From 37c5a2e8a6366028b85646aa50c7e6f1eb0272be Mon Sep 17 00:00:00 2001 From: Hasnain Lakhani Date: Fri, 21 Jun 2019 17:34:10 -0700 Subject: [PATCH 01/33] Publish CVE-2019-3569 --- 2019/3xxx/CVE-2019-3569.json | 109 ++++++++++++++++++++++++++++++++++- 1 file changed, 106 insertions(+), 3 deletions(-) diff --git a/2019/3xxx/CVE-2019-3569.json b/2019/3xxx/CVE-2019-3569.json index d91be0620d3..ddd525a7957 100644 --- a/2019/3xxx/CVE-2019-3569.json +++ b/2019/3xxx/CVE-2019-3569.json @@ -1,8 +1,85 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2019-06-01", "ID": "CVE-2019-3569", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HHVM", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "4.8.1" + }, + { + "version_affected": "=", + "version_value": "4.8.0" + }, + { + "version_affected": "!=>", + "version_value": "4.7.1" + }, + { + "version_affected": "=", + "version_value": "4.7.0" + }, + { + "version_affected": "!=>", + "version_value": "4.6.1" + }, + { + "version_affected": "=", + "version_value": "4.6.0" + }, + { + "version_affected": "!=>", + "version_value": "4.5.1" + }, + { + "version_affected": "=", + "version_value": "4.5.0" + }, + { + "version_affected": "!=>", + "version_value": "4.4.1" + }, + { + "version_affected": "=", + "version_value": "4.4.0" + }, + { + "version_affected": "!=>", + "version_value": "4.3.1" + }, + { + "version_affected": ">=", + "version_value": "4.0.0" + }, + { + "version_affected": "!=>", + "version_value": "3.30.6" + }, + { + "version_affected": "<=", + "version_value": "3.30.5" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +88,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Files or Directories Accessible to External Parties (CWE-552)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed", + "refsource": "MISC", + "url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed" + }, + { + "name": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html", + "refsource": "MISC", + "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html" } ] } From b3be9ce3ce29c7dcc841fd2303fb527c7303a3c6 Mon Sep 17 00:00:00 2001 From: David Black Date: Mon, 24 Jun 2019 13:57:11 +1000 Subject: [PATCH 02/33] Add CVE-2019-11583 --- 2019/11xxx/CVE-2019-11583.json | 74 +++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 15 deletions(-) diff --git a/2019/11xxx/CVE-2019-11583.json b/2019/11xxx/CVE-2019-11583.json index 2bb25ced300..fdf1fd72a97 100644 --- a/2019/11xxx/CVE-2019-11583.json +++ b/2019/11xxx/CVE-2019-11583.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-11583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-06-24T00:00:00", + "ID": "CVE-2019-11583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "8.1.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The issue searching component in Jira before version 8.1.0 allows remote attackers to \r\ndeny access to Jira service via denial of service vulnerability in issue search when ordering by \"Epic Name\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JSWSERVER-20111" + } + ] + } +} From d985049cc6dc6f0c888b3931708a4602ad0af9b7 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Tue, 25 Jun 2019 10:26:24 +0200 Subject: [PATCH 03/33] CVE-2019-10164 --- 2019/10xxx/CVE-2019-10164.json | 67 ++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 4 deletions(-) diff --git a/2019/10xxx/CVE-2019-10164.json b/2019/10xxx/CVE-2019-10164.json index 149f5473288..9ed3f0e6cba 100644 --- a/2019/10xxx/CVE-2019-10164.json +++ b/2019/10xxx/CVE-2019-10164.json @@ -4,15 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10164", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mrehak@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "10.9" + }, + { + "version_value": "11.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.postgresql.org/support/security/" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL before versions 10.9, 11.4 is vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From c9d44f2dac9bcd0ccc5fbb52d976ba124585fea7 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Tue, 25 Jun 2019 14:29:32 +0200 Subject: [PATCH 04/33] CVE-2019-10164 --- 2019/10xxx/CVE-2019-10164.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2019/10xxx/CVE-2019-10164.json b/2019/10xxx/CVE-2019-10164.json index 9ed3f0e6cba..8a7cc7dbd6c 100644 --- a/2019/10xxx/CVE-2019-10164.json +++ b/2019/10xxx/CVE-2019-10164.json @@ -47,7 +47,7 @@ "references": { "reference_data": [ { - "url": "https://www.postgresql.org/support/security/" + "url": "https://www.postgresql.org/about/news/1949/" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164", @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "PostgreSQL before versions 10.9, 11.4 is vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account." + "value": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account." } ] }, From 1ad1ac5b9f0aa7387f497aaadaf370a31e361ecf Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 25 Jun 2019 15:37:36 -0300 Subject: [PATCH 05/33] CVE-2019-10133 --- 2019/10xxx/CVE-2019-10133.json | 61 +++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2019/10xxx/CVE-2019-10133.json b/2019/10xxx/CVE-2019-10133.json index 6461f3ccb4c..4a15d1ec6bb 100644 --- a/2019/10xxx/CVE-2019-10133.json +++ b/2019/10xxx/CVE-2019-10133.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 7a53ba0538f1c51189173e5857ed5a4f9b728252 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 25 Jun 2019 15:41:09 -0300 Subject: [PATCH 06/33] CVE-2019-10134 --- 2019/10xxx/CVE-2019-10134.json | 61 +++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2019/10xxx/CVE-2019-10134.json b/2019/10xxx/CVE-2019-10134.json index ab994f3e9f5..cfcdc88a5e6 100644 --- a/2019/10xxx/CVE-2019-10134.json +++ b/2019/10xxx/CVE-2019-10134.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From f250ee99940ac85c8a49a8859e8df0902af2d0d0 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 25 Jun 2019 15:45:16 -0300 Subject: [PATCH 07/33] CVE-2019-10154 --- 2019/10xxx/CVE-2019-10154.json | 64 +++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 4 deletions(-) diff --git a/2019/10xxx/CVE-2019-10154.json b/2019/10xxx/CVE-2019-10154.json index 81c2d88d37b..2e6e8620717 100644 --- a/2019/10xxx/CVE-2019-10154.json +++ b/2019/10xxx/CVE-2019-10154.json @@ -4,15 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.7" + }, + { + "version_value": "3.6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 6ffbcc56587ea71d5818b22119f017c4b5ef585b Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 25 Jun 2019 15:56:38 -0300 Subject: [PATCH 08/33] added references --- 2019/10xxx/CVE-2019-10133.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/10xxx/CVE-2019-10133.json b/2019/10xxx/CVE-2019-10133.json index 4a15d1ec6bb..4ef3f2ce229 100644 --- a/2019/10xxx/CVE-2019-10133.json +++ b/2019/10xxx/CVE-2019-10133.json @@ -47,6 +47,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=386523", + "name": "https://moodle.org/mod/forum/discuss.php?d=386523", + "refsource": "CONFIRM" } ] }, From e71c157cf8f2b9120d09eb6fcf45f2ed0e69905b Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 25 Jun 2019 15:56:56 -0300 Subject: [PATCH 09/33] added references --- 2019/10xxx/CVE-2019-10134.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/10xxx/CVE-2019-10134.json b/2019/10xxx/CVE-2019-10134.json index cfcdc88a5e6..5796c29be65 100644 --- a/2019/10xxx/CVE-2019-10134.json +++ b/2019/10xxx/CVE-2019-10134.json @@ -47,6 +47,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=386524", + "name": "https://moodle.org/mod/forum/discuss.php?d=386524", + "refsource": "CONFIRM" } ] }, From cf7e3cd679e44324f4fe57cf0e6a75ccff0f895f Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 25 Jun 2019 15:57:36 -0300 Subject: [PATCH 10/33] added references --- 2019/10xxx/CVE-2019-10154.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/10xxx/CVE-2019-10154.json b/2019/10xxx/CVE-2019-10154.json index 2e6e8620717..bd784800eed 100644 --- a/2019/10xxx/CVE-2019-10154.json +++ b/2019/10xxx/CVE-2019-10154.json @@ -50,6 +50,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154", "refsource": "CONFIRM" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=386521", + "name": "https://moodle.org/mod/forum/discuss.php?d=386521", + "refsource": "CONFIRM" } ] }, From badb7b80195a3101cba6ba9be2af35d67e7d2154 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 26 Jun 2019 10:27:50 -0400 Subject: [PATCH 11/33] IBM20190626-102750 Added CVE-2019-4234, CVE-2019-4235, CVE-2019-4225, CVE-2019-4224, CVE-2019-4241 --- 2019/4xxx/CVE-2019-4224.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4225.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4234.