diff --git a/2017/18xxx/CVE-2017-18105.json b/2017/18xxx/CVE-2017-18105.json index 8b122bf998d..34793cee87e 100644 --- a/2017/18xxx/CVE-2017-18105.json +++ b/2017/18xxx/CVE-2017-18105.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-03-23T00:00:00", - "ID": "CVE-2017-18105", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crowd", - "version": { - "version_data": [ - { - "version_value": "3.0.2", - "version_affected": "<" - }, - { - "version_value": "3.1.0", - "version_affected": ">=" - }, - { - "version_value": "3.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Session Fixation" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-03-23T00:00:00", + "ID": "CVE-2017-18105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crowd", + "version": { + "version_data": [ + { + "version_value": "3.0.2", + "version_affected": "<" + }, + { + "version_value": "3.1.0", + "version_affected": ">=" + }, + { + "version_value": "3.1.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CWD-5072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Fixation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CWD-5072", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CWD-5072" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18106.json b/2017/18xxx/CVE-2017-18106.json index 947fe749b43..6e940635b36 100644 --- a/2017/18xxx/CVE-2017-18106.json +++ b/2017/18xxx/CVE-2017-18106.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-03-04T00:00:00", - "ID": "CVE-2017-18106", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crowd", - "version": { - "version_data": [ - { - "version_value": "2.9.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Use of a Broken or Risky Cryptographic Algorithm" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-03-04T00:00:00", + "ID": "CVE-2017-18106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crowd", + "version": { + "version_data": [ + { + "version_value": "2.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CWD-5061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CWD-5061", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CWD-5061" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18108.json b/2017/18xxx/CVE-2017-18108.json index da7bbb693ca..cf012f72431 100644 --- a/2017/18xxx/CVE-2017-18108.json +++ b/2017/18xxx/CVE-2017-18108.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-04-16T00:00:00", - "ID": "CVE-2017-18108", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crowd", - "version": { - "version_data": [ - { - "version_value": "2.10.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-04-16T00:00:00", + "ID": "CVE-2017-18108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crowd", + "version": { + "version_data": [ + { + "version_value": "2.10.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CWD-5062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CWD-5062", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CWD-5062" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18109.json b/2017/18xxx/CVE-2017-18109.json index 3b10cb43c5e..aff1d8ef1d2 100644 --- a/2017/18xxx/CVE-2017-18109.json +++ b/2017/18xxx/CVE-2017-18109.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-03-23T00:00:00", - "ID": "CVE-2017-18109", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crowd", - "version": { - "version_data": [ - { - "version_value": "3.0.2", - "version_affected": "<" - }, - { - "version_value": "3.1.0", - "version_affected": ">=" - }, - { - "version_value": "3.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "URL Redirection to Untrusted Site ('Open Redirect')" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-03-23T00:00:00", + "ID": "CVE-2017-18109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crowd", + "version": { + "version_data": [ + { + "version_value": "3.0.2", + "version_affected": "<" + }, + { + "version_value": "3.1.0", + "version_affected": ">=" + }, + { + "version_value": "3.1.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CWD-5071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CWD-5071", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CWD-5071" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18110.json b/2017/18xxx/CVE-2017-18110.json index 6a44c397a84..c41e406414c 100644 --- a/2017/18xxx/CVE-2017-18110.json +++ b/2017/18xxx/CVE-2017-18110.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-03-23T00:00:00", - "ID": "CVE-2017-18110", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Crowd", - "version": { - "version_data": [ - { - "version_value": "3.0.2", - "version_affected": "<" - }, - { - "version_value": "3.1.0", - "version_affected": ">=" - }, - { - "version_value": "3.1.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Restriction of XML External Entity Reference ('XXE')" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-03-23T00:00:00", + "ID": "CVE-2017-18110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crowd", + "version": { + "version_data": [ + { + "version_value": "3.0.2", + "version_affected": "<" + }, + { + "version_value": "3.1.0", + "version_affected": ">=" + }, + { + "version_value": "3.1.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CWD-5070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference ('XXE')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CWD-5070", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CWD-5070" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18111.json b/2017/18xxx/CVE-2017-18111.json index eafbe4d9693..191d14dbe1c 100644 --- a/2017/18xxx/CVE-2017-18111.json +++ b/2017/18xxx/CVE-2017-18111.