diff --git a/2016/3xxx/CVE-2016-3189.json b/2016/3xxx/CVE-2016-3189.json index 3a75cba49fd..a606bfa892b 100644 --- a/2016/3xxx/CVE-2016-3189.json +++ b/2016/3xxx/CVE-2016-3189.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4038-2", + "url": "https://usn.ubuntu.com/4038-2/" } ] } diff --git a/2017/5xxx/CVE-2017-5715.json b/2017/5xxx/CVE-2017-5715.json index 97843875d7b..a0244a6b4ec 100644 --- a/2017/5xxx/CVE-2017-5715.json +++ b/2017/5xxx/CVE-2017-5715.json @@ -482,6 +482,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] } diff --git a/2017/5xxx/CVE-2017-5753.json b/2017/5xxx/CVE-2017-5753.json index 0343051d9c1..353bee4e489 100644 --- a/2017/5xxx/CVE-2017-5753.json +++ b/2017/5xxx/CVE-2017-5753.json @@ -372,6 +372,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] } diff --git a/2017/5xxx/CVE-2017-5754.json b/2017/5xxx/CVE-2017-5754.json index 2e944a10773..3a524f0555f 100644 --- a/2017/5xxx/CVE-2017-5754.json +++ b/2017/5xxx/CVE-2017-5754.json @@ -367,6 +367,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] } diff --git a/2018/10xxx/CVE-2018-10300.json b/2018/10xxx/CVE-2018-10300.json index 154b7b544fd..4b1fd701622 100644 --- a/2018/10xxx/CVE-2018-10300.json +++ b/2018/10xxx/CVE-2018-10300.json @@ -56,6 +56,11 @@ "name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", "refsource": "MISC", "url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9393", + "url": "https://wpvulndb.com/vulnerabilities/9393" } ] } diff --git a/2018/10xxx/CVE-2018-10301.json b/2018/10xxx/CVE-2018-10301.json index 1e4a42782e1..d8c404ab6b8 100644 --- a/2018/10xxx/CVE-2018-10301.json +++ b/2018/10xxx/CVE-2018-10301.json @@ -56,6 +56,11 @@ "name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", "refsource": "MISC", "url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9393", + "url": "https://wpvulndb.com/vulnerabilities/9393" } ] } diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index f0c30e3c4b2..495dd468058 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index 9a9e75a41de..45ecf4c9c84 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 0a95c07454d..96a121fff22 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2018/12xxx/CVE-2018-12648.json b/2018/12xxx/CVE-2018-12648.json index 58415264a6d..6087fec5e0c 100644 --- a/2018/12xxx/CVE-2018-12648.json +++ b/2018/12xxx/CVE-2018-12648.json @@ -56,6 +56,16 @@ "name": "https://bugs.freedesktop.org/show_bug.cgi?id=106981", "refsource": "MISC", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=106981" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1657", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00070.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1649", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00075.html" } ] } diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index ff31ac91c18..7b1de28f3c2 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -111,6 +111,16 @@ "refsource": "MLIST", "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2018/16xxx/CVE-2018-16837.json b/2018/16xxx/CVE-2018-16837.json index f4dc2620ee9..64f6b2d2375 100644 --- a/2018/16xxx/CVE-2018-16837.json +++ b/2018/16xxx/CVE-2018-16837.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] } diff --git a/2018/16xxx/CVE-2018-16859.json b/2018/16xxx/CVE-2018-16859.json index ceffba748ed..fbe7480c76c 100644 --- a/2018/16xxx/CVE-2018-16859.json +++ b/2018/16xxx/CVE-2018-16859.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] } diff --git a/2018/16xxx/CVE-2018-16876.json b/2018/16xxx/CVE-2018-16876.json index 8735f67708c..ff8379444bd 100644 --- a/2018/16xxx/CVE-2018-16876.json +++ b/2018/16xxx/CVE-2018-16876.json @@ -122,6 +122,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] } diff --git a/2018/1xxx/CVE-2018-1858.json b/2018/1xxx/CVE-2018-1858.json index d1e5eb649c4..edbcffb61ca 100644 --- a/2018/1xxx/CVE-2018-1858.json +++ b/2018/1xxx/CVE-2018-1858.json @@ -87,6 +87,11 @@ "name": "ibm-api-cve20181858-csrf (151256)", "title": "X-Force Vulnerability Report", "refsource": "XF" + }, + { + "refsource": "BID", + "name": "108898", + "url": "http://www.securityfocus.com/bid/108898" } ] } diff --git a/2018/20xxx/CVE-2018-20843.json b/2018/20xxx/CVE-2018-20843.json index 062cf1a11ad..af41aaca0e8 100644 --- a/2018/20xxx/CVE-2018-20843.json +++ b/2018/20xxx/CVE-2018-20843.json @@ -76,6 +76,16 @@ "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226" + }, + { + "refsource": "UBUNTU", + "name": "USN-4040-1", + "url": "https://usn.ubuntu.com/4040-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4040-2", + "url": "https://usn.ubuntu.com/4040-2/" } ] } diff --git a/2018/20xxx/CVE-2018-20845.json b/2018/20xxx/CVE-2018-20845.json new file mode 100644 index 00000000000..3aadedfcb26 --- /dev/null +++ b/2018/20xxx/CVE-2018-20845.