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4235.json | 123 ++++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4241.json | 123 ++++++++++++++++++++++++++++++----- 5 files changed, 540 insertions(+), 75 deletions(-) diff --git a/2019/4xxx/CVE-2019-4224.json b/2019/4xxx/CVE-2019-4224.json index 06d7a3c2a43..57fb21d6c70 100644 --- a/2019/4xxx/CVE-2019-4224.json +++ b/2019/4xxx/CVE-2019-4224.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4224", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "S" : "U", + "PR" : "L", + "AV" : "N", + "C" : "L", + "UI" : "N", + "SCORE" : "6.300", + "I" : "L", + "AC" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.", + "lang" : "eng" + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2019-4224", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-pure-cve20194224-sql-injection (159240)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "PureApplication System", + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Data Manipulation", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0" +} diff --git a/2019/4xxx/CVE-2019-4225.json b/2019/4xxx/CVE-2019-4225.json index 12f65c3ad5c..ede80ba681f 100644 --- a/2019/4xxx/CVE-2019-4225.json +++ b/2019/4xxx/CVE-2019-4225.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4225", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "refsource" : "CONFIRM" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242", + "name" : "ibm-pure-cve20194225-info-disc (159242)" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "PureApplication System", + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4225", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "STATE" : "PUBLIC" + }, + "description" : { + "description_data" : [ + { + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.", + "lang" : "eng" + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "UI" : "N", + "SCORE" : "4.400", + "I" : "N", + "AC" : "L", + "A" : "N", + "S" : "U", + "PR" : "H", + "AV" : "L", + "C" : "H" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4234.json b/2019/4xxx/CVE-2019-4234.json index 0a01c6bf87c..6732ebd734e 100644 --- a/2019/4xxx/CVE-2019-4234.json +++ b/2019/4xxx/CVE-2019-4234.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4234", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Access", + "lang" : "eng" + } + ] + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + }, + "product_name" : "PureApplication System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "references" : { + "reference_data" : [ + { + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416", + "name" : "ibm-pure-cve20194234-gain-access (159416)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4234" + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "N", + "AV" : "N", + "S" : "U", + "PR" : "L", + "A" : "N", + "AC" : "L", + "I" : "L", + "UI" : "N", + "SCORE" : "4.300" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + } +} diff --git a/2019/4xxx/CVE-2019-4235.json b/2019/4xxx/CVE-2019-4235.json index 242898d72ff..5a989d8336c 100644 --- a/2019/4xxx/CVE-2019-4235.json +++ b/2019/4xxx/CVE-2019-4235.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4235", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "AC" : "H", + "I" : "N", + "UI" : "N", + "SCORE" : "5.900", + "C" : "H", + "AV" : "N", + "S" : "U", + "PR" : "N", + "A" : "N" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417." + } + ] + }, + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2019-4235", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title" : "IBM Security Bulletin 885602 (PureApplication System)" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-pure-cve20194235-info-disc (159417)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417" + } + ] + }, + "data_format" : "MITRE", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "PureApplication System", + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2019/4xxx/CVE-2019-4241.json b/2019/4xxx/CVE-2019-4241.json index d72cffc0f5f..73ad0d7b294 100644 --- a/2019/4xxx/CVE-2019-4241.json +++ b/2019/4xxx/CVE-2019-4241.json @@ -1,18 +1,111 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4241", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2019-05-31T00:00:00", + "ID" : "CVE-2019-4241" + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Bypass Security" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 885602 (PureApplication System)", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467", + "name" : "ibm-pure-cve20194241-auth-bypass (159467)", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "2.2.3.0" + }, + { + "version_value" : "2.2.3.1" + }, + { + "version_value" : "2.2.3.2" + }, + { + "version_value" : "2.2.4.0" + }, + { + "version_value" : "2.2.5.0" + }, + { + "version_value" : "2.2.5.1" + }, + { + "version_value" : "2.2.5.2" + }, + { + "version_value" : "2.2.5.3" + } + ] + }, + "product_name" : "PureApplication System" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "C" : "H", + "AV" : "L", + "S" : "U", + "PR" : "N", + "A" : "H", + "AC" : "L", + "I" : "H", + "UI" : "N", + "SCORE" : "8.400" + } + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467." + } + ] + } +} From 36ecc003649f55a828417ce4ece0b2ba4da15fe0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2019 15:01:07 +0000 Subject: [PATCH 12/33] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11272.json | 2 +- 2019/4xxx/CVE-2019-4224.json | 216 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4225.json | 216 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4234.json | 216 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4235.json | 218 ++++++++++++++++----------------- 2019/4xxx/CVE-2019-4241.json | 216 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6163.json | 187 ++++++++++++++-------------- 2019/6xxx/CVE-2019-6166.json | 187 ++++++++++++++-------------- 2019/6xxx/CVE-2019-6167.json | 187 ++++++++++++++-------------- 2019/6xxx/CVE-2019-6168.json | 187 ++++++++++++++-------------- 2019/6xxx/CVE-2019-6169.json | 187 ++++++++++++++-------------- 11 files changed, 1012 insertions(+), 1007 deletions(-) diff --git a/2019/11xxx/CVE-2019-11272.json b/2019/11xxx/CVE-2019-11272.json index cb78076c061..14a1648a29f 100644 --- a/2019/11xxx/CVE-2019-11272.json +++ b/2019/11xxx/CVE-2019-11272.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of “null”.\n" + "value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \u201cnull\u201d." } ] }, diff --git a/2019/4xxx/CVE-2019-4224.json b/2019/4xxx/CVE-2019-4224.json index 57fb21d6c70..84559fbec33 100644 --- a/2019/4xxx/CVE-2019-4224.json +++ b/2019/4xxx/CVE-2019-4224.json @@ -1,111 +1,111 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "S" : "U", - "PR" : "L", - "AV" : "N", - "C" : "L", - "UI" : "N", - "SCORE" : "6.300", - "I" : "L", - "AC" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4224", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-05-31T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "title" : "IBM Security Bulletin 885602 (PureApplication System)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-pure-cve20194224-sql-injection (159240)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "PureApplication System", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.3.0" - }, - { - "version_value" : "2.2.3.1" - }, - { - "version_value" : "2.2.3.2" - }, - { - "version_value" : "2.2.4.0" - }, - { - "version_value" : "2.2.5.0" - }, - { - "version_value" : "2.2.5.1" - }, - { - "version_value" : "2.2.5.2" - }, - { - "version_value" : "2.2.5.3" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "S": "U", + "PR": "L", + "AV": "N", + "C": "L", + "UI": "N", + "SCORE": "6.300", + "I": "L", + "AC": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" } - ] - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Data Manipulation", - "lang" : "eng" - } + } + }, + "description": { + "description_data": [ + { + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4224", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-pure-cve20194224-sql-injection (159240)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "PureApplication System", + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0" -} + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Data Manipulation", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4225.json b/2019/4xxx/CVE-2019-4225.json index ede80ba681f..5ab4dfea5bf 100644 --- a/2019/4xxx/CVE-2019-4225.json +++ b/2019/4xxx/CVE-2019-4225.json @@ -1,111 +1,111 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "title" : "IBM Security Bulletin 885602 (PureApplication System)", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242", - "name" : "ibm-pure-cve20194225-info-disc (159242)" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "PureApplication System", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.3.0" - }, - { - "version_value" : "2.2.3.1" - }, - { - "version_value" : "2.2.3.2" - }, - { - "version_value" : "2.2.4.0" - }, - { - "version_value" : "2.2.5.0" - }, - { - "version_value" : "2.2.5.1" - }, - { - "version_value" : "2.2.5.2" - }, - { - "version_value" : "2.2.