diff --git a/2019/0xxx/CVE-2019-0211.json b/2019/0xxx/CVE-2019-0211.json index 765b40353f7..3e7225d6b0d 100644 --- a/2019/0xxx/CVE-2019-0211.json +++ b/2019/0xxx/CVE-2019-0211.json @@ -143,6 +143,11 @@ "refsource": "MLIST", "name": "[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x?", "url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K32957101", + "url": "https://support.f5.com/csp/article/K32957101" } ] }, diff --git a/2019/0xxx/CVE-2019-0215.json b/2019/0xxx/CVE-2019-0215.json index b74d54d3b31..4bdb24fc698 100644 --- a/2019/0xxx/CVE-2019-0215.json +++ b/2019/0xxx/CVE-2019-0215.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K59440504", + "url": "https://support.f5.com/csp/article/K59440504" } ] }, diff --git a/2019/11xxx/CVE-2019-11185.json b/2019/11xxx/CVE-2019-11185.json new file mode 100644 index 00000000000..5bfd5aa1ae4 --- /dev/null +++ b/2019/11xxx/CVE-2019-11185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11186.json b/2019/11xxx/CVE-2019-11186.json new file mode 100644 index 00000000000..e6d2c687ea0 --- /dev/null +++ b/2019/11xxx/CVE-2019-11186.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11186", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11187.json b/2019/11xxx/CVE-2019-11187.json new file mode 100644 index 00000000000..f8cb1de102f --- /dev/null +++ b/2019/11xxx/CVE-2019-11187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5715.json b/2019/5xxx/CVE-2019-5715.json index 957cffea292..fdb01780762 100644 --- a/2019/5xxx/CVE-2019-5715.json +++ b/2019/5xxx/CVE-2019-5715.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-5715", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/ss-2018-021" + }, + { + "url": "https://www.silverstripe.org/download/security-releases/", + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/" } ] } diff --git a/2019/6xxx/CVE-2019-6713.json b/2019/6xxx/CVE-2019-6713.json index 5f35638a05f..861d4ea6b81 100644 --- a/2019/6xxx/CVE-2019-6713.json +++ b/2019/6xxx/CVE-2019-6713.json @@ -56,6 +56,11 @@ "name": "http://www.ttk7.cn/post-108.html", "refsource": "MISC", "url": "http://www.ttk7.cn/post-108.html" + }, + { + "refsource": "MISC", + "name": "https://www.thinkcmf.com/download.html", + "url": "https://www.thinkcmf.com/download.html" } ] } diff --git a/2019/7xxx/CVE-2019-7219.json b/2019/7xxx/CVE-2019-7219.json index ae53b0576f0..48ad89445ad 100644 --- a/2019/7xxx/CVE-2019-7219.json +++ b/2019/7xxx/CVE-2019-7219.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7219", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa WebAccess 7.2.0-48204. NOTE: this is a discontinued product. The issue was fixed in later Zarafa WebAccess versions; however, some former Zarafa WebAccess customers use the related Kopano product instead." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://stash.kopano.io/repos?visibility=public", + "refsource": "MISC", + "name": "https://stash.kopano.io/repos?visibility=public" + }, + { + "refsource": "MISC", + "name": "https://github.com/verifysecurity/CVE-2019-7219", + "url": "https://github.com/verifysecurity/CVE-2019-7219" } ] } diff --git a/2019/9xxx/CVE-2019-9733.json b/2019/9xxx/CVE-2019-9733.json index 82ba1f00922..985431f2fbb 100644 --- a/2019/9xxx/CVE-2019-9733.json +++ b/2019/9xxx/CVE-2019-9733.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9733", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152172/JFrog-Artifactory-Administrator-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/152172/JFrog-Artifactory-Administrator-Authentication-Bypass.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ciphertechs.com/jfrog-artifactory-advisory/", + "url": "https://www.ciphertechs.com/jfrog-artifactory-advisory/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.8.6", + "url": "https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.8.6" } ] } diff --git a/2019/9xxx/CVE-2019-9974.json b/2019/9xxx/CVE-2019-9974.json index 519ccfd0149..027b001f316 100644 --- a/2019/9xxx/CVE-2019-9974.json +++ b/2019/9xxx/CVE-2019-9974.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9974", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9974", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190326 Multiple vulnerabilities in DASAN H660RM GPON router firmware", + "url": "https://seclists.org/bugtraq/2019/Mar/41" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.html", + "url": "http://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.html" + }, + { + "refsource": "MISC", + "name": "https://blog.burghardt.pl/2019/03/diag_tool-cgi-on-dasan-h660rm-devices-with-firmware-1-03-0022-allows-spawning-ping-processes-without-any-authorization-leading-to-information-disclosure-and-dos-attacks/", + "url": "https://blog.burghardt.pl/2019/03/diag_tool-cgi-on-dasan-h660rm-devices-with-firmware-1-03-0022-allows-spawning-ping-processes-without-any-authorization-leading-to-information-disclosure-and-dos-attacks/" } ] } diff --git a/2019/9xxx/CVE-2019-9975.json b/2019/9xxx/CVE-2019-9975.json index d231b8c7197..8552049e17b 100644 --- a/2019/9xxx/CVE-2019-9975.json +++ b/2019/9xxx/CVE-2019-9975.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9975", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9975", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190326 Multiple vulnerabilities in DASAN H660RM GPON router firmware", + "url": "https://seclists.org/bugtraq/2019/Mar/41" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.html", + "url": "http://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.html" + }, + { + "refsource": "MISC", + "name": "https://blog.burghardt.pl/2019/03/syslog_tool-cgi-on-dasan-h660rm-devices-with-firmware-1-03-0022-uses-a-hard-coded-key-for-logs-encryption/", + "url": "https://blog.burghardt.pl/2019/03/syslog_tool-cgi-on-dasan-h660rm-devices-with-firmware-1-03-0022-uses-a-hard-coded-key-for-logs-encryption/" } ] } diff --git a/2019/9xxx/CVE-2019-9976.json b/2019/9xxx/CVE-2019-9976.json index 5251c6f3e1e..d7fdba05964 100644 --- a/2019/9xxx/CVE-2019-9976.json +++ b/2019/9xxx/CVE-2019-9976.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9976", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9976", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.burghardt.pl/2019/03/boa-webserver-on-dasan-h660rm-devices-with-firmware-1-03-0022-saves-post-data-including-credentials-to-tmp-boa-temp/", + "url": "https://blog.burghardt.pl/2019/03/boa-webserver-on-dasan-h660rm-devices-with-firmware-1-03-0022-saves-post-data-including-credentials-to-tmp-boa-temp/" } ] }