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20846.json b/2018/20xxx/CVE-2018-20846.json new file mode 100644 index 00000000000..5027d33c32d --- /dev/null +++ b/2018/20xxx/CVE-2018-20846.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20847.json b/2018/20xxx/CVE-2018-20847.json new file mode 100644 index 00000000000..91acfc42b5c --- /dev/null +++ b/2018/20xxx/CVE-2018-20847.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845" + }, + { + "url": "https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949" + }, + { + "url": "https://github.com/uclouvain/openjpeg/issues/431", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/431" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2011.json b/2018/2xxx/CVE-2018-2011.json index 3fe06af8c3f..df801d2541b 100644 --- a/2018/2xxx/CVE-2018-2011.json +++ b/2018/2xxx/CVE-2018-2011.json @@ -21,6 +21,11 @@ "name": "ibm-api-cve20182011-info-disc (155150)", "title": "X-Force Vulnerability Report", "refsource": "XF" + }, + { + "refsource": "BID", + "name": "108907", + "url": "http://www.securityfocus.com/bid/108907" } ] }, diff --git a/2018/2xxx/CVE-2018-2013.json b/2018/2xxx/CVE-2018-2013.json index d6d5000ff94..b6b02a3d73a 100644 --- a/2018/2xxx/CVE-2018-2013.json +++ b/2018/2xxx/CVE-2018-2013.json @@ -79,6 +79,11 @@ "name": "ibm-api-cve20182013-info-disc (155193)", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155193" + }, + { + "refsource": "BID", + "name": "108907", + "url": "http://www.securityfocus.com/bid/108907" } ] }, diff --git a/2018/7xxx/CVE-2018-7587.json b/2018/7xxx/CVE-2018-7587.json index 3a61f90f473..fe66d13612d 100644 --- a/2018/7xxx/CVE-2018-7587.json +++ b/2018/7xxx/CVE-2018-7587.json @@ -56,6 +56,11 @@ "name": "https://github.com/xiaoqx/pocs/tree/master/cimg", "refsource": "MISC", "url": "https://github.com/xiaoqx/pocs/tree/master/cimg" + }, + { + "refsource": "UBUNTU", + "name": "USN-4039-1", + "url": "https://usn.ubuntu.com/4039-1/" } ] } diff --git a/2018/7xxx/CVE-2018-7588.json b/2018/7xxx/CVE-2018-7588.json index c0d0ae10f91..a4f24ddb41b 100644 --- a/2018/7xxx/CVE-2018-7588.json +++ b/2018/7xxx/CVE-2018-7588.json @@ -61,6 +61,11 @@ "name": "https://github.com/xiaoqx/pocs/tree/master/cimg", "refsource": "MISC", "url": "https://github.com/xiaoqx/pocs/tree/master/cimg" + }, + { + "refsource": "UBUNTU", + "name": "USN-4039-1", + "url": "https://usn.ubuntu.com/4039-1/" } ] } diff --git a/2018/7xxx/CVE-2018-7589.json b/2018/7xxx/CVE-2018-7589.json index 5326c3b711c..c3d58aace3a 100644 --- a/2018/7xxx/CVE-2018-7589.json +++ b/2018/7xxx/CVE-2018-7589.json @@ -61,6 +61,11 @@ "name": "https://github.com/xiaoqx/pocs/tree/master/cimg", "refsource": "MISC", "url": "https://github.com/xiaoqx/pocs/tree/master/cimg" + }, + { + "refsource": "UBUNTU", + "name": "USN-4039-1", + "url": "https://usn.ubuntu.com/4039-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10133.json b/2019/10xxx/CVE-2019-10133.json index 6461f3ccb4c..bcd5e06f668 100644 --- a/2019/10xxx/CVE-2019-10133.json +++ b/2019/10xxx/CVE-2019-10133.json @@ -4,15 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=386523", + "name": "https://moodle.org/mod/forum/discuss.php?d=386523", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10134.json b/2019/10xxx/CVE-2019-10134.json index ab994f3e9f5..d320eaeecf1 100644 --- a/2019/10xxx/CVE-2019-10134.json +++ b/2019/10xxx/CVE-2019-10134.json @@ -4,15 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=386524", + "name": "https://moodle.org/mod/forum/discuss.php?d=386524", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10154.json b/2019/10xxx/CVE-2019-10154.json index 81c2d88d37b..2eb8d68c7d3 100644 --- a/2019/10xxx/CVE-2019-10154.json +++ b/2019/10xxx/CVE-2019-10154.json @@ -4,15 +4,77 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.7" + }, + { + "version_value": "3.6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154", + "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=386521", + "name": "https://moodle.org/mod/forum/discuss.php?d=386521", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10164.json b/2019/10xxx/CVE-2019-10164.json index 149f5473288..1cd5578ee12 100644 --- a/2019/10xxx/CVE-2019-10164.json +++ b/2019/10xxx/CVE-2019-10164.json @@ -4,15 +4,77 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10164", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "10.9" + }, + { + "version_value": "11.