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4225", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-05-31T00:00:00", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "UI" : "N", - "SCORE" : "4.400", - "I" : "N", - "AC" : "L", - "A" : "N", - "S" : "U", - "PR" : "H", - "AV" : "L", - "C" : "H" - } - } - } -} + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242", + "name": "ibm-pure-cve20194225-info-disc (159242)" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PureApplication System", + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2019-4225", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "UI": "N", + "SCORE": "4.400", + "I": "N", + "AC": "L", + "A": "N", + "S": "U", + "PR": "H", + "AV": "L", + "C": "H" + } + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4234.json b/2019/4xxx/CVE-2019-4234.json index 6732ebd734e..f6aa99811bb 100644 --- a/2019/4xxx/CVE-2019-4234.json +++ b/2019/4xxx/CVE-2019-4234.json @@ -1,111 +1,111 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.3.0" - }, - { - "version_value" : "2.2.3.1" - }, - { - "version_value" : "2.2.3.2" - }, - { - "version_value" : "2.2.4.0" - }, - { - "version_value" : "2.2.5.0" - }, - { - "version_value" : "2.2.5.1" - }, - { - "version_value" : "2.2.5.2" - }, - { - "version_value" : "2.2.5.3" - } - ] - }, - "product_name" : "PureApplication System" - } - ] - } + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "title" : "IBM Security Bulletin 885602 (PureApplication System)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416", - "name" : "ibm-pure-cve20194234-gain-access (159416)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-05-31T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4234" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "N", - "AV" : "N", - "S" : "U", - "PR" : "L", - "A" : "N", - "AC" : "L", - "I" : "L", - "UI" : "N", - "SCORE" : "4.300" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - } -} + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + }, + "product_name": "PureApplication System" + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416", + "name": "ibm-pure-cve20194234-gain-access (159416)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4234" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "C": "N", + "AV": "N", + "S": "U", + "PR": "L", + "A": "N", + "AC": "L", + "I": "L", + "UI": "N", + "SCORE": "4.300" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4235.json b/2019/4xxx/CVE-2019-4235.json index 5a989d8336c..f7981c842e7 100644 --- a/2019/4xxx/CVE-2019-4235.json +++ b/2019/4xxx/CVE-2019-4235.json @@ -1,111 +1,111 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "AC" : "H", - "I" : "N", - "UI" : "N", - "SCORE" : "5.900", - "C" : "H", - "AV" : "N", - "S" : "U", - "PR" : "N", - "A" : "N" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417." - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2019-4235", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-05-31T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "title" : "IBM Security Bulletin 885602 (PureApplication System)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-pure-cve20194235-info-disc (159417)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PureApplication System", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.3.0" - }, - { - "version_value" : "2.2.3.1" - }, - { - "version_value" : "2.2.3.2" - }, - { - "version_value" : "2.2.4.0" - }, - { - "version_value" : "2.2.5.0" - }, - { - "version_value" : "2.2.5.1" - }, - { - "version_value" : "2.2.5.2" - }, - { - "version_value" : "2.2.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "AC": "H", + "I": "N", + "UI": "N", + "SCORE": "5.900", + "C": "H", + "AV": "N", + "S": "U", + "PR": "N", + "A": "N" } - ] - } - } -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417." + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2019-4235", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "title": "IBM Security Bulletin 885602 (PureApplication System)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-pure-cve20194235-info-disc (159417)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PureApplication System", + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4241.json b/2019/4xxx/CVE-2019-4241.json index 73ad0d7b294..942895eba21 100644 --- a/2019/4xxx/CVE-2019-4241.json +++ b/2019/4xxx/CVE-2019-4241.json @@ -1,111 +1,111 @@ { - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-05-31T00:00:00", - "ID" : "CVE-2019-4241" - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 885602 (PureApplication System)", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467", - "name" : "ibm-pure-cve20194241-auth-bypass (159467)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ID": "CVE-2019-4241" + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.2.3.0" - }, - { - "version_value" : "2.2.3.1" - }, - { - "version_value" : "2.2.3.2" - }, - { - "version_value" : "2.2.4.0" - }, - { - "version_value" : "2.2.5.0" - }, - { - "version_value" : "2.2.5.1" - }, - { - "version_value" : "2.2.5.2" - }, - { - "version_value" : "2.2.5.3" - } - ] - }, - "product_name" : "PureApplication System" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "C" : "H", - "AV" : "L", - "S" : "U", - "PR" : "N", - "A" : "H", - "AC" : "L", - "I" : "H", - "UI" : "N", - "SCORE" : "8.400" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467." - } - ] - } -} + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 885602 (PureApplication System)", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467", + "name": "ibm-pure-cve20194241-auth-bypass (159467)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.2.3.0" + }, + { + "version_value": "2.2.3.1" + }, + { + "version_value": "2.2.3.2" + }, + { + "version_value": "2.2.4.0" + }, + { + "version_value": "2.2.5.0" + }, + { + "version_value": "2.2.5.1" + }, + { + "version_value": "2.2.5.2" + }, + { + "version_value": "2.2.5.3" + } + ] + }, + "product_name": "PureApplication System" + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "C": "H", + "AV": "L", + "S": "U", + "PR": "N", + "A": "H", + "AC": "L", + "I": "H", + "UI": "N", + "SCORE": "8.400" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6163.json b/2019/6xxx/CVE-2019-6163.json index 8a35726a948..b5027d76ccc 100644 --- a/2019/6xxx/CVE-2019-6163.json +++ b/2019/6xxx/CVE-2019-6163.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6163", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "System Update", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "5.07.0084" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "System Update", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.07.0084" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27348" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)." - } - ], - "source": { - "advisory": "LEN-27348", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27348", + "name": "https://support.lenovo.com/solutions/LEN-27348" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)." + } + ], + "source": { + "advisory": "LEN-27348", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6166.json b/2019/6xxx/CVE-2019-6166.json index b349e2973bd..7b6db584d9f 100644 --- a/2019/6xxx/CVE-2019-6166.json +++ b/2019/6xxx/CVE-2019-6166.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6166", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6167.json b/2019/6xxx/CVE-2019-6167.json index 411b76ad02d..261e48f4c5e 100644 --- a/2019/6xxx/CVE-2019-6167.json +++ b/2019/6xxx/CVE-2019-6167.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6167", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6168.json b/2019/6xxx/CVE-2019-6168.json index d8be6e25ee7..4877c601c77 100644 --- a/2019/6xxx/CVE-2019-6168.json +++ b/2019/6xxx/CVE-2019-6168.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6168", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6169.json b/2019/6xxx/CVE-2019-6169.json index 222ef866e40..e971ccd0eef 100644 --- a/2019/6xxx/CVE-2019-6169.json +++ b/2019/6xxx/CVE-2019-6169.