From c7d8fd288197c0926f7688d15627103529c6e3e2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Feb 2019 17:07:55 -0500 Subject: [PATCH] - Synchronized data. --- 2018/1xxx/CVE-2018-1296.json | 2 + 2018/1xxx/CVE-2018-1340.json | 2 + 2019/1xxx/CVE-2019-1660.json | 166 +++++++++++++++--------------- 2019/1xxx/CVE-2019-1661.json | 166 +++++++++++++++--------------- 2019/1xxx/CVE-2019-1670.json | 166 +++++++++++++++--------------- 2019/1xxx/CVE-2019-1671.json | 190 +++++++++++++++++------------------ 6 files changed, 348 insertions(+), 344 deletions(-) diff --git a/2018/1xxx/CVE-2018-1296.json b/2018/1xxx/CVE-2018-1296.json index 8ec89c5ee12..629368e704c 100644 --- a/2018/1xxx/CVE-2018-1296.json +++ b/2018/1xxx/CVE-2018-1296.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E", + "refsource" : "MISC", "url" : "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E" } ] diff --git a/2018/1xxx/CVE-2018-1340.json b/2018/1xxx/CVE-2018-1340.json index b6be2f6856b..884982a87e0 100644 --- a/2018/1xxx/CVE-2018-1340.json +++ b/2018/1xxx/CVE-2018-1340.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E", + "refsource" : "MISC", "url" : "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E" } ] diff --git a/2019/1xxx/CVE-2019-1660.json b/2019/1xxx/CVE-2019-1660.json index 9cc75264043..a0516e90cf8 100644 --- a/2019/1xxx/CVE-2019-1660.json +++ b/2019/1xxx/CVE-2019-1660.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-06T16:00:00-0800", - "ID": "CVE-2019-1660", - "STATE": "PUBLIC", - "TITLE": "Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco TelePresence Management Suite (TMS) ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-06T16:00:00-0800", + "ID" : "CVE-2019-1660", + "STATE" : "PUBLIC", + "TITLE" : "Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco TelePresence Management Suite (TMS) ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "5.3", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-284" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190206 Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-soap" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190206-tms-soap", - "defect": [ - [ - "CSCvj25332" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190206 Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-soap" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190206-tms-soap", + "defect" : [ + [ + "CSCvj25332" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1661.json b/2019/1xxx/CVE-2019-1661.json index 2c49127de0e..4c779051a3b 100644 --- a/2019/1xxx/CVE-2019-1661.json +++ b/2019/1xxx/CVE-2019-1661.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-06T16:00:00-0800", - "ID": "CVE-2019-1661", - "STATE": "PUBLIC", - "TITLE": "Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco TelePresence Management Suite (TMS) ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-06T16:00:00-0800", + "ID" : "CVE-2019-1661", + "STATE" : "PUBLIC", + "TITLE" : "Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco TelePresence Management Suite (TMS) ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "6.1", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "6.1", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190206 Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-xss" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190206-tms-xss", - "defect": [ - [ - "CSCvj25304" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190206 Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-xss" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190206-tms-xss", + "defect" : [ + [ + "CSCvj25304" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1670.json b/2019/1xxx/CVE-2019-1670.json index 474b497da2c..aec25a368d5 100644 --- a/2019/1xxx/CVE-2019-1670.json +++ b/2019/1xxx/CVE-2019-1670.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-06T16:00:00-0800", - "ID": "CVE-2019-1670", - "STATE": "PUBLIC", - "TITLE": "Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Unified Contact Center Express ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-06T16:00:00-0800", + "ID" : "CVE-2019-1670", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Unified Contact Center Express ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "6.1", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "6.1", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190206 Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190206-cuic-xss", - "defect": [ - [ - "CSCvm29190" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190206 Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190206-cuic-xss", + "defect" : [ + [ + "CSCvm29190" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1671.json b/2019/1xxx/CVE-2019-1671.json index e731f50f57f..558add1a9ea 100644 --- a/2019/1xxx/CVE-2019-1671.json +++ b/2019/1xxx/CVE-2019-1671.json @@ -1,98 +1,98 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-06T16:00:00-0800", - "ID": "CVE-2019-1671", - "STATE": "PUBLIC", - "TITLE": "Cisco Firepower Management Center Cross-Site Scripting Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Firepower Management Center ", - "version": { - "version_data": [ - { - "version_value": "6.0" - }, - { - "version_value": "6.1" - }, - { - "version_value": "6.2" - }, - { - "version_value": "6.3" - }, - { - "version_value": "6.4" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-06T16:00:00-0800", + "ID" : "CVE-2019-1671", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Firepower Management Center Cross-Site Scripting Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Firepower Management Center ", + "version" : { + "version_data" : [ + { + "version_value" : "6.0" + }, + { + "version_value" : "6.1" + }, + { + "version_value" : "6.2" + }, + { + "version_value" : "6.3" + }, + { + "version_value" : "6.4" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "6.1", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "6.1", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190206 Cisco Firepower Management Center Cross-Site Scripting Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-fmc-xss" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190206-fmc-xss", - "defect": [ - [ - "CSCvn05797" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190206 Cisco Firepower Management Center Cross-Site Scripting Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-fmc-xss" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190206-fmc-xss", + "defect" : [ + [ + "CSCvn05797" + ] + ], + "discovery" : "INTERNAL" + } }