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164", + "refsource": "CONFIRM" + }, + { + "url": "https://www.postgresql.org/about/news/1949/", + "refsource": "MISC", + "name": "https://www.postgresql.org/about/news/1949/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index a36c1dd3c57..6e8a3cf3371 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2019/11xxx/CVE-2019-11272.json b/2019/11xxx/CVE-2019-11272.json index cb78076c061..14a1648a29f 100644 --- a/2019/11xxx/CVE-2019-11272.json +++ b/2019/11xxx/CVE-2019-11272.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of “null”.\n" + "value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \u201cnull\u201d." } ] }, diff --git a/2019/11xxx/CVE-2019-11372.json b/2019/11xxx/CVE-2019-11372.json index 5bbdb20d5f0..c7bf54a8b73 100644 --- a/2019/11xxx/CVE-2019-11372.json +++ b/2019/11xxx/CVE-2019-11372.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b7cf3236fb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJYASICJ2VUUNGHDBB62FGYQN2SNITM5/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1629", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00069.html" } ] } diff --git a/2019/11xxx/CVE-2019-11373.json b/2019/11xxx/CVE-2019-11373.json index db65c7213df..15fdfa739c1 100644 --- a/2019/11xxx/CVE-2019-11373.json +++ b/2019/11xxx/CVE-2019-11373.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b7cf3236fb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJYASICJ2VUUNGHDBB62FGYQN2SNITM5/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1629", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00069.html" } ] } diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index fb673a82049..6735f4be86c 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -166,6 +166,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1602", "url": "https://access.redhat.com/errata/RHSA-2019:1602" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" } ] }, diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index a6577f8c6f9..dbdf24920aa 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -160,6 +160,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1602", "url": "https://access.redhat.com/errata/RHSA-2019:1602" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" } ] }, diff --git a/2019/11xxx/CVE-2019-11479.json b/2019/11xxx/CVE-2019-11479.json index 26a9d3b914d..d475fc4ed38 100644 --- a/2019/11xxx/CVE-2019-11479.json +++ b/2019/11xxx/CVE-2019-11479.json @@ -164,6 +164,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1602", "url": "https://access.redhat.com/errata/RHSA-2019:1602" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" } ] }, diff --git a/2019/11xxx/CVE-2019-11583.json b/2019/11xxx/CVE-2019-11583.json index 2bb25ced300..c424680136d 100644 --- a/2019/11xxx/CVE-2019-11583.json +++ b/2019/11xxx/CVE-2019-11583.json @@ -1,17 +1,68 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-06-24T00:00:00", "ID": "CVE-2019-11583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "8.1.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by \"Epic Name\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JSWSERVER-20111", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JSWSERVER-20111" + }, + { + "refsource": "BID", + "name": "108901", + "url": "http://www.securityfocus.com/bid/108901" } ] } diff --git a/2019/12xxx/CVE-2019-12346.json b/2019/12xxx/CVE-2019-12346.json index 5dea0771aa9..db22bb5b7f9 100644 --- a/2019/12xxx/CVE-2019-12346.json +++ b/2019/12xxx/CVE-2019-12346.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss/", "url": "https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss/" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9397", + "url": "https://wpvulndb.com/vulnerabilities/9397" } ] } diff --git a/2019/12xxx/CVE-2019-12450.json b/2019/12xxx/CVE-2019-12450.json index 7783f2c0103..a3f638778fc 100644 --- a/2019/12xxx/CVE-2019-12450.json +++ b/2019/12xxx/CVE-2019-12450.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1650", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html" } ] } diff --git a/2019/12xxx/CVE-2019-12735.json b/2019/12xxx/CVE-2019-12735.json index 8319792dc20..50ab3bd16cb 100644 --- a/2019/12xxx/CVE-2019-12735.json +++ b/2019/12xxx/CVE-2019-12735.json @@ -131,6 +131,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K93144355", "url": "https://support.f5.com/csp/article/K93144355" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1619", + "url": "https://access.redhat.com/errata/RHSA-2019:1619" } ] } diff --git a/2019/12xxx/CVE-2019-12900.json b/2019/12xxx/CVE-2019-12900.json index 4bfa18d4c0c..0ebc581c283 100644 --- a/2019/12xxx/CVE-2019-12900.json +++ b/2019/12xxx/CVE-2019-12900.