diff --git a/2019/17xxx/CVE-2019-17540.json b/2019/17xxx/CVE-2019-17540.json index bc0afc6225e..86b1e47ba54 100644 --- a/2019/17xxx/CVE-2019-17540.json +++ b/2019/17xxx/CVE-2019-17540.json @@ -53,9 +53,9 @@ "references": { "reference_data": [ { - "url": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-16%7D", + "url": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54", "refsource": "MISC", - "name": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-16%7D" + "name": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54" }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826", @@ -63,14 +63,19 @@ "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826" }, { - "refsource": "SECTRACK", - "name": "Security Tracker", + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2019-17540", "url": "https://security-tracker.debian.org/tracker/CVE-2019-17540" }, { "refsource": "MISC", - "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578", - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578" + "name": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-17%7D", + "url": "https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-17%7D" } ] } diff --git a/2019/4xxx/CVE-2019-4397.json b/2019/4xxx/CVE-2019-4397.json index ac56038a479..db185129393 100644 --- a/2019/4xxx/CVE-2019-4397.json +++ b/2019/4xxx/CVE-2019-4397.json @@ -1,135 +1,135 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AC" : "H", - "UI" : "N", - "S" : "U", - "PR" : "L", - "C" : "H", - "A" : "N", - "SCORE" : "5.300", - "I" : "N", - "AV" : "N" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ID" : "CVE-2019-4397", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "AC": "H", + "UI": "N", + "S": "U", + "PR": "L", + "C": "H", + "A": "N", + "SCORE": "5.300", + "I": "N", + "AV": "N" } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1077147", - "title" : "IBM Security Bulletin 1077147 (Cloud Orchestrator)", - "name" : "https://www.ibm.com/support/pages/node/1077147" - }, - { - "name" : "ibm-co-cve20194397-info-disc (162239)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239", - "refsource" : "XF" - } - ] - } -} + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ID": "CVE-2019-4397", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1077147", + "title": "IBM Security Bulletin 1077147 (Cloud Orchestrator)", + "name": "https://www.ibm.com/support/pages/node/1077147" + }, + { + "name": "ibm-co-cve20194397-info-disc (162239)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239", + "refsource": "XF" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4398.json b/2019/4xxx/CVE-2019-4398.json index e3438efd0cc..bfe1c48bfe1 100644 --- a/2019/4xxx/CVE-2019-4398.json +++ b/2019/4xxx/CVE-2019-4398.json @@ -1,135 +1,135 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "AV" : "L", - "A" : "N", - "SCORE" : "4.000", - "C" : "L", - "S" : "U", - "PR" : "N", - "AC" : "L", - "UI" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Orchestrator", - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "AV": "L", + "A": "N", + "SCORE": "4.000", + "C": "L", + "S": "U", + "PR": "N", + "AC": "L", + "UI": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259." - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 1077123 (Cloud Orchestrator)", - "url" : "https://www.ibm.com/support/pages/node/1077123", - "name" : "https://www.ibm.com/support/pages/node/1077123" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162259", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-co-cve20194398-info-disc (162259)" - } - ] - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Orchestrator", + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4398" - } -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1077123 (Cloud Orchestrator)", + "url": "https://www.ibm.com/support/pages/node/1077123", + "name": "https://www.ibm.com/support/pages/node/1077123" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162259", + "title": "X-Force Vulnerability Report", + "name": "ibm-co-cve20194398-info-disc (162259)" + } + ] + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4398" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4459.json b/2019/4xxx/CVE-2019-4459.json index 47eb4b0ec38..4e5ce7e356d 100644 --- a/2019/4xxx/CVE-2019-4459.json +++ b/2019/4xxx/CVE-2019-4459.json @@ -1,135 +1,135 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "AC" : "L", - "UI" : "R", - "C" : "L", - "PR" : "L", - "S" : "C", - "A" : "N", - "SCORE" : "5.400", - "I" : "L", - "AV" : "N" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.4" - }, - { - "version_value" : "2.4.0.1" - }, - { - "version_value" : "2.4.0.2" - }, - { - "version_value" : "2.5" - }, - { - "version_value" : "2.5.0.1" - }, - { - "version_value" : "2.4.0.3" - }, - { - "version_value" : "2.5.0.2" - }, - { - "version_value" : "2.4.0.4" - }, - { - "version_value" : "2.5.0.3" - }, - { - "version_value" : "2.5.0.4" - }, - { - "version_value" : "2.4.0.5" - }, - { - "version_value" : "2.5.0.5" - }, - { - "version_value" : "2.5.0.6" - }, - { - "version_value" : "2.5.0.7" - }, - { - "version_value" : "2.5.0.8" - }, - { - "version_value" : "2.5.0.9" - } - ] - }, - "product_name" : "Cloud Orchestrator" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + }, + "BM": { + "AC": "L", + "UI": "R", + "C": "L", + "PR": "L", + "S": "C", + "A": "N", + "SCORE": "5.400", + "I": "L", + "AV": "N" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656." - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1096342", - "url" : "https://www.ibm.com/support/pages/node/1096342", - "title" : "IBM Security Bulletin 1096342 (Cloud Orchestrator)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-co-cve20194459-xss (163656)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/163656", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-4459", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-23T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.4" + }, + { + "version_value": "2.4.0.1" + }, + { + "version_value": "2.4.0.2" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.5.0.1" + }, + { + "version_value": "2.4.0.3" + }, + { + "version_value": "2.5.0.2" + }, + { + "version_value": "2.4.0.4" + }, + { + "version_value": "2.5.0.3" + }, + { + "version_value": "2.5.0.4" + }, + { + "version_value": "2.4.0.5" + }, + { + "version_value": "2.5.0.5" + }, + { + "version_value": "2.5.0.6" + }, + { + "version_value": "2.5.0.7" + }, + { + "version_value": "2.5.0.8" + }, + { + "version_value": "2.5.0.9" + } + ] + }, + "product_name": "Cloud Orchestrator" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656." + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1096342", + "url": "https://www.ibm.com/support/pages/node/1096342", + "title": "IBM Security Bulletin 1096342 (Cloud Orchestrator)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-co-cve20194459-xss (163656)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163656", + "refsource": "XF" + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4459", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-23T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4486.json b/2019/4xxx/CVE-2019-4486.json index 9f4194382cd..013d9640834 100644 --- a/2019/4xxx/CVE-2019-4486.json +++ b/2019/4xxx/CVE-2019-4486.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4486", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-10-22T00:00:00" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6" - } - ] - } - } - ] - } + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/1075023", - "title" : "IBM Security Bulletin 1075023 (Maximo Asset Management)", - "url" : "https://www.ibm.com/support/pages/node/1075023", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-maximo-cve20194486-xss (164070)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "R", - "AC" : "L", - "C" : "L", - "S" : "C", - "PR" : "L", - "SCORE" : "5.400", - "A" : "N", - "AV" : "N", - "I" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "H" - } - } - } -} + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4486", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-10-22T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1075023", + "title": "IBM Security Bulletin 1075023 (Maximo Asset Management)", + "url": "https://www.ibm.com/support/pages/node/1075023", + "refsource": "CONFIRM" + }, + { + "name": "ibm-maximo-cve20194486-xss (164070)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "UI": "R", + "AC": "L", + "C": "L", + "S": "C", + "PR": "L", + "SCORE": "5.400", + "A": "N", + "AV": "N", + "I": "L" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "H" + } + } + } +} \ No newline at end of file