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2017-05-31T00:00:00", - "ID": "CVE-2017-18111", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Application Links", - "version": { - "version_data": [ - { - "version_value": "5.0.10", - "version_affected": "<" - }, - { - "version_value": "5.1.0", - "version_affected": ">=" - }, - { - "version_value": "5.1.3", - "version_affected": "<" - }, - { - "version_value": "5.2.0", - "version_affected": ">=" - }, - { - "version_value": "5.2.6", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Restriction of XML External Entity Reference ('XXE')" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-05-31T00:00:00", + "ID": "CVE-2017-18111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Links", + "version": { + "version_data": [ + { + "version_value": "5.0.10", + "version_affected": "<" + }, + { + "version_value": "5.1.0", + "version_affected": ">=" + }, + { + "version_value": "5.1.3", + "version_affected": "<" + }, + { + "version_value": "5.2.0", + "version_affected": ">=" + }, + { + "version_value": "5.2.6", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://ecosystem.atlassian.net/browse/APL-1338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference ('XXE')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ecosystem.atlassian.net/browse/APL-1338", + "refsource": "MISC", + "name": "https://ecosystem.atlassian.net/browse/APL-1338" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18435.json b/2018/18xxx/CVE-2018-18435.json index 158bad628ba..8178277d76e 100644 --- a/2018/18xxx/CVE-2018-18435.json +++ b/2018/18xxx/CVE-2018-18435.json @@ -61,6 +61,21 @@ "refsource": "EXPLOIT-DB", "name": "46093", "url": "https://www.exploit-db.com/exploits/46093/" + }, + { + "refsource": "MISC", + "name": "https://github.com/active-labs/Advisories/blob/master/ACTIVE-2019-002.md", + "url": "https://github.com/active-labs/Advisories/blob/master/ACTIVE-2019-002.md" + }, + { + "refsource": "CONFIRM", + "name": "https://m.kioware.com/news/kioware-press-releases/kioware_server_security_patch_update", + "url": "https://m.kioware.com/news/kioware-press-releases/kioware_server_security_patch_update" + }, + { + "refsource": "CONFIRM", + "name": "https://www.kioware.com/patch.aspx", + "url": "https://www.kioware.com/patch.aspx" } ] } diff --git a/2018/20xxx/CVE-2018-20378.json b/2018/20xxx/CVE-2018-20378.json index b71de656546..df4141f6a1b 100644 --- a/2018/20xxx/CVE-2018-20378.json +++ b/2018/20xxx/CVE-2018-20378.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20378", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cymotive.com/wp-content/uploads/2019/03/Hell2CAP-0day.pdf", + "refsource": "MISC", + "name": "https://www.cymotive.com/wp-content/uploads/2019/03/Hell2CAP-0day.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://www.opensynergy.com/news/security/bluesdk-advisory2018003/", + "url": "https://www.opensynergy.com/news/security/bluesdk-advisory2018003/" } ] } diff --git a/2019/7xxx/CVE-2019-7524.json b/2019/7xxx/CVE-2019-7524.json index e50f2b3f250..8d10940a124 100644 --- a/2019/7xxx/CVE-2019-7524.json +++ b/2019/7xxx/CVE-2019-7524.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4418", "url": "https://www.debian.org/security/2019/dsa-4418" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1736-1] dovecot security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00038.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9918.json b/2019/9xxx/CVE-2019-9918.json index a8d92e12756..dfd328ef321 100644 --- a/2019/9xxx/CVE-2019-9918.json +++ b/2019/9xxx/CVE-2019-9918.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9918", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9918", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://extensions.joomla.org/extension/je-messenger/", + "refsource": "MISC", + "name": "https://extensions.joomla.org/extension/je-messenger/" + }, + { + "url": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9918.md", + "refsource": "MISC", + "name": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9918.md" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9919.json b/2019/9xxx/CVE-2019-9919.json index 98a0439d45e..158b5e8d644 100644 --- a/2019/9xxx/CVE-2019-9919.json +++ b/2019/9xxx/CVE-2019-9919.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9919", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9919", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://extensions.joomla.org/extension/je-messenger/", + "refsource": "MISC", + "name": "https://extensions.joomla.org/extension/je-messenger/" + }, + { + "url": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9919.md", + "refsource": "MISC", + "name": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9919.md" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9920.json b/2019/9xxx/CVE-2019-9920.json index cdcb45ef3b0..43b95d5347f 100644 --- a/2019/9xxx/CVE-2019-9920.json +++ b/2019/9xxx/CVE-2019-9920.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9920", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9920", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://extensions.joomla.org/extension/je-messenger/", + "refsource": "MISC", + "name": "https://extensions.joomla.org/extension/je-messenger/" + }, + { + "url": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9920.md", + "refsource": "MISC", + "name": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9920.md" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:N/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9921.json b/2019/9xxx/CVE-2019-9921.json index 05dce35f72e..3e891238da6 100644 --- a/2019/9xxx/CVE-2019-9921.json +++ b/2019/9xxx/CVE-2019-9921.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9921", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://extensions.joomla.org/extension/je-messenger/", + "refsource": "MISC", + "name": "https://extensions.joomla.org/extension/je-messenger/" + }, + { + "url": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9921.md", + "refsource": "MISC", + "name": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9921.md" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9922.json b/2019/9xxx/CVE-2019-9922.json index d49a6fc16a0..7fe11e243bb 100644 --- a/2019/9xxx/CVE-2019-9922.json +++ b/2019/9xxx/CVE-2019-9922.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9922", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9922", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://extensions.joomla.org/extension/je-messenger/", + "refsource": "MISC", + "name": "https://extensions.joomla.org/extension/je-messenger/" + }, + { + "url": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9922.md", + "refsource": "MISC", + "name": "https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9922.md" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file