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4038-2", + "url": "https://usn.ubuntu.com/4038-2/" } ] } diff --git a/2019/12xxx/CVE-2019-12972.json b/2019/12xxx/CVE-2019-12972.json index dad5f19bea0..6575cea2199 100644 --- a/2019/12xxx/CVE-2019-12972.json +++ b/2019/12xxx/CVE-2019-12972.json @@ -61,6 +61,11 @@ "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031", "refsource": "MISC", "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031" + }, + { + "refsource": "BID", + "name": "108903", + "url": "http://www.securityfocus.com/bid/108903" } ] } diff --git a/2019/12xxx/CVE-2019-12973.json b/2019/12xxx/CVE-2019-12973.json new file mode 100644 index 00000000000..116fd432ece --- /dev/null +++ b/2019/12xxx/CVE-2019-12973.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503" + }, + { + "url": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3" + }, + { + "refsource": "BID", + "name": "108900", + "url": "http://www.securityfocus.com/bid/108900" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12974.json b/2019/12xxx/CVE-2019-12974.json new file mode 100644 index 00000000000..efd4c600452 --- /dev/null +++ b/2019/12xxx/CVE-2019-12974.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1515", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1515" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12975.json b/2019/12xxx/CVE-2019-12975.json new file mode 100644 index 00000000000..30b0dc457d7 --- /dev/null +++ b/2019/12xxx/CVE-2019-12975.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1517", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1517" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12976.json b/2019/12xxx/CVE-2019-12976.json new file mode 100644 index 00000000000..16e2521d6ec --- /dev/null +++ b/2019/12xxx/CVE-2019-12976.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1520", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1520" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12977.json b/2019/12xxx/CVE-2019-12977.json new file mode 100644 index 00000000000..5509ddaf2f9 --- /dev/null +++ b/2019/12xxx/CVE-2019-12977.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the WriteJP2Image function in coders/jp2.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1518", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1518" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12978.json b/2019/12xxx/CVE-2019-12978.json new file mode 100644 index 00000000000..c35d9b26e7e --- /dev/null +++ b/2019/12xxx/CVE-2019-12978.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the ReadPANGOImage function in coders/pango.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1519", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1519" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12979.json b/2019/12xxx/CVE-2019-12979.json new file mode 100644 index 00000000000..267aca823e9 --- /dev/null +++ b/2019/12xxx/CVE-2019-12979.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1522", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1522" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12980.json b/2019/12xxx/CVE-2019-12980.json new file mode 100644 index 00000000000..0f14d00e203 --- /dev/null +++ b/2019/12xxx/CVE-2019-12980.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe", + "refsource": "MISC", + "name": "https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12981.json b/2019/12xxx/CVE-2019-12981.json new file mode 100644 index 00000000000..87391954f2e --- /dev/null +++ b/2019/12xxx/CVE-2019-12981.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ming (aka libming) 0.4.8 has an \"fill overflow\" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9", + "refsource": "MISC", + "name": "https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12982.json b/2019/12xxx/CVE-2019-12982.json new file mode 100644 index 00000000000..72078d4647c --- /dev/null +++ b/2019/12xxx/CVE-2019-12982.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9", + "refsource": "MISC", + "name": "https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12983.json b/2019/12xxx/CVE-2019-12983.json new file mode 100644 index 00000000000..4d32d15d9cc --- /dev/null +++ b/2019/12xxx/CVE-2019-12983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12983", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11884. Reason: This candidate is a reservation duplicate of CVE-2019-11884. Notes: All CVE users should reference CVE-2019-11884 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12984.json b/2019/12xxx/CVE-2019-12984.json new file mode 100644 index 00000000000..64fae0f5cb0 --- /dev/null +++ b/2019/12xxx/CVE-2019-12984.