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", - "ID": "CVE-2019-6169", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Bridge", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "4.1.0.1" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "unencrypted downloads over FTP" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", + "ID": "CVE-2019-6169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Bridge", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-27725" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." - } - ], - "source": { - "advisory": "LEN-27725", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unencrypted downloads over FTP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/solutions/LEN-27725", + "name": "https://support.lenovo.com/solutions/LEN-27725" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." + } + ], + "source": { + "advisory": "LEN-27725", + "discovery": "UNKNOWN" + } +} \ No newline at end of file From f22a1685a5a4dee63d4960c75c4bd7f1ff891ebe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2019 16:01:03 +0000 Subject: [PATCH 13/33] "-Synchronized-Data." --- 2016/3xxx/CVE-2016-3189.json | 5 ++ 2019/10xxx/CVE-2019-10164.json | 13 ++-- 2019/11xxx/CVE-2019-11583.json | 122 +++++++++++++++++---------------- 2019/12xxx/CVE-2019-12900.json | 5 ++ 4 files changed, 80 insertions(+), 65 deletions(-) diff --git a/2016/3xxx/CVE-2016-3189.json b/2016/3xxx/CVE-2016-3189.json index 3a75cba49fd..a606bfa892b 100644 --- a/2016/3xxx/CVE-2016-3189.json +++ b/2016/3xxx/CVE-2016-3189.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4038-2", + "url": "https://usn.ubuntu.com/4038-2/" } ] } diff --git a/2019/10xxx/CVE-2019-10164.json b/2019/10xxx/CVE-2019-10164.json index 8a7cc7dbd6c..1cd5578ee12 100644 --- a/2019/10xxx/CVE-2019-10164.json +++ b/2019/10xxx/CVE-2019-10164.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10164", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -46,13 +47,15 @@ }, "references": { "reference_data": [ - { - "url": "https://www.postgresql.org/about/news/1949/" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164", "refsource": "CONFIRM" + }, + { + "url": "https://www.postgresql.org/about/news/1949/", + "refsource": "MISC", + "name": "https://www.postgresql.org/about/news/1949/" } ] }, @@ -74,4 +77,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11583.json b/2019/11xxx/CVE-2019-11583.json index fdf1fd72a97..6b5906c893f 100644 --- a/2019/11xxx/CVE-2019-11583.json +++ b/2019/11xxx/CVE-2019-11583.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-06-24T00:00:00", - "ID": "CVE-2019-11583", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "8.1.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The issue searching component in Jira before version 8.1.0 allows remote attackers to \r\ndeny access to Jira service via denial of service vulnerability in issue search when ordering by \"Epic Name\"." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-06-24T00:00:00", + "ID": "CVE-2019-11583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "8.1.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JSWSERVER-20111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by \"Epic Name\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JSWSERVER-20111", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JSWSERVER-20111" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12900.json b/2019/12xxx/CVE-2019-12900.json index 4bfa18d4c0c..0ebc581c283 100644 --- a/2019/12xxx/CVE-2019-12900.json +++ b/2019/12xxx/CVE-2019-12900.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4038-2", + "url": "https://usn.ubuntu.com/4038-2/" } ] } From 3c3953d091ea1cb393915c6967a39613713ab768 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2019 18:01:00 +0000 Subject: [PATCH 14/33] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10300.json | 5 +++ 2018/10xxx/CVE-2018-10301.json | 5 +++ 2018/20xxx/CVE-2018-20845.json | 62 +++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20846.json | 62 +++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20847.json | 72 ++++++++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12973.json | 67 +++++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12974.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12975.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12976.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12977.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12978.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12979.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12980.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12981.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12982.json | 62 +++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12983.json | 67 +++++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12984.json | 67 +++++++++++++++++++++++++++++++ 2019/7xxx/CVE-2019-7839.json | 5 +++ 2019/9xxx/CVE-2019-9836.json | 5 +++ 19 files changed, 975 insertions(+) create mode 100644 2018/20xxx/CVE-2018-20845.json create mode 100644 2018/20xxx/CVE-2018-20846.json create mode 100644 2018/20xxx/CVE-2018-20847.json create mode 100644 2019/12xxx/CVE-2019-12973.json create mode 100644 2019/12xxx/CVE-2019-12974.json create mode 100644 2019/12xxx/CVE-2019-12975.json create mode 100644 2019/12xxx/CVE-2019-12976.json create mode 100644 2019/12xxx/CVE-2019-12977.json create mode 100644 2019/12xxx/CVE-2019-12978.json create mode 100644 2019/12xxx/CVE-2019-12979.json create mode 100644 2019/12xxx/CVE-2019-12980.json create mode 100644 2019/12xxx/CVE-2019-12981.json create mode 100644 2019/12xxx/CVE-2019-12982.json create mode 100644 2019/12xxx/CVE-2019-12983.json create mode 100644 2019/12xxx/CVE-2019-12984.json diff --git a/2018/10xxx/CVE-2018-10300.json b/2018/10xxx/CVE-2018-10300.json index 154b7b544fd..4b1fd701622 100644 --- a/2018/10xxx/CVE-2018-10300.json +++ b/2018/10xxx/CVE-2018-10300.json @@ -56,6 +56,11 @@ "name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", "refsource": "MISC", "url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9393", + "url": "https://wpvulndb.com/vulnerabilities/9393" } ] } diff --git a/2018/10xxx/CVE-2018-10301.json b/2018/10xxx/CVE-2018-10301.json index 1e4a42782e1..d8c404ab6b8 100644 --- a/2018/10xxx/CVE-2018-10301.json +++ b/2018/10xxx/CVE-2018-10301.json @@ -56,6 +56,11 @@ "name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", "refsource": "MISC", "url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9393", + "url": "https://wpvulndb.com/vulnerabilities/9393" } ] } diff --git a/2018/20xxx/CVE-2018-20845.json b/2018/20xxx/CVE-2018-20845.json new file mode 100644 index 00000000000..3aadedfcb26 --- /dev/null +++ b/2018/20xxx/CVE-2018-20845.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20846.json b/2018/20xxx/CVE-2018-20846.json new file mode 100644 index 00000000000..5027d33c32d --- /dev/null +++ b/2018/20xxx/CVE-2018-20846.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20847.json b/2018/20xxx/CVE-2018-20847.json new file mode 100644 index 00000000000..91acfc42b5c --- /dev/null +++ b/2018/20xxx/CVE-2018-20847.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845" + }, + { + "url": "https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949" + }, + { + "url": "https://github.com/uclouvain/openjpeg/issues/431", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/431" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12973.json b/2019/12xxx/CVE-2019-12973.json new file mode 100644 index 00000000000..c99b0f66686 --- /dev/null +++ b/2019/12xxx/CVE-2019-12973.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503" + }, + { + "url": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12974.json b/2019/12xxx/CVE-2019-12974.json new file mode 100644 index 00000000000..efd4c600452 --- /dev/null +++ b/2019/12xxx/CVE-2019-12974.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1515", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1515" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12975.json b/2019/12xxx/CVE-2019-12975.json new file mode 100644 index 00000000000..30b0dc457d7 --- /dev/null +++ b/2019/12xxx/CVE-2019-12975.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1517", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1517" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12976.json b/2019/12xxx/CVE-2019-12976.json new file mode 100644 index 00000000000..16e2521d6ec --- /dev/null +++ b/2019/12xxx/CVE-2019-12976.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1520", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1520" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12977.json b/2019/12xxx/CVE-2019-12977.json new file mode 100644 index 00000000000..5509ddaf2f9 --- /dev/null +++ b/2019/12xxx/CVE-2019-12977.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the WriteJP2Image function in coders/jp2.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1518", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1518" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12978.json b/2019/12xxx/CVE-2019-12978.json new file mode 100644 index 00000000000..c35d9b26e7e --- /dev/null +++ b/2019/12xxx/CVE-2019-12978.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the ReadPANGOImage function in coders/pango.