diff --git a/2013/4xxx/CVE-2013-4343.json b/2013/4xxx/CVE-2013-4343.json index 62eb54109d2..999651d6d22 100644 --- a/2013/4xxx/CVE-2013-4343.json +++ b/2013/4xxx/CVE-2013-4343.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1479", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2018/18xxx/CVE-2018-18852.json b/2018/18xxx/CVE-2018-18852.json index 08ed49cd996..bd2ea95cfb1 100644 --- a/2018/18xxx/CVE-2018-18852.json +++ b/2018/18xxx/CVE-2018-18852.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18852", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fortiguard.com/zeroday/FG-VD-18-149", + "refsource": "MISC", + "name": "https://www.fortiguard.com/zeroday/FG-VD-18-149" } ] } diff --git a/2018/18xxx/CVE-2018-18875.json b/2018/18xxx/CVE-2018-18875.json index ffb3de03c28..d1f577ce7c5 100644 --- a/2018/18xxx/CVE-2018-18875.json +++ b/2018/18xxx/CVE-2018-18875.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18875", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02" } ] } diff --git a/2018/18xxx/CVE-2018-18876.json b/2018/18xxx/CVE-2018-18876.json index 57696f01c08..ff7a4967453 100644 --- a/2018/18xxx/CVE-2018-18876.json +++ b/2018/18xxx/CVE-2018-18876.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18876", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02" } ] } diff --git a/2018/18xxx/CVE-2018-18877.json b/2018/18xxx/CVE-2018-18877.json index 88c0b0df88e..15af4739987 100644 --- a/2018/18xxx/CVE-2018-18877.json +++ b/2018/18xxx/CVE-2018-18877.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18877", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02" } ] } diff --git a/2018/18xxx/CVE-2018-18878.json b/2018/18xxx/CVE-2018-18878.json index 7ef40aa1dd8..82e2ab9b323 100644 --- a/2018/18xxx/CVE-2018-18878.json +++ b/2018/18xxx/CVE-2018-18878.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18878", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02" } ] } diff --git a/2018/7xxx/CVE-2018-7191.json b/2018/7xxx/CVE-2018-7191.json index 6e4df6f7311..1ae68c2541c 100644 --- a/2018/7xxx/CVE-2018-7191.json +++ b/2018/7xxx/CVE-2018-7191.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1479", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/10xxx/CVE-2019-10732.json b/2019/10xxx/CVE-2019-10732.json index 821ef78be3c..f2ddbfb7a68 100644 --- a/2019/10xxx/CVE-2019-10732.json +++ b/2019/10xxx/CVE-2019-10732.json @@ -56,6 +56,11 @@ "url": "https://bugs.kde.org/show_bug.cgi?id=404698", "refsource": "MISC", "name": "https://bugs.kde.org/show_bug.cgi?id=404698" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1825-1] kdepim security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00012.html" } ] } diff --git a/2019/11xxx/CVE-2019-11190.json b/2019/11xxx/CVE-2019-11190.json index 2c110b508fc..ef3624487cf 100644 --- a/2019/11xxx/CVE-2019-11190.json +++ b/2019/11xxx/CVE-2019-11190.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4008-3", "url": "https://usn.ubuntu.com/4008-3/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/11xxx/CVE-2019-11191.json b/2019/11xxx/CVE-2019-11191.json index d1547d52e35..4bac826609e 100644 --- a/2019/11xxx/CVE-2019-11191.json +++ b/2019/11xxx/CVE-2019-11191.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4008-3", "url": "https://usn.ubuntu.com/4008-3/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/11xxx/CVE-2019-11487.json b/2019/11xxx/CVE-2019-11487.json index 099d11bb8d6..add6c7b7d8b 100644 --- a/2019/11xxx/CVE-2019-11487.json +++ b/2019/11xxx/CVE-2019-11487.json @@ -126,6 +126,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190517-0005/", "url": "https://security.netapp.com/advisory/ntap-20190517-0005/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/11xxx/CVE-2019-11833.json b/2019/11xxx/CVE-2019-11833.json index a7a41a2488b..d993c0b2f08 100644 --- a/2019/11xxx/CVE-2019-11833.json +++ b/2019/11xxx/CVE-2019-11833.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/12xxx/CVE-2019-12380.json b/2019/12xxx/CVE-2019-12380.json index 6bf3dbb857c..550f0d3db03 100644 --- a/2019/12xxx/CVE-2019-12380.json +++ b/2019/12xxx/CVE-2019-12380.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f40bd7826f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/12xxx/CVE-2019-12382.json b/2019/12xxx/CVE-2019-12382.json index 3a8dd6c40f3..08aae1125fc 100644 --- a/2019/12xxx/CVE-2019-12382.json +++ b/2019/12xxx/CVE-2019-12382.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f40bd7826f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/12xxx/CVE-2019-12456.json b/2019/12xxx/CVE-2019-12456.json index 0ab9ba638e8..d78dcf4f767 100644 --- a/2019/12xxx/CVE-2019-12456.json +++ b/2019/12xxx/CVE-2019-12456.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-83858fc57b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/12xxx/CVE-2019-12818.json b/2019/12xxx/CVE-2019-12818.json index b2f1654cf71..c696f4631f2 100644 --- a/2019/12xxx/CVE-2019-12818.json +++ b/2019/12xxx/CVE-2019-12818.json @@ -71,6 +71,11 @@ "refsource": "BID", "name": "108776", "url": "http://www.securityfocus.com/bid/108776" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/12xxx/CVE-2019-12819.json b/2019/12xxx/CVE-2019-12819.json index 90017d380e9..055d4c756de 100644 --- a/2019/12xxx/CVE-2019-12819.json +++ b/2019/12xxx/CVE-2019-12819.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "108768", "url": "http://www.securityfocus.com/bid/108768" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] } diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json index 1f107acf29d..14924f873b2 100644 --- a/2019/3xxx/CVE-2019-3846.json +++ b/2019/3xxx/CVE-2019-3846.json @@ -78,6 +78,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] }, diff --git a/2019/4xxx/CVE-2019-4142.json b/2019/4xxx/CVE-2019-4142.json index ca460554bba..fc01c906bbd 100644 --- a/2019/4xxx/CVE-2019-4142.json +++ b/2019/4xxx/CVE-2019-4142.json @@ -1,99 +1,99 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "N", - "SCORE" : "4.300", - "A" : "N", - "UI" : "R", - "I" : "L", - "S" : "U", - "AV" : "N", - "AC" : "L", - "PR" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 885434 (Cloud Private)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10885434", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10885434", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338", - "name" : "ibm-cloud-cve20194142-csrf (158338)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Private", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.0" - }, - { - "version_value" : "3.1.0" - }, - { - "version_value" : "3.1.1" - }, - { - "version_value" : "3.1.2" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "C": "N", + "SCORE": "4.300", + "A": "N", + "UI": "R", + "I": "L", + "S": "U", + "AV": "N", + "AC": "L", + "PR": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338." - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-06-14T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4142", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 885434 (Cloud Private)", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10885434", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885434", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338", + "name": "ibm-cloud-cve20194142-csrf (158338)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Private", + "version": { + "version_data": [ + { + "version_value": "2.1.0" + }, + { + "version_value": "3.1.0" + }, + { + "version_value": "3.1.1" + }, + { + "version_value": "3.1.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338." + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2019-06-14T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4142", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5489.json b/2019/5xxx/CVE-2019-5489.json index fe83f6ece20..7f347cd5c66 100644 --- a/2019/5xxx/CVE-2019-5489.json +++ b/2019/5xxx/CVE-2019-5489.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1570", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" } ] }