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13" + }, + { + "refsource": "BID", + "name": "108905", + "url": "http://www.securityfocus.com/bid/108905" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12985.json b/2019/12xxx/CVE-2019-12985.json new file mode 100644 index 00000000000..5ccbeb8f5c0 --- /dev/null +++ b/2019/12xxx/CVE-2019-12985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12986.json b/2019/12xxx/CVE-2019-12986.json new file mode 100644 index 00000000000..69c85529ba1 --- /dev/null +++ b/2019/12xxx/CVE-2019-12986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12987.json b/2019/12xxx/CVE-2019-12987.json new file mode 100644 index 00000000000..5f0e9fc7e2b --- /dev/null +++ b/2019/12xxx/CVE-2019-12987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12988.json b/2019/12xxx/CVE-2019-12988.json new file mode 100644 index 00000000000..bbbab4669bf --- /dev/null +++ b/2019/12xxx/CVE-2019-12988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12989.json b/2019/12xxx/CVE-2019-12989.json new file mode 100644 index 00000000000..5797b8fdd43 --- /dev/null +++ b/2019/12xxx/CVE-2019-12989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12990.json b/2019/12xxx/CVE-2019-12990.json new file mode 100644 index 00000000000..93da49c6ba0 --- /dev/null +++ b/2019/12xxx/CVE-2019-12990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12991.json b/2019/12xxx/CVE-2019-12991.json new file mode 100644 index 00000000000..b0268e58826 --- /dev/null +++ b/2019/12xxx/CVE-2019-12991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12992.json b/2019/12xxx/CVE-2019-12992.json new file mode 100644 index 00000000000..555e3465873 --- /dev/null +++ b/2019/12xxx/CVE-2019-12992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index 34665a47e99..0f4260ba8e8 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -166,6 +166,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1432", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1637", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" } ] } diff --git a/2019/1xxx/CVE-2019-1619.json b/2019/1xxx/CVE-2019-1619.json index 732e72acce3..68cf348af47 100644 --- a/2019/1xxx/CVE-2019-1619.json +++ b/2019/1xxx/CVE-2019-1619.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1619", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Authentication Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.1(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-bypass" + }, + { + "refsource": "BID", + "name": "108902", + "url": "http://www.securityfocus.com/bid/108902" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-bypass", + "defect": [ + [ + "CSCvo64641" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1620.json b/2019/1xxx/CVE-2019-1620.json index eca79a576f6..e8341b9a4e7 100644 --- a/2019/1xxx/CVE-2019-1620.json +++ b/2019/1xxx/CVE-2019-1620.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1620", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.2(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex" + }, + { + "refsource": "BID", + "name": "108906", + "url": "http://www.securityfocus.com/bid/108906" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-codex", + "defect": [ + [ + "CSCvo64647" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1621.json b/2019/1xxx/CVE-2019-1621.json index b9a7c41dd5f..03363c48fe0 100644 --- a/2019/1xxx/CVE-2019-1621.json +++ b/2019/1xxx/CVE-2019-1621.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1621", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Arbitrary File Download Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.2(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Arbitrary File Download Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld" + }, + { + "refsource": "BID", + "name": "108904", + "url": "http://www.securityfocus.com/bid/108904" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-file-dwnld", + "defect": [ + [ + "CSCvo64651" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1622.json b/2019/1xxx/CVE-2019-1622.json index c0102eea4e4..af6dc096b79 100644 --- a/2019/1xxx/CVE-2019-1622.json +++ b/2019/1xxx/CVE-2019-1622.