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1519", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1519" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12979.json b/2019/12xxx/CVE-2019-12979.json new file mode 100644 index 00000000000..267aca823e9 --- /dev/null +++ b/2019/12xxx/CVE-2019-12979.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ImageMagick/ImageMagick/issues/1522", + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/1522" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12980.json b/2019/12xxx/CVE-2019-12980.json new file mode 100644 index 00000000000..0f14d00e203 --- /dev/null +++ b/2019/12xxx/CVE-2019-12980.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe", + "refsource": "MISC", + "name": "https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12981.json b/2019/12xxx/CVE-2019-12981.json new file mode 100644 index 00000000000..87391954f2e --- /dev/null +++ b/2019/12xxx/CVE-2019-12981.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ming (aka libming) 0.4.8 has an \"fill overflow\" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9", + "refsource": "MISC", + "name": "https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12982.json b/2019/12xxx/CVE-2019-12982.json new file mode 100644 index 00000000000..72078d4647c --- /dev/null +++ b/2019/12xxx/CVE-2019-12982.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9", + "refsource": "MISC", + "name": "https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12983.json b/2019/12xxx/CVE-2019-12983.json new file mode 100644 index 00000000000..05eb5a6a2c9 --- /dev/null +++ b/2019/12xxx/CVE-2019-12983.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel before 5.0.15, the function do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service, which is similar to CVE-2011-1079. The user would use an HIDPCONNADD command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15" + }, + { + "url": "https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12984.json b/2019/12xxx/CVE-2019-12984.json new file mode 100644 index 00000000000..f994d08b7a9 --- /dev/null +++ b/2019/12xxx/CVE-2019-12984.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7839.json b/2019/7xxx/CVE-2019-7839.json index 4f2074ce28f..4a1c21f5390 100644 --- a/2019/7xxx/CVE-2019-7839.json +++ b/2019/7xxx/CVE-2019-7839.json @@ -56,6 +56,11 @@ "refsource": "BUGTRAQ", "name": "20190626 [SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener", "url": "https://seclists.org/bugtraq/2019/Jun/38" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9836.json b/2019/9xxx/CVE-2019-9836.json index d55f983ea69..366e43dcb05 100644 --- a/2019/9xxx/CVE-2019-9836.json +++ b/2019/9xxx/CVE-2019-9836.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://www.amd.com/en/corporate/product-security", "url": "https://www.amd.com/en/corporate/product-security" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html", + "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html" } ] } From 1e37e35b1650a9217c941f80100896d03e743442 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2019 19:00:56 +0000 Subject: [PATCH 15/33] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5715.json | 5 ++++ 2017/5xxx/CVE-2017-5753.json | 5 ++++ 2017/5xxx/CVE-2017-5754.json | 5 ++++ 2018/12xxx/CVE-2018-12126.json | 5 ++++ 2018/12xxx/CVE-2018-12127.json | 5 ++++ 2018/12xxx/CVE-2018-12130.json | 5 ++++ 2019/10xxx/CVE-2019-10133.json | 5 ++-- 2019/10xxx/CVE-2019-10134.json | 5 ++-- 2019/10xxx/CVE-2019-10154.json | 5 ++-- 2019/11xxx/CVE-2019-11091.json | 5 ++++ 2019/1xxx/CVE-2019-1897.json | 5 ++++ 2019/1xxx/CVE-2019-1898.json | 5 ++++ 2019/1xxx/CVE-2019-1899.json | 5 ++++ 2019/9xxx/CVE-2019-9039.json | 53 ++++++++++++++++++++++++++++++++-- 14 files changed, 110 insertions(+), 8 deletions(-) diff --git a/2017/5xxx/CVE-2017-5715.json b/2017/5xxx/CVE-2017-5715.json index 97843875d7b..a0244a6b4ec 100644 --- a/2017/5xxx/CVE-2017-5715.json +++ b/2017/5xxx/CVE-2017-5715.json @@ -482,6 +482,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] } diff --git a/2017/5xxx/CVE-2017-5753.json b/2017/5xxx/CVE-2017-5753.json index 0343051d9c1..353bee4e489 100644 --- a/2017/5xxx/CVE-2017-5753.json +++ b/2017/5xxx/CVE-2017-5753.json @@ -372,6 +372,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] } diff --git a/2017/5xxx/CVE-2017-5754.json b/2017/5xxx/CVE-2017-5754.json index 2e944a10773..3a524f0555f 100644 --- a/2017/5xxx/CVE-2017-5754.json +++ b/2017/5xxx/CVE-2017-5754.json @@ -367,6 +367,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] } diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index f0c30e3c4b2..495dd468058 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index 9a9e75a41de..45ecf4c9c84 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 0a95c07454d..96a121fff22 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2019/10xxx/CVE-2019-10133.json b/2019/10xxx/CVE-2019-10133.json index 4ef3f2ce229..bcd5e06f668 100644 --- a/2019/10xxx/CVE-2019-10133.json +++ b/2019/10xxx/CVE-2019-10133.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10133", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10134.json b/2019/10xxx/CVE-2019-10134.json index 5796c29be65..d320eaeecf1 100644 --- a/2019/10xxx/CVE-2019-10134.json +++ b/2019/10xxx/CVE-2019-10134.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10134", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10154.json b/2019/10xxx/CVE-2019-10154.json index bd784800eed..2eb8d68c7d3 100644 --- a/2019/10xxx/CVE-2019-10154.json +++ b/2019/10xxx/CVE-2019-10154.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10154", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -76,4 +77,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index a36c1dd3c57..6e8a3cf3371 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "url": "https://seclists.org/bugtraq/2019/Jun/36" + }, + { + "refsource": "CONFIRM", + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" } ] }, diff --git a/2019/1xxx/CVE-2019-1897.json b/2019/1xxx/CVE-2019-1897.json index cc0808b89cb..e5e353c488c 100644 --- a/2019/1xxx/CVE-2019-1897.json +++ b/2019/1xxx/CVE-2019-1897.json @@ -73,6 +73,11 @@ "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos" }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-29", + "url": "https://www.tenable.com/security/research/tra-2019-29" + }, { "refsource": "BID", "name": "108848", diff --git a/2019/1xxx/CVE-2019-1898.json b/2019/1xxx/CVE-2019-1898.json index 440b86288af..4f0ef39ea29 100644 --- a/2019/1xxx/CVE-2019-1898.json +++ b/2019/1xxx/CVE-2019-1898.json @@ -73,6 +73,11 @@ "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess" }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-29", + "url": "https://www.tenable.com/security/research/tra-2019-29" + }, { "refsource": "BID", "name": "108865", diff --git a/2019/1xxx/CVE-2019-1899.json b/2019/1xxx/CVE-2019-1899.json index 8cba1ee5c0a..5005bc1c252 100644 --- a/2019/1xxx/CVE-2019-1899.json +++ b/2019/1xxx/CVE-2019-1899.json @@ -73,6 +73,11 @@ "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis" }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-29", + "url": "https://www.tenable.com/security/research/tra-2019-29" + }, { "refsource": "BID", "name": "108867", diff --git a/2019/9xxx/CVE-2019-9039.json b/2019/9xxx/CVE-2019-9039.json index befc6e7bf6c..988718e0fe3 100644 --- a/2019/9xxx/CVE-2019-9039.json +++ b/2019/9xxx/CVE-2019-9039.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9039", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters \u201cstartkey\u201d and \u201cendkey\u201d of the \u201c_all_docs\u201d endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.couchbase.com/sync-gateway/2.5/release-notes.html", + "url": "https://docs.couchbase.com/sync-gateway/2.5/release-notes.html" + }, + { + "refsource": "MISC", + "name": "https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039/", + "url": "https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039/" } ] } From a580bdea824f4776dff6fc5d2033ac238fdc251b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2019 21:00:51 +0000 Subject: [PATCH 16/33] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20843.json | 5 +++++ 2019/11xxx/CVE-2019-11372.json | 5 +++++ 2019/11xxx/CVE-2019-11373.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2018/20xxx/CVE-2018-20843.json b/2018/20xxx/CVE-2018-20843.json index 062cf1a11ad..f8fc3e09a62 100644 --- a/2018/20xxx/CVE-2018-20843.json +++ b/2018/20xxx/CVE-2018-20843.json @@ -76,6 +76,11 @@ "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226" + }, + { + "refsource": "UBUNTU", + "name": "USN-4040-1", + "url": "https://usn.ubuntu.com/4040-1/" } ] } diff --git a/2019/11xxx/CVE-2019-11372.json b/2019/11xxx/CVE-2019-11372.json index 5bbdb20d5f0..c7bf54a8b73 100644 --- a/2019/11xxx/CVE-2019-11372.json +++ b/2019/11xxx/CVE-2019-11372.