource": "MISC", + "name": "https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a", + "url": "https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a" + }, + { + "refsource": "MISC", + "name": "https://github.com/yiisoft/yii2/issues/14711", + "url": "https://github.com/yiisoft/yii2/issues/14711" } ] } diff --git a/2019/17xxx/CVE-2019-17234.json b/2019/17xxx/CVE-2019-17234.json new file mode 100644 index 00000000000..45b59597e6d --- /dev/null +++ b/2019/17xxx/CVE-2019-17234.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/igniteup/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/igniteup/#developers" + }, + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/", + "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17235.json b/2019/17xxx/CVE-2019-17235.json new file mode 100644 index 00000000000..868319513f4 --- /dev/null +++ b/2019/17xxx/CVE-2019-17235.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/igniteup/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/igniteup/#developers" + }, + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/", + "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17236.json b/2019/17xxx/CVE-2019-17236.json new file mode 100644 index 00000000000..455c7cc16b8 --- /dev/null +++ b/2019/17xxx/CVE-2019-17236.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/igniteup/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/igniteup/#developers" + }, + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/", + "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17237.json b/2019/17xxx/CVE-2019-17237.json new file mode 100644 index 00000000000..36596b611c4 --- /dev/null +++ b/2019/17xxx/CVE-2019-17237.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/igniteup/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/igniteup/#developers" + }, + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/", + "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18655.json b/2019/18xxx/CVE-2019-18655.json new file mode 100644 index 00000000000..f4392fa8ef0 --- /dev/null +++ b/2019/18xxx/CVE-2019-18655.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://0xhuesca.com/cve-2019-18655.html", + "url": "http://0xhuesca.com/cve-2019-18655.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18841.json b/2019/18xxx/CVE-2019-18841.json index cb4cfde3a71..338d76e0901 100644 --- a/2019/18xxx/CVE-2019-18841.json +++ b/2019/18xxx/CVE-2019-18841.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa", "url": "https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa" + }, + { + "refsource": "MISC", + "name": "https://github.com/ankane/chartkick.js/issues/117", + "url": "https://github.com/ankane/chartkick.js/issues/117" } ] } diff --git a/2019/18xxx/CVE-2019-18924.json b/2019/18xxx/CVE-2019-18924.json new file mode 100644 index 00000000000..9b6b343ccbe --- /dev/null +++ b/2019/18xxx/CVE-2019-18924.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vulnerabilities-cve/vulnerabilities", + "refsource": "MISC", + "name": "https://github.com/vulnerabilities-cve/vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18925.json b/2019/18xxx/CVE-2019-18925.json new file mode 100644 index 00000000000..4c10e35befc --- /dev/null +++ b/2019/18xxx/CVE-2019-18925.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vulnerabilities-cve/vulnerabilities", + "refsource": "MISC", + "name": "https://github.com/vulnerabilities-cve/vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18926.json b/2019/18xxx/CVE-2019-18926.json new file mode 100644 index 00000000000..ab767b258a0 --- /dev/null +++ b/2019/18xxx/CVE-2019-18926.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vulnerabilities-cve/vulnerabilities", + "refsource": "MISC", + "name": "https://github.com/vulnerabilities-cve/vulnerabilities" + } + ] + } +} \ No newline at end of file