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1622", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.2(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-infodiscl" + }, + { + "refsource": "BID", + "name": "108908", + "url": "http://www.securityfocus.com/bid/108908" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-infodiscl", + "defect": [ + [ + "CSCvo64654" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1897.json b/2019/1xxx/CVE-2019-1897.json index cc0808b89cb..e5e353c488c 100644 --- a/2019/1xxx/CVE-2019-1897.json +++ b/2019/1xxx/CVE-2019-1897.json @@ -73,6 +73,11 @@ "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos" }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-29", + "url": "https://www.tenable.com/security/research/tra-2019-29" + }, { "refsource": "BID", "name": "108848", diff --git a/2019/1xxx/CVE-2019-1898.json b/2019/1xxx/CVE-2019-1898.json index 440b86288af..4f0ef39ea29 100644 --- a/2019/1xxx/CVE-2019-1898.json +++ b/2019/1xxx/CVE-2019-1898.json @@ -73,6 +73,11 @@ "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess" }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-29", + "url": "https://www.tenable.com/security/research/tra-2019-29" + }, { "refsource": "BID", "name": "108865", diff --git a/2019/1xxx/CVE-2019-1899.json b/2019/1xxx/CVE-2019-1899.json index 8cba1ee5c0a..5005bc1c252 100644 --- a/2019/1xxx/CVE-2019-1899.json +++ b/2019/1xxx/CVE-2019-1899.json @@ -73,6 +73,11 @@ "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis" }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-29", + "url": "https://www.tenable.com/security/research/tra-2019-29" + }, { "refsource": "BID", "name": "108867", diff --git a/2019/3xxx/CVE-2019-3569.json b/2019/3xxx/CVE-2019-3569.json index d91be0620d3..ddd525a7957 100644 --- a/2019/3xxx/CVE-2019-3569.json +++ b/2019/3xxx/CVE-2019-3569.json @@ -1,8 +1,85 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2019-06-01", "ID": "CVE-2019-3569", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HHVM", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "4.8.1" + }, + { + "version_affected": "=", + "version_value": "4.8.0" + }, + { + "version_affected": "!=>", + "version_value": "4.7.1" + }, + { + "version_affected": "=", + "version_value": "4.7.0" + }, + { + "version_affected": "!=>", + "version_value": "4.6.1" + }, + { + "version_affected": "=", + "version_value": "4.6.0" + }, + { + "version_affected": "!=>", + "version_value": "4.5.1" + }, + { + "version_affected": "=", + "version_value": "4.5.0" + }, + { + "version_affected": "!=>", + "version_value": "4.4.1" + }, + { + "version_affected": "=", + "version_value": "4.4.0" + }, + { + "version_affected": "!=>", + "version_value": "4.3.1" + }, + { + "version_affected": ">=", + "version_value": "4.0.0" + }, + { + "version_affected": "!=>", + "version_value": "3.30.6" + }, + { + "version_affected": "<=", + "version_value": "3.30.5" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +88,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Files or Directories Accessible to External Parties (CWE-552)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed", + "refsource": "MISC", + "url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed" + }, + { + "name": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html", + "refsource": "MISC", + "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html" } ] } diff --git a/2019/3xxx/CVE-2019-3828.json b/2019/3xxx/CVE-2019-3828.json index b3c502b9f0f..bbf083d11cd 100644 --- a/2019/3xxx/CVE-2019-3828.json +++ b/2019/3xxx/CVE-2019-3828.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3860.json b/2019/3xxx/CVE-2019-3860.json index 91a0d2d3b51..eb1067a26a1 100644 --- a/2019/3xxx/CVE-2019-3860.json +++ b/2019/3xxx/CVE-2019-3860.json @@ -88,6 +88,11 @@ "refsource": "BUGTRAQ", "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update", "url": "https://seclists.org/bugtraq/2019/Apr/25" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1640", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html" } ] }, diff --git a/2019/4xxx/CVE-2019-4224.json b/2019/4xxx/CVE-2019-4224.json index 06d7a3c2a43..84559fbec33 100644 --- a/2019/4xxx/CVE-2019-4224.json +++ b/2019/4xxx/CVE-2019-4224.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4224", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "S": "U", + "PR": "L", + "AV": "N", + "C": "L", + "UI": "N", + "SCORE": "6.300", + "I": "L", + "AC": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.", + "lang": "eng" } ] - } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4224", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-pure-cve20194224-sql-injection (159240)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "PureApplication System", + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Data Manipulation", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4225.json b/2019/4xxx/CVE-2019-4225.json index 12f65c3ad5c..5ab4dfea5bf 100644 --- a/2019/4xxx/CVE-2019-4225.json +++ b/2019/4xxx/CVE-2019-4225.