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b7cf3236fb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJYASICJ2VUUNGHDBB62FGYQN2SNITM5/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1629", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00069.html" } ] } diff --git a/2019/11xxx/CVE-2019-11373.json b/2019/11xxx/CVE-2019-11373.json index db65c7213df..15fdfa739c1 100644 --- a/2019/11xxx/CVE-2019-11373.json +++ b/2019/11xxx/CVE-2019-11373.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b7cf3236fb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJYASICJ2VUUNGHDBB62FGYQN2SNITM5/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1629", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00069.html" } ] } From f90dd7ad70a675eebe84316072892733d4059f7b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2019 22:00:57 +0000 Subject: [PATCH 17/33] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15756.json | 10 ++++++++++ 2018/20xxx/CVE-2018-20843.json | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index ff31ac91c18..7b1de28f3c2 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -111,6 +111,16 @@ "refsource": "MLIST", "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2018/20xxx/CVE-2018-20843.json b/2018/20xxx/CVE-2018-20843.json index f8fc3e09a62..af41aaca0e8 100644 --- a/2018/20xxx/CVE-2018-20843.json +++ b/2018/20xxx/CVE-2018-20843.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4040-1", "url": "https://usn.ubuntu.com/4040-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4040-2", + "url": "https://usn.ubuntu.com/4040-2/" } ] } From d8f7a4e26217242fbf47c98c69717fc4a99f53ff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2019 23:00:52 +0000 Subject: [PATCH 18/33] "-Synchronized-Data." --- 2018/7xxx/CVE-2018-7587.json | 5 +++++ 2018/7xxx/CVE-2018-7588.json | 5 +++++ 2018/7xxx/CVE-2018-7589.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2018/7xxx/CVE-2018-7587.json b/2018/7xxx/CVE-2018-7587.json index 3a61f90f473..fe66d13612d 100644 --- a/2018/7xxx/CVE-2018-7587.json +++ b/2018/7xxx/CVE-2018-7587.json @@ -56,6 +56,11 @@ "name": "https://github.com/xiaoqx/pocs/tree/master/cimg", "refsource": "MISC", "url": "https://github.com/xiaoqx/pocs/tree/master/cimg" + }, + { + "refsource": "UBUNTU", + "name": "USN-4039-1", + "url": "https://usn.ubuntu.com/4039-1/" } ] } diff --git a/2018/7xxx/CVE-2018-7588.json b/2018/7xxx/CVE-2018-7588.json index c0d0ae10f91..a4f24ddb41b 100644 --- a/2018/7xxx/CVE-2018-7588.json +++ b/2018/7xxx/CVE-2018-7588.json @@ -61,6 +61,11 @@ "name": "https://github.com/xiaoqx/pocs/tree/master/cimg", "refsource": "MISC", "url": "https://github.com/xiaoqx/pocs/tree/master/cimg" + }, + { + "refsource": "UBUNTU", + "name": "USN-4039-1", + "url": "https://usn.ubuntu.com/4039-1/" } ] } diff --git a/2018/7xxx/CVE-2018-7589.json b/2018/7xxx/CVE-2018-7589.json index 5326c3b711c..c3d58aace3a 100644 --- a/2018/7xxx/CVE-2018-7589.json +++ b/2018/7xxx/CVE-2018-7589.json @@ -61,6 +61,11 @@ "name": "https://github.com/xiaoqx/pocs/tree/master/cimg", "refsource": "MISC", "url": "https://github.com/xiaoqx/pocs/tree/master/cimg" + }, + { + "refsource": "UBUNTU", + "name": "USN-4039-1", + "url": "https://usn.ubuntu.com/4039-1/" } ] } From 86b8c6346043b66c4466b2e4946fb85e0ef90680 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 00:00:51 +0000 Subject: [PATCH 19/33] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11477.json | 5 +++++ 2019/11xxx/CVE-2019-11478.json | 5 +++++ 2019/11xxx/CVE-2019-11479.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index fb673a82049..6735f4be86c 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -166,6 +166,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1602", "url": "https://access.redhat.com/errata/RHSA-2019:1602" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" } ] }, diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index a6577f8c6f9..dbdf24920aa 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -160,6 +160,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1602", "url": "https://access.redhat.com/errata/RHSA-2019:1602" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" } ] }, diff --git a/2019/11xxx/CVE-2019-11479.json b/2019/11xxx/CVE-2019-11479.json index 26a9d3b914d..d475fc4ed38 100644 --- a/2019/11xxx/CVE-2019-11479.json +++ b/2019/11xxx/CVE-2019-11479.json @@ -164,6 +164,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1602", "url": "https://access.redhat.com/errata/RHSA-2019:1602" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" } ] }, From 2acac653ca3c90dc1628820e584635c36af811e2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 01:00:57 +0000 Subject: [PATCH 20/33] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12983.json | 63 ++++------------------------------ 1 file changed, 7 insertions(+), 56 deletions(-) diff --git a/2019/12xxx/CVE-2019-12983.json b/2019/12xxx/CVE-2019-12983.json index 05eb5a6a2c9..4d32d15d9cc 100644 --- a/2019/12xxx/CVE-2019-12983.json +++ b/2019/12xxx/CVE-2019-12983.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-12983", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12983", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel before 5.0.15, the function do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service, which is similar to CVE-2011-1079. The user would use an HIDPCONNADD command." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15", - "refsource": "MISC", - "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15" - }, - { - "url": "https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11884. Reason: This candidate is a reservation duplicate of CVE-2019-11884. Notes: All CVE users should reference CVE-2019-11884 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } From c235c7b50fdbbabe3f690133836749895e3db643 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 02:00:50 +0000 Subject: [PATCH 21/33] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12985.json | 18 ++++++++++++++++++ 2019/12xxx/CVE-2019-12986.json | 18 ++++++++++++++++++ 2019/12xxx/CVE-2019-12987.json | 18 ++++++++++++++++++ 2019/12xxx/CVE-2019-12988.json | 18 ++++++++++++++++++ 2019/12xxx/CVE-2019-12989.json | 18 ++++++++++++++++++ 2019/12xxx/CVE-2019-12990.json | 18 ++++++++++++++++++ 2019/12xxx/CVE-2019-12991.json | 18 ++++++++++++++++++ 2019/12xxx/CVE-2019-12992.json | 18 ++++++++++++++++++ 8 files changed, 144 insertions(+) create mode 100644 2019/12xxx/CVE-2019-12985.json create mode 100644 2019/12xxx/CVE-2019-12986.json create mode 100644 2019/12xxx/CVE-2019-12987.json create mode 100644 2019/12xxx/CVE-2019-12988.json create mode 100644 2019/12xxx/CVE-2019-12989.json create mode 100644 2019/12xxx/CVE-2019-12990.json create mode 100644 2019/12xxx/CVE-2019-12991.json create mode 100644 2019/12xxx/CVE-2019-12992.json diff --git a/2019/12xxx/CVE-2019-12985.json b/2019/12xxx/CVE-2019-12985.json new file mode 100644 index 00000000000..5ccbeb8f5c0 --- /dev/null +++ b/2019/12xxx/CVE-2019-12985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12986.json b/2019/12xxx/CVE-2019-12986.json new file mode 100644 index 00000000000..69c85529ba1 --- /dev/null +++ b/2019/12xxx/CVE-2019-12986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12987.json b/2019/12xxx/CVE-2019-12987.json new file mode 100644 index 00000000000..5f0e9fc7e2b --- /dev/null +++ b/2019/12xxx/CVE-2019-12987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12988.json b/2019/12xxx/CVE-2019-12988.json new file mode 100644 index 00000000000..bbbab4669bf --- /dev/null +++ b/2019/12xxx/CVE-2019-12988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12989.json b/2019/12xxx/CVE-2019-12989.json new file mode 100644 index 00000000000..5797b8fdd43 --- /dev/null +++ b/2019/12xxx/CVE-2019-12989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12990.json b/2019/12xxx/CVE-2019-12990.json new file mode 100644 index 00000000000..93da49c6ba0 --- /dev/null +++ b/2019/12xxx/CVE-2019-12990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12991.json b/2019/12xxx/CVE-2019-12991.json new file mode 100644 index 00000000000..b0268e58826 --- /dev/null +++ b/2019/12xxx/CVE-2019-12991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12992.json b/2019/12xxx/CVE-2019-12992.json new file mode 100644 index 00000000000..555e3465873 --- /dev/null +++ b/2019/12xxx/CVE-2019-12992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 5ac9414b25c13210983e4e72102ae3bd95da3517 Mon Sep 17 00:00:00 2001 From: santosomar Date: Thu, 27 Jun 2019 02:59:51 +0000 Subject: [PATCH 22/33] Adding Cisco CVE-2019-1619 --- 2019/1xxx/CVE-2019-1619.json | 77 ++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 4 deletions(-) diff --git a/2019/1xxx/CVE-2019-1619.json b/2019/1xxx/CVE-2019-1619.json index 732e72acce3..1d5c5f4800a 100644 --- a/2019/1xxx/CVE-2019-1619.json +++ b/2019/1xxx/CVE-2019-1619.