diff --git a/2018/19xxx/CVE-2018-19571.json b/2018/19xxx/CVE-2018-19571.json index b770526f9dd..52df850d93f 100644 --- a/2018/19xxx/CVE-2018-19571.json +++ b/2018/19xxx/CVE-2018-19571.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19571", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53242", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53242" } ] } diff --git a/2018/19xxx/CVE-2018-19578.json b/2018/19xxx/CVE-2018-19578.json index 7e1425ec26c..62cd2163587 100644 --- a/2018/19xxx/CVE-2018-19578.json +++ b/2018/19xxx/CVE-2018-19578.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19578", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54228", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54228" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19579.json b/2018/19xxx/CVE-2018-19579.json index 42da959b30f..627db873355 100644 --- a/2018/19xxx/CVE-2018-19579.json +++ b/2018/19xxx/CVE-2018-19579.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19579", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53917", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53917" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19580.json b/2018/19xxx/CVE-2018-19580.json index ede81ece3ae..0df871435de 100644 --- a/2018/19xxx/CVE-2018-19580.json +++ b/2018/19xxx/CVE-2018-19580.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19580", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/39809", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/39809" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19581.json b/2018/19xxx/CVE-2018-19581.json index 63c041f26dc..f7edfc73137 100644 --- a/2018/19xxx/CVE-2018-19581.json +++ b/2018/19xxx/CVE-2018-19581.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19581", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/7696", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/7696" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19582.json b/2018/19xxx/CVE-2018-19582.json index 4ab75e469fd..ba3308bcb1e 100644 --- a/2018/19xxx/CVE-2018-19582.json +++ b/2018/19xxx/CVE-2018-19582.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19582", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/8180", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/8180" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19583.json b/2018/19xxx/CVE-2018-19583.json index 9bee18cde2b..250b6299dca 100644 --- a/2018/19xxx/CVE-2018-19583.json +++ b/2018/19xxx/CVE-2018-19583.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19583", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182", + "url": "https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19584.json b/2018/19xxx/CVE-2018-19584.json index ce18b2a3023..ff75be80f2c 100644 --- a/2018/19xxx/CVE-2018-19584.json +++ b/2018/19xxx/CVE-2018-19584.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19584", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52522", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52522" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12469.json b/2019/12xxx/CVE-2019-12469.json index 7f4bd781881..84bf14aa454 100644 --- a/2019/12xxx/CVE-2019-12469.json +++ b/2019/12xxx/CVE-2019-12469.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12469", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12469", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4460", + "url": "https://www.debian.org/security/2019/dsa-4460" + }, + { + "refsource": "BUGTRAQ", + "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url": "https://seclists.org/bugtraq/2019/Jun/12" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T222036", + "url": "https://phabricator.wikimedia.org/T222036" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" } ] } diff --git a/2019/12xxx/CVE-2019-12470.json b/2019/12xxx/CVE-2019-12470.json index 98bda874066..0e8850da2fd 100644 --- a/2019/12xxx/CVE-2019-12470.json +++ b/2019/12xxx/CVE-2019-12470.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12470", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12470", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4460", + "url": "https://www.debian.org/security/2019/dsa-4460" + }, + { + "refsource": "BUGTRAQ", + "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url": "https://seclists.org/bugtraq/2019/Jun/12" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T222038", + "url": "https://phabricator.wikimedia.org/T222038" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" } ] } diff --git a/2019/13xxx/CVE-2019-13122.json b/2019/13xxx/CVE-2019-13122.json new file mode 100644 index 00000000000..57f21a39f60 --- /dev/null +++ b/2019/13xxx/CVE-2019-13122.json @@ -0,0 +1,92 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/getpatchwork/patchwork/releases", + "refsource": "MISC", + "name": "https://github.com/getpatchwork/patchwork/releases" + }, + { + "url": "https://github.com/getpatchwork/patchwork/commits/master", + "refsource": "MISC", + "name": "https://github.com/getpatchwork/patchwork/commits/master" + }, + { + "url": "https://lists.ozlabs.org/pipermail/patchwork/2019-July/date.html", + "refsource": "MISC", + "name": "https://lists.ozlabs.org/pipermail/patchwork/2019-July/date.html" + }, + { + "url": "http://jk.ozlabs.org/projects/patchwork/", + "refsource": "MISC", + "name": "http://jk.ozlabs.org/projects/patchwork/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190705 CVE-2019-13122: Patchwork: XSS via Message-ID", + "url": "http://www.openwall.com/lists/oss-security/2019/07/05/1" + }, + { + "refsource": "MISC", + "name": "https://lists.ozlabs.org/pipermail/patchwork/2019-July/005870.html", + "url": "https://lists.ozlabs.org/pipermail/patchwork/2019-July/005870.html" + }, + { + "refsource": "MISC", + "name": "https://lists.ozlabs.org/pipermail/patchwork/2019-July/005878.html", + "url": "https://lists.ozlabs.org/pipermail/patchwork/2019-July/005878.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13276.json b/2019/13xxx/CVE-2019-13276.json new file mode 100644 index 00000000000..271a3b0d839 --- /dev/null +++ b/2019/13xxx/CVE-2019-13276.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276", + "url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13278.json b/2019/13xxx/CVE-2019-13278.json new file mode 100644 index 00000000000..2ea203a1780 --- /dev/null +++ b/2019/13xxx/CVE-2019-13278.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278", + "url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13279.json b/2019/13xxx/CVE-2019-13279.json new file mode 100644 index 00000000000..ed5dbc218b5 --- /dev/null +++ b/2019/13xxx/CVE-2019-13279.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279", + "url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6637.json b/2019/6xxx/CVE-2019-6637.json index a48f43f188e..a29a17b5a82 100644 --- a/2019/6xxx/CVE-2019-6637.json +++ b/2019/6xxx/CVE-2019-6637.json @@ -57,6 +57,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K29149494", "url": "https://support.f5.com/csp/article/K29149494" + }, + { + "refsource": "BID", + "name": "109091", + "url": "http://www.securityfocus.com/bid/109091" } ] }, diff --git a/2019/6xxx/CVE-2019-6638.json b/2019/6xxx/CVE-2019-6638.json index 66db62c350b..36ab424714d 100644 --- a/2019/6xxx/CVE-2019-6638.json +++ b/2019/6xxx/CVE-2019-6638.json @@ -51,6 +51,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K67825238", "url": "https://support.f5.com/csp/article/K67825238" + }, + { + "refsource": "BID", + "name": "109106", + "url": "http://www.securityfocus.com/bid/109106" } ] }, diff --git a/2019/6xxx/CVE-2019-6640.json b/2019/6xxx/CVE-2019-6640.json index ee4c8b6bbc1..10f9f57af95 100644 --- a/2019/6xxx/CVE-2019-6640.json +++ b/2019/6xxx/CVE-2019-6640.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K40443301", "url": "https://support.f5.com/csp/article/K40443301" + }, + { + "refsource": "BID", + "name": "109089", + "url": "http://www.securityfocus.com/bid/109089" } ] },