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4225", - "STATE": "RESERVED" + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242", + "name": "ibm-pure-cve20194225-info-disc (159242)" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PureApplication System", + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", - "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4225", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.", + "lang": "eng" } ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "UI": "N", + "SCORE": "4.400", + "I": "N", + "AC": "L", + "A": "N", + "S": "U", + "PR": "H", + "AV": "L", + "C": "H" + } + } } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4234.json b/2019/4xxx/CVE-2019-4234.json index 0a01c6bf87c..f6aa99811bb 100644 --- a/2019/4xxx/CVE-2019-4234.json +++ b/2019/4xxx/CVE-2019-4234.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4234", - "STATE": "RESERVED" + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + }, + "product_name": "PureApplication System" + } + ] + } + } + ] + } }, "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416", + "name": "ibm-pure-cve20194234-gain-access (159416)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, "data_type": "CVE", - "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4234" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416." } ] + }, + "impact": { + "cvssv3": { + "BM": { + "C": "N", + "AV": "N", + "S": "U", + "PR": "L", + "A": "N", + "AC": "L", + "I": "L", + "UI": "N", + "SCORE": "4.300" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4235.json b/2019/4xxx/CVE-2019-4235.json index 242898d72ff..f7981c842e7 100644 --- a/2019/4xxx/CVE-2019-4235.json +++ b/2019/4xxx/CVE-2019-4235.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4235", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "AC": "H", + "I": "N", + "UI": "N", + "SCORE": "5.900", + "C": "H", + "AV": "N", + "S": "U", + "PR": "N", + "A": "N" + } + } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417." } ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2019-4235", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-pure-cve20194235-info-disc (159417)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PureApplication System", + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4241.json b/2019/4xxx/CVE-2019-4241.json index d72cffc0f5f..942895eba21 100644 --- a/2019/4xxx/CVE-2019-4241.json +++ b/2019/4xxx/CVE-2019-4241.json @@ -1,17 +1,110 @@ { + "data_type": "CVE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4241", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ID": "CVE-2019-4241" + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467", + "name": "ibm-pure-cve20194241-auth-bypass (159467)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + }, + "product_name": "PureApplication System" + } + ] + } + } + ] + } }, "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "C": "H", + "AV": "L", + "S": "U", + "PR": "N", + "A": "H", + "AC": "L", + "I": "H", + "UI": "N", + "SCORE": "8.400" + } + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467." } ] } diff --git a/2019/4xxx/CVE-2019-4364.json b/2019/4xxx/CVE-2019-4364.json index 589aa65a586..6b498a46e8c 100644 --- a/2019/4xxx/CVE-2019-4364.json +++ b/2019/4xxx/CVE-2019-4364.json @@ -33,6 +33,11 @@ "refsource": "XF", "name": "ibm-maximo-cve20194364-code-exec (161680)", "title": "X-Force Vulnerability Report" + }, + { + "refsource": "BID", + "name": "108910", + "url": "http://www.securityfocus.com/bid/108910" } ] }, diff --git a/2019/4xxx/CVE-2019-4384.json b/2019/4xxx/CVE-2019-4384.json index 98db8b946ab..39f945c2273 100644 --- a/2019/4xxx/CVE-2019-4384.json +++ b/2019/4xxx/CVE-2019-4384.json @@ -12,6 +12,11 @@ "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162172" + }, + { + "refsource": "BID", + "name": "108896", + "url": "http://www.securityfocus.com/bid/108896" } ] }, diff --git a/2019/4xxx/CVE-2019-4385.json b/2019/4xxx/CVE-2019-4385.json index c189c0f0e47..40d147afe22 100644 --- a/2019/4xxx/CVE-2019-4385.json +++ b/2019/4xxx/CVE-2019-4385.json @@ -20,6 +20,11 @@ "title": "X-Force Vulnerability Report", "name": "ibm-spectrum-cve20194385-info-disc (162173)", "refsource": "XF" + }, + { + "refsource": "BID", + "name": "108899", + "url": "http://www.securityfocus.com/bid/108899" } ] }, diff --git a/2019/6xxx/CVE-2019-6163.json b/2019/6xxx/CVE-2019-6163.json index 8a35726a948..b5027d76ccc 100644 --- a/2019/6xxx/CVE-2019-6163.json +++ b/2019/6xxx/CVE-2019-6163.