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1619", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Authentication Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.1(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-bypass" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-bypass", + "defect": [ + [ + "CSCvo64641" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From ee8d0194ad8a60f997ab1bd5a05f315f729e572e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 03:01:02 +0000 Subject: [PATCH 23/33] "-Synchronized-Data." --- 2019/1xxx/CVE-2019-1619.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2019/1xxx/CVE-2019-1619.json b/2019/1xxx/CVE-2019-1619.json index 1d5c5f4800a..2d59891a794 100644 --- a/2019/1xxx/CVE-2019-1619.json +++ b/2019/1xxx/CVE-2019-1619.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. " + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file From 7080e383dafc877ae6ebc408653cc800543b3cb6 Mon Sep 17 00:00:00 2001 From: santosomar Date: Thu, 27 Jun 2019 03:01:27 +0000 Subject: [PATCH 24/33] Adding Cisco CVE-2019-1620 --- 2019/1xxx/CVE-2019-1620.json | 77 ++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 4 deletions(-) diff --git a/2019/1xxx/CVE-2019-1620.json b/2019/1xxx/CVE-2019-1620.json index eca79a576f6..7793e562414 100644 --- a/2019/1xxx/CVE-2019-1620.json +++ b/2019/1xxx/CVE-2019-1620.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1620", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.2(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-codex", + "defect": [ + [ + "CSCvo64647" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 9f9efd2f5d94d6bdcc5d8a9d9625904379975958 Mon Sep 17 00:00:00 2001 From: santosomar Date: Thu, 27 Jun 2019 03:02:47 +0000 Subject: [PATCH 25/33] Adding Cisco CVE-2019-1621 --- 2019/1xxx/CVE-2019-1621.json | 77 ++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 4 deletions(-) diff --git a/2019/1xxx/CVE-2019-1621.json b/2019/1xxx/CVE-2019-1621.json index b9a7c41dd5f..1582af60dd6 100644 --- a/2019/1xxx/CVE-2019-1621.json +++ b/2019/1xxx/CVE-2019-1621.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1621", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Arbitrary File Download Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.2(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Arbitrary File Download Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-file-dwnld", + "defect": [ + [ + "CSCvo64651" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 0df41a325cfa42f5eda0d193815f59d4fd02ddf9 Mon Sep 17 00:00:00 2001 From: santosomar Date: Thu, 27 Jun 2019 03:04:26 +0000 Subject: [PATCH 26/33] Adding Cisco CVE-2019-1622 --- 2019/1xxx/CVE-2019-1622.json | 77 ++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 4 deletions(-) diff --git a/2019/1xxx/CVE-2019-1622.json b/2019/1xxx/CVE-2019-1622.json index c0102eea4e4..96c4640892f 100644 --- a/2019/1xxx/CVE-2019-1622.json +++ b/2019/1xxx/CVE-2019-1622.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-06-26T16:00:00-0700", "ID": "CVE-2019-1622", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Network Manager Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.2(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190626 Cisco Data Center Network Manager Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-infodiscl" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190626-dcnm-infodiscl", + "defect": [ + [ + "CSCvo64654" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 1ca4fb97bb005a5f96decd9988587b5fbf068f80 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 04:01:06 +0000 Subject: [PATCH 27/33] "-Synchronized-Data." --- 2019/1xxx/CVE-2019-1620.json | 4 ++-- 2019/1xxx/CVE-2019-1621.json | 4 ++-- 2019/1xxx/CVE-2019-1622.json | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/2019/1xxx/CVE-2019-1620.json b/2019/1xxx/CVE-2019-1620.json index 7793e562414..c8f025b94d0 100644 --- a/2019/1xxx/CVE-2019-1620.json +++ b/2019/1xxx/CVE-2019-1620.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device. " + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1621.json b/2019/1xxx/CVE-2019-1621.json index 1582af60dd6..a77b4b38ec4 100644 --- a/2019/1xxx/CVE-2019-1621.json +++ b/2019/1xxx/CVE-2019-1621.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. " + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1622.json b/2019/1xxx/CVE-2019-1622.json index 96c4640892f..872320e2fb9 100644 --- a/2019/1xxx/CVE-2019-1622.json +++ b/2019/1xxx/CVE-2019-1622.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device. " + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file From 3174a5593c87e3c291d78744bdcd62f11430aabb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 08:00:51 +0000 Subject: [PATCH 28/33] "-Synchronized-Data." --- 2018/1xxx/CVE-2018-1858.json | 5 +++++ 2019/4xxx/CVE-2019-4384.json | 5 +++++ 2019/4xxx/CVE-2019-4385.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2018/1xxx/CVE-2018-1858.json b/2018/1xxx/CVE-2018-1858.json index d1e5eb649c4..edbcffb61ca 100644 --- a/2018/1xxx/CVE-2018-1858.json +++ b/2018/1xxx/CVE-2018-1858.json @@ -87,6 +87,11 @@ "name": "ibm-api-cve20181858-csrf (151256)", "title": "X-Force Vulnerability Report", "refsource": "XF" + }, + { + "refsource": "BID", + "name": "108898", + "url": "http://www.securityfocus.com/bid/108898" } ] } diff --git a/2019/4xxx/CVE-2019-4384.json b/2019/4xxx/CVE-2019-4384.json index 98db8b946ab..39f945c2273 100644 --- a/2019/4xxx/CVE-2019-4384.json +++ b/2019/4xxx/CVE-2019-4384.json @@ -12,6 +12,11 @@ "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162172" + }, + { + "refsource": "BID", + "name": "108896", + "url": "http://www.securityfocus.com/bid/108896" } ] }, diff --git a/2019/4xxx/CVE-2019-4385.json b/2019/4xxx/CVE-2019-4385.json index c189c0f0e47..40d147afe22 100644 --- a/2019/4xxx/CVE-2019-4385.json +++ b/2019/4xxx/CVE-2019-4385.json @@ -20,6 +20,11 @@ "title": "X-Force Vulnerability Report", "name": "ibm-spectrum-cve20194385-info-disc (162173)", "refsource": "XF" + }, + { + "refsource": "BID", + "name": "108899", + "url": "http://www.securityfocus.com/bid/108899" } ] }, From 8b3cb37a5e4c4bc1f51a546b8d564ec86ad16f50 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 09:00:50 +0000 Subject: [PATCH 29/33] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11583.json | 5 +++++ 2019/12xxx/CVE-2019-12735.json | 5 +++++ 2019/12xxx/CVE-2019-12972.json | 5 +++++ 2019/12xxx/CVE-2019-12973.json | 5 +++++ 2019/1xxx/CVE-2019-1619.json | 5 +++++ 2019/1xxx/CVE-2019-1621.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2019/11xxx/CVE-2019-11583.json b/2019/11xxx/CVE-2019-11583.json index 6b5906c893f..c424680136d 100644 --- a/2019/11xxx/CVE-2019-11583.json +++ b/2019/11xxx/CVE-2019-11583.json @@ -58,6 +58,11 @@ "url": "https://jira.atlassian.com/browse/JSWSERVER-20111", "refsource": "MISC", "name": "https://jira.atlassian.com/browse/JSWSERVER-20111" + }, + { + "refsource": "BID", + "name": "108901", + "url": "http://www.securityfocus.com/bid/108901" } ] } diff --git a/2019/12xxx/CVE-2019-12735.json b/2019/12xxx/CVE-2019-12735.json index 8319792dc20..50ab3bd16cb 100644 --- a/2019/12xxx/CVE-2019-12735.json +++ b/2019/12xxx/CVE-2019-12735.json @@ -131,6 +131,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K93144355", "url": "https://support.f5.com/csp/article/K93144355" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1619", + "url": "https://access.redhat.com/errata/RHSA-2019:1619" } ] } diff --git a/2019/12xxx/CVE-2019-12972.json b/2019/12xxx/CVE-2019-12972.json index dad5f19bea0..6575cea2199 100644 --- a/2019/12xxx/CVE-2019-12972.json +++ b/2019/12xxx/CVE-2019-12972.json @@ -61,6 +61,11 @@ "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031", "refsource": "MISC", "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031" + }, + { + "refsource": "BID", + "name": "108903", + "url": "http://www.securityfocus.com/bid/108903" } ] } diff --git a/2019/12xxx/CVE-2019-12973.json b/2019/12xxx/CVE-2019-12973.json index c99b0f66686..116fd432ece 100644 --- a/2019/12xxx/CVE-2019-12973.json +++ b/2019/12xxx/CVE-2019-12973.json @@ -61,6 +61,11 @@ "url": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3", "refsource": "MISC", "name": "https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3" + }, + { + "refsource": "BID", + "name": "108900", + "url": "http://www.securityfocus.com/bid/108900" } ] } diff --git a/2019/1xxx/CVE-2019-1619.json b/2019/1xxx/CVE-2019-1619.json index 2d59891a794..68cf348af47 100644 --- a/2019/1xxx/CVE-2019-1619.json +++ b/2019/1xxx/CVE-2019-1619.json @@ -72,6 +72,11 @@ "name": "20190626 Cisco Data Center Network Manager Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-bypass" + }, + { + "refsource": "BID", + "name": "108902", + "url": "http://www.securityfocus.com/bid/108902" } ] }, diff --git a/2019/1xxx/CVE-2019-1621.json b/2019/1xxx/CVE-2019-1621.json index a77b4b38ec4..03363c48fe0 100644 --- a/2019/1xxx/CVE-2019-1621.json +++ b/2019/1xxx/CVE-2019-1621.json @@ -72,6 +72,11 @@ "name": "20190626 Cisco Data Center Network Manager Arbitrary File Download Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld" + }, + { + "refsource": "BID", + "name": "108904", + "url": "http://www.securityfocus.com/bid/108904" } ] }, From 1472f873c46b77e914c76449090c2953a47b437a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 10:00:53 +0000 Subject: [PATCH 30/33] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12984.json | 5 +++++ 2019/1xxx/CVE-2019-1620.json | 5 +++++ 2019/1xxx/CVE-2019-1622.