From cd334595af5899daf0a0d038f37bb2f93f839b4e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 8 May 2019 16:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20836.json | 5 +++ 2018/8xxx/CVE-2018-8035.json | 5 +++ 2019/11xxx/CVE-2019-11561.json | 56 +++++++++++++++++++++++++--- 2019/11xxx/CVE-2019-11564.json | 61 ++++++++++++++++++++++++++++--- 2019/11xxx/CVE-2019-11642.json | 61 ++++++++++++++++++++++++++++--- 2019/11xxx/CVE-2019-11643.json | 61 ++++++++++++++++++++++++++++--- 2019/11xxx/CVE-2019-11817.json | 18 +++++++++ 2019/11xxx/CVE-2019-11818.json | 67 ++++++++++++++++++++++++++++++++++ 2019/11xxx/CVE-2019-11819.json | 67 ++++++++++++++++++++++++++++++++++ 2019/4xxx/CVE-2019-4258.json | 5 +++ 2019/6xxx/CVE-2019-6615.json | 5 +++ 2019/6xxx/CVE-2019-6619.json | 5 +++ 12 files changed, 392 insertions(+), 24 deletions(-) create mode 100644 2019/11xxx/CVE-2019-11817.json create mode 100644 2019/11xxx/CVE-2019-11818.json create mode 100644 2019/11xxx/CVE-2019-11819.json diff --git a/2018/20xxx/CVE-2018-20836.json b/2018/20xxx/CVE-2018-20836.json index d1c129f9f7d..98466326fda 100644 --- a/2018/20xxx/CVE-2018-20836.json +++ b/2018/20xxx/CVE-2018-20836.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae" + }, + { + "refsource": "BID", + "name": "108196", + "url": "http://www.securityfocus.com/bid/108196" } ] } diff --git a/2018/8xxx/CVE-2018-8035.json b/2018/8xxx/CVE-2018-8035.json index d59e8904dca..86553881978 100644 --- a/2018/8xxx/CVE-2018-8035.json +++ b/2018/8xxx/CVE-2018-8035.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://uima.apache.org/security_report", "url": "https://uima.apache.org/security_report" + }, + { + "refsource": "BID", + "name": "108195", + "url": "http://www.securityfocus.com/bid/108195" } ] }, diff --git a/2019/11xxx/CVE-2019-11561.json b/2019/11xxx/CVE-2019-11561.json index f737b5182b5..0e83e82e7c9 100644 --- a/2019/11xxx/CVE-2019-11561.json +++ b/2019/11xxx/CVE-2019-11561.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11561", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11561", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2019-11561", + "refsource": "MISC", + "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2019-11561" } ] } diff --git a/2019/11xxx/CVE-2019-11564.json b/2019/11xxx/CVE-2019-11564.json index 83ccf88fc8c..98aeec44703 100644 --- a/2019/11xxx/CVE-2019-11564.json +++ b/2019/11xxx/CVE-2019-11564.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11564", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11564", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://humhub.org/en/news", + "refsource": "MISC", + "name": "https://humhub.org/en/news" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46771/", + "url": "https://www.exploit-db.com/exploits/46771/" } ] } diff --git a/2019/11xxx/CVE-2019-11642.json b/2019/11xxx/CVE-2019-11642.json index e1c37d1a740..00f3343bc46 100644 --- a/2019/11xxx/CVE-2019-11642.json +++ b/2019/11xxx/CVE-2019-11642.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11642", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11642", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/", + "refsource": "MISC", + "name": "https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/May/1", + "url": "http://seclists.org/fulldisclosure/2019/May/1" } ] } diff --git a/2019/11xxx/CVE-2019-11643.json b/2019/11xxx/CVE-2019-11643.json index a78489316df..7f921f9b17e 100644 --- a/2019/11xxx/CVE-2019-11643.json +++ b/2019/11xxx/CVE-2019-11643.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11643", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11643", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated and unauthenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/", + "refsource": "MISC", + "name": "https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/May/2", + "url": "http://seclists.org/fulldisclosure/2019/May/2" } ] } diff --git a/2019/11xxx/CVE-2019-11817.json b/2019/11xxx/CVE-2019-11817.json new file mode 100644 index 00000000000..5f8ffeb92df --- /dev/null +++ b/2019/11xxx/CVE-2019-11817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11818.json b/2019/11xxx/CVE-2019-11818.json new file mode 100644 index 00000000000..34a8ad29143 --- /dev/null +++ b/2019/11xxx/CVE-2019-11818.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alkacon/opencms-core/issues/635", + "refsource": "MISC", + "name": "https://github.com/alkacon/opencms-core/issues/635" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2019/04/30/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/04/30/3" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11819.json b/2019/11xxx/CVE-2019-11819.json new file mode 100644 index 00000000000..f124c209cb1 --- /dev/null +++ b/2019/11xxx/CVE-2019-11819.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alkacon/opencms-core/issues/636", + "refsource": "MISC", + "name": "https://github.com/alkacon/opencms-core/issues/636" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2019/05/05/2", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/05/05/2" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4258.json b/2019/4xxx/CVE-2019-4258.json index 6b9e328826f..a87c4cfb745 100644 --- a/2019/4xxx/CVE-2019-4258.json +++ b/2019/4xxx/CVE-2019-4258.json @@ -25,6 +25,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159946", "refsource": "XF", "name": "ibm-sterling-cve20194258-xss (159946)" + }, + { + "refsource": "BID", + "name": "108188", + "url": "http://www.securityfocus.com/bid/108188" } ] }, diff --git a/2019/6xxx/CVE-2019-6615.json b/2019/6xxx/CVE-2019-6615.json index 793ad2e7100..7dd95966897 100644 --- a/2019/6xxx/CVE-2019-6615.json +++ b/2019/6xxx/CVE-2019-6615.json @@ -60,6 +60,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K87659521", "url": "https://support.f5.com/csp/article/K87659521" + }, + { + "refsource": "BID", + "name": "108189", + "url": "http://www.securityfocus.com/bid/108189" } ] }, diff --git a/2019/6xxx/CVE-2019-6619.json b/2019/6xxx/CVE-2019-6619.json index 502a2da28b5..6af9b5a3d99 100644 --- a/2019/6xxx/CVE-2019-6619.json +++ b/2019/6xxx/CVE-2019-6619.json @@ -54,6 +54,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K94563344", "url": "https://support.f5.com/csp/article/K94563344" + }, + { + "refsource": "BID", + "name": "108190", + "url": "http://www.securityfocus.com/bid/108190" } ] },