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6163", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "System Update", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "5.07.0084" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "System Update", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.07.0084" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27348" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)." - } - ], - "source": { - "advisory": "LEN-27348", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27348", + "name": "https://support.lenovo.com/solutions/LEN-27348" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)." + } + ], + "source": { + "advisory": "LEN-27348", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6166.json b/2019/6xxx/CVE-2019-6166.json index b349e2973bd..7b6db584d9f 100644 --- a/2019/6xxx/CVE-2019-6166.json +++ b/2019/6xxx/CVE-2019-6166.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6166", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6167.json b/2019/6xxx/CVE-2019-6167.json index 411b76ad02d..261e48f4c5e 100644 --- a/2019/6xxx/CVE-2019-6167.json +++ b/2019/6xxx/CVE-2019-6167.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6167", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6168.json b/2019/6xxx/CVE-2019-6168.json index d8be6e25ee7..4877c601c77 100644 --- a/2019/6xxx/CVE-2019-6168.json +++ b/2019/6xxx/CVE-2019-6168.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6168", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6169.json b/2019/6xxx/CVE-2019-6169.json index 222ef866e40..e971ccd0eef 100644 --- a/2019/6xxx/CVE-2019-6169.json +++ b/2019/6xxx/CVE-2019-6169.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6169", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "unencrypted downloads over FTP" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unencrypted downloads over FTP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7637.json b/2019/7xxx/CVE-2019-7637.json index 4fc57f31acc..72f847e2aac 100644 --- a/2019/7xxx/CVE-2019-7637.json +++ b/2019/7xxx/CVE-2019-7637.json @@ -86,6 +86,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1261", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1632", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1633", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html" } ] } diff --git a/2019/7xxx/CVE-2019-7839.json b/2019/7xxx/CVE-2019-7839.json index 4f2074ce28f..4a1c21f5390 100644 --- a/2019/7xxx/CVE-2019-7839.json +++ b/2019/7xxx/CVE-2019-7839.json @@ -56,6 +56,11 @@ "refsource": "BUGTRAQ", "name": "20190626 [SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener", "url": "https://seclists.org/bugtraq/2019/Jun/38" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html" } ] }, diff --git a/2019/8xxx/CVE-2019-8457.json b/2019/8xxx/CVE-2019-8457.json index b5bc2dc3665..82b1e86c727 100644 --- a/2019/8xxx/CVE-2019-8457.json +++ b/2019/8xxx/CVE-2019-8457.json @@ -78,6 +78,11 @@ "refsource": "UBUNTU", "name": "USN-4019-2", "url": "https://usn.ubuntu.com/4019-2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1645", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9039.json b/2019/9xxx/CVE-2019-9039.json index befc6e7bf6c..988718e0fe3 100644 --- a/2019/9xxx/CVE-2019-9039.json +++ b/2019/9xxx/CVE-2019-9039.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9039", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters \u201cstartkey\u201d and \u201cendkey\u201d of the \u201c_all_docs\u201d endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.couchbase.com/sync-gateway/2.5/release-notes.html", + "url": "https://docs.couchbase.com/sync-gateway/2.5/release-notes.html" + }, + { + "refsource": "MISC", + "name": "https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039/", + "url": "https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039/" } ] } diff --git a/2019/9xxx/CVE-2019-9836.json b/2019/9xxx/CVE-2019-9836.json index d55f983ea69..366e43dcb05 100644 --- a/2019/9xxx/CVE-2019-9836.json +++ b/2019/9xxx/CVE-2019-9836.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://www.amd.com/en/corporate/product-security", "url": "https://www.amd.com/en/corporate/product-security" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html", + "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html" } ] } diff --git a/2019/9xxx/CVE-2019-9928.json b/2019/9xxx/CVE-2019-9928.json index 2e775254770..06535676cc0 100644 --- a/2019/9xxx/CVE-2019-9928.json +++ b/2019/9xxx/CVE-2019-9928.json @@ -86,6 +86,16 @@ "refsource": "DEBIAN", "name": "DSA-4437", "url": "https://www.debian.org/security/2019/dsa-4437" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1638", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00082.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1639", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html" } ] }