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2019/12xxx/CVE-2019-12984.json b/2019/12xxx/CVE-2019-12984.json index f994d08b7a9..64fae0f5cb0 100644 --- a/2019/12xxx/CVE-2019-12984.json +++ b/2019/12xxx/CVE-2019-12984.json @@ -61,6 +61,11 @@ "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13", "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13" + }, + { + "refsource": "BID", + "name": "108905", + "url": "http://www.securityfocus.com/bid/108905" } ] } diff --git a/2019/1xxx/CVE-2019-1620.json b/2019/1xxx/CVE-2019-1620.json index c8f025b94d0..e8341b9a4e7 100644 --- a/2019/1xxx/CVE-2019-1620.json +++ b/2019/1xxx/CVE-2019-1620.json @@ -72,6 +72,11 @@ "name": "20190626 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex" + }, + { + "refsource": "BID", + "name": "108906", + "url": "http://www.securityfocus.com/bid/108906" } ] }, diff --git a/2019/1xxx/CVE-2019-1622.json b/2019/1xxx/CVE-2019-1622.json index 872320e2fb9..af6dc096b79 100644 --- a/2019/1xxx/CVE-2019-1622.json +++ b/2019/1xxx/CVE-2019-1622.json @@ -72,6 +72,11 @@ "name": "20190626 Cisco Data Center Network Manager Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-infodiscl" + }, + { + "refsource": "BID", + "name": "108908", + "url": "http://www.securityfocus.com/bid/108908" } ] }, From ca04764ee1aeeeee41ec1778d47db96137eb2bac Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 11:00:51 +0000 Subject: [PATCH 31/33] "-Synchronized-Data." --- 2018/2xxx/CVE-2018-2011.json | 5 +++++ 2018/2xxx/CVE-2018-2013.json | 5 +++++ 2019/12xxx/CVE-2019-12346.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2018/2xxx/CVE-2018-2011.json b/2018/2xxx/CVE-2018-2011.json index 3fe06af8c3f..df801d2541b 100644 --- a/2018/2xxx/CVE-2018-2011.json +++ b/2018/2xxx/CVE-2018-2011.json @@ -21,6 +21,11 @@ "name": "ibm-api-cve20182011-info-disc (155150)", "title": "X-Force Vulnerability Report", "refsource": "XF" + }, + { + "refsource": "BID", + "name": "108907", + "url": "http://www.securityfocus.com/bid/108907" } ] }, diff --git a/2018/2xxx/CVE-2018-2013.json b/2018/2xxx/CVE-2018-2013.json index d6d5000ff94..b6b02a3d73a 100644 --- a/2018/2xxx/CVE-2018-2013.json +++ b/2018/2xxx/CVE-2018-2013.json @@ -79,6 +79,11 @@ "name": "ibm-api-cve20182013-info-disc (155193)", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155193" + }, + { + "refsource": "BID", + "name": "108907", + "url": "http://www.securityfocus.com/bid/108907" } ] }, diff --git a/2019/12xxx/CVE-2019-12346.json b/2019/12xxx/CVE-2019-12346.json index 5dea0771aa9..db22bb5b7f9 100644 --- a/2019/12xxx/CVE-2019-12346.json +++ b/2019/12xxx/CVE-2019-12346.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss/", "url": "https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss/" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9397", + "url": "https://wpvulndb.com/vulnerabilities/9397" } ] } From 0361e7dd8f0aa57887683ee9e1bb436e224768b2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 12:00:56 +0000 Subject: [PATCH 32/33] "-Synchronized-Data." --- 2018/12xxx/CVE-2018-12648.json | 10 ++++++++++ 2018/16xxx/CVE-2018-16837.json | 5 +++++ 2018/16xxx/CVE-2018-16859.json | 5 +++++ 2018/16xxx/CVE-2018-16876.json | 5 +++++ 2019/12xxx/CVE-2019-12450.json | 5 +++++ 2019/1xxx/CVE-2019-1559.json | 5 +++++ 2019/3xxx/CVE-2019-3828.json | 5 +++++ 2019/3xxx/CVE-2019-3860.json | 5 +++++ 2019/7xxx/CVE-2019-7637.json | 10 ++++++++++ 2019/8xxx/CVE-2019-8457.json | 5 +++++ 2019/9xxx/CVE-2019-9928.json | 10 ++++++++++ 11 files changed, 70 insertions(+) diff --git a/2018/12xxx/CVE-2018-12648.json b/2018/12xxx/CVE-2018-12648.json index 58415264a6d..6087fec5e0c 100644 --- a/2018/12xxx/CVE-2018-12648.json +++ b/2018/12xxx/CVE-2018-12648.json @@ -56,6 +56,16 @@ "name": "https://bugs.freedesktop.org/show_bug.cgi?id=106981", "refsource": "MISC", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=106981" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1657", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00070.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1649", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00075.html" } ] } diff --git a/2018/16xxx/CVE-2018-16837.json b/2018/16xxx/CVE-2018-16837.json index f4dc2620ee9..64f6b2d2375 100644 --- a/2018/16xxx/CVE-2018-16837.json +++ b/2018/16xxx/CVE-2018-16837.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] } diff --git a/2018/16xxx/CVE-2018-16859.json b/2018/16xxx/CVE-2018-16859.json index ceffba748ed..fbe7480c76c 100644 --- a/2018/16xxx/CVE-2018-16859.json +++ b/2018/16xxx/CVE-2018-16859.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] } diff --git a/2018/16xxx/CVE-2018-16876.json b/2018/16xxx/CVE-2018-16876.json index 8735f67708c..ff8379444bd 100644 --- a/2018/16xxx/CVE-2018-16876.json +++ b/2018/16xxx/CVE-2018-16876.json @@ -122,6 +122,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] } diff --git a/2019/12xxx/CVE-2019-12450.json b/2019/12xxx/CVE-2019-12450.json index 7783f2c0103..a3f638778fc 100644 --- a/2019/12xxx/CVE-2019-12450.json +++ b/2019/12xxx/CVE-2019-12450.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1650", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html" } ] } diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index 34665a47e99..0f4260ba8e8 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -166,6 +166,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1432", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1637", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" } ] } diff --git a/2019/3xxx/CVE-2019-3828.json b/2019/3xxx/CVE-2019-3828.json index b3c502b9f0f..bbf083d11cd 100644 --- a/2019/3xxx/CVE-2019-3828.json +++ b/2019/3xxx/CVE-2019-3828.json @@ -64,6 +64,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1125", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3860.json b/2019/3xxx/CVE-2019-3860.json index 91a0d2d3b51..eb1067a26a1 100644 --- a/2019/3xxx/CVE-2019-3860.json +++ b/2019/3xxx/CVE-2019-3860.json @@ -88,6 +88,11 @@ "refsource": "BUGTRAQ", "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update", "url": "https://seclists.org/bugtraq/2019/Apr/25" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1640", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html" } ] }, diff --git a/2019/7xxx/CVE-2019-7637.json b/2019/7xxx/CVE-2019-7637.json index 4fc57f31acc..72f847e2aac 100644 --- a/2019/7xxx/CVE-2019-7637.json +++ b/2019/7xxx/CVE-2019-7637.json @@ -86,6 +86,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1261", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1632", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1633", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html" } ] } diff --git a/2019/8xxx/CVE-2019-8457.json b/2019/8xxx/CVE-2019-8457.json index b5bc2dc3665..82b1e86c727 100644 --- a/2019/8xxx/CVE-2019-8457.json +++ b/2019/8xxx/CVE-2019-8457.json @@ -78,6 +78,11 @@ "refsource": "UBUNTU", "name": "USN-4019-2", "url": "https://usn.ubuntu.com/4019-2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1645", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9928.json b/2019/9xxx/CVE-2019-9928.json index 2e775254770..06535676cc0 100644 --- a/2019/9xxx/CVE-2019-9928.json +++ b/2019/9xxx/CVE-2019-9928.json @@ -86,6 +86,16 @@ "refsource": "DEBIAN", "name": "DSA-4437", "url": "https://www.debian.org/security/2019/dsa-4437" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1638", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00082.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1639", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html" } ] } From 75f35f43f1724a015c2a01d623bbbf159ec0558c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2019 13:00:52 +0000 Subject: [PATCH 33/33] "-Synchronized-Data." --- 2019/4xxx/CVE-2019-4364.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/4xxx/CVE-2019-4364.json b/2019/4xxx/CVE-2019-4364.json index 589aa65a586..6b498a46e8c 100644 --- a/2019/4xxx/CVE-2019-4364.json +++ b/2019/4xxx/CVE-2019-4364.json @@ -33,6 +33,11 @@ "refsource": "XF", "name": "ibm-maximo-cve20194364-code-exec (161680)", "title": "X-Force Vulnerability Report" + }, + { + "refsource": "BID", + "name": "108910", + "url": "http://www.securityfocus.com/bid/108910" } ] },