From df7ef5c9c6f13b5e5ded7950a160c232ea9f8307 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 7 Jun 2019 15:00:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/13xxx/CVE-2018-13380.json | 5 + 2018/15xxx/CVE-2018-15587.json | 5 + 2018/5xxx/CVE-2018-5265.json | 48 +++++- 2018/5xxx/CVE-2018-5798.json | 53 ++++++- 2018/6xxx/CVE-2018-6185.json | 53 ++++++- 2019/10xxx/CVE-2019-10149.json | 5 + 2019/12xxx/CVE-2019-12378.json | 2 +- 2019/12xxx/CVE-2019-12477.json | 61 +++++++- 2019/12xxx/CVE-2019-12773.json | 18 +++ 2019/4xxx/CVE-2019-4066.json | 266 ++++++++++++++++----------------- 2019/4xxx/CVE-2019-4067.json | 266 ++++++++++++++++----------------- 2019/4xxx/CVE-2019-4068.json | 266 ++++++++++++++++----------------- 2019/4xxx/CVE-2019-4069.json | 264 ++++++++++++++++---------------- 2019/4xxx/CVE-2019-4070.json | 262 ++++++++++++++++---------------- 2019/8xxx/CVE-2019-8282.json | 58 ++++++- 2019/8xxx/CVE-2019-8283.json | 58 ++++++- 16 files changed, 1001 insertions(+), 689 deletions(-) create mode 100644 2019/12xxx/CVE-2019-12773.json diff --git a/2018/13xxx/CVE-2018-13380.json b/2018/13xxx/CVE-2018-13380.json index 0d313df844c..a364d92feb5 100644 --- a/2018/13xxx/CVE-2018-13380.json +++ b/2018/13xxx/CVE-2018-13380.json @@ -54,6 +54,11 @@ "refsource": "CONFIRM", "name": "https://fortiguard.com/advisory/FG-IR-18-383", "url": "https://fortiguard.com/advisory/FG-IR-18-383" + }, + { + "refsource": "BID", + "name": "108681", + "url": "http://www.securityfocus.com/bid/108681" } ] }, diff --git a/2018/15xxx/CVE-2018-15587.json b/2018/15xxx/CVE-2018-15587.json index b22f9e885c2..6de57f2991b 100644 --- a/2018/15xxx/CVE-2018-15587.json +++ b/2018/15xxx/CVE-2018-15587.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-3998-1", "url": "https://usn.ubuntu.com/3998-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4457", + "url": "https://www.debian.org/security/2019/dsa-4457" } ] } diff --git a/2018/5xxx/CVE-2018-5265.json b/2018/5xxx/CVE-2018-5265.json index 26974f3ac0e..ff33af5e821 100644 --- a/2018/5xxx/CVE-2018-5265.json +++ b/2018/5xxx/CVE-2018-5265.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5265", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.red4sec.com/cve/edgerouter_lite.txt", + "refsource": "MISC", + "name": "https://www.red4sec.com/cve/edgerouter_lite.txt" } ] } diff --git a/2018/5xxx/CVE-2018-5798.json b/2018/5xxx/CVE-2018-5798.json index 6a35b917741..3f339801a2f 100644 --- a/2018/5xxx/CVE-2018-5798.json +++ b/2018/5xxx/CVE-2018-5798.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5798", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cloudera.com", + "refsource": "MISC", + "name": "https://www.cloudera.com" + }, + { + "refsource": "CONFIRM", + "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html", + "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" } ] } diff --git a/2018/6xxx/CVE-2018-6185.json b/2018/6xxx/CVE-2018-6185.json index 0ae2ea04058..eb3d5ce45e7 100644 --- a/2018/6xxx/CVE-2018-6185.json +++ b/2018/6xxx/CVE-2018-6185.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6185", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is \"*\" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cloudera.com", + "refsource": "MISC", + "name": "https://www.cloudera.com" + }, + { + "refsource": "CONFIRM", + "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html", + "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" } ] } diff --git a/2019/10xxx/CVE-2019-10149.json b/2019/10xxx/CVE-2019-10149.json index 8aae0035905..c269394f118 100644 --- a/2019/10xxx/CVE-2019-10149.json +++ b/2019/10xxx/CVE-2019-10149.json @@ -98,6 +98,11 @@ "refsource": "BID", "name": "108679", "url": "http://www.securityfocus.com/bid/108679" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1524", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html" } ] }, diff --git a/2019/12xxx/CVE-2019-12378.json b/2019/12xxx/CVE-2019-12378.json index fe196081afa..8b4ad684663 100644 --- a/2019/12xxx/CVE-2019-12378.json +++ b/2019/12xxx/CVE-2019-12378.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash)." + "value": "** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue." } ] }, diff --git a/2019/12xxx/CVE-2019-12477.json b/2019/12xxx/CVE-2019-12477.json index 8daeaedd5ea..d95adb27de7 100644 --- a/2019/12xxx/CVE-2019-12477.json +++ b/2019/12xxx/CVE-2019-12477.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12477", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12477", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1ZVHn_bPE-3kqYd2D-3AJpXZdd4dlmzVh/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1ZVHn_bPE-3kqYd2D-3AJpXZdd4dlmzVh/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153191/Supra-Smart-Cloud-TV-Remote-File-Inclusion.html", + "url": "http://packetstormsecurity.com/files/153191/Supra-Smart-Cloud-TV-Remote-File-Inclusion.html" } ] } diff --git a/2019/12xxx/CVE-2019-12773.json b/2019/12xxx/CVE-2019-12773.json new file mode 100644 index 00000000000..d3fdae8a3ad --- /dev/null +++ b/2019/12xxx/CVE-2019-12773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4066.json b/2019/4xxx/CVE-2019-4066.json index a7480bc7fd0..d36a69c1ef1 100644 --- a/2019/4xxx/CVE-2019-4066.json +++ b/2019/4xxx/CVE-2019-4066.json @@ -1,135 +1,135 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "A" : "H", - "SCORE" : "8.800", - "AV" : "N", - "PR" : "L", - "AC" : "L", - "UI" : "N", - "C" : "H", - "I" : "H" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-05-31T00:00:00", - "ID" : "CVE-2019-4066", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Operations Center", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.0" - }, - { - "version_value" : "5.1.0.1" - }, - { - "version_value" : "5.1.0.2" - }, - { - "version_value" : "5.1.0.3" - }, - { - "version_value" : "5.1.0.4" - }, - { - "version_value" : "5.1.0.5" - }, - { - "version_value" : "5.1.0.6" - }, - { - "version_value" : "5.1.0.7" - }, - { - "version_value" : "5.1.0.8" - }, - { - "version_value" : "5.1.0.9" - }, - { - "version_value" : "5.1.0.10" - }, - { - "version_value" : "5.1.0.11" - }, - { - "version_value" : "5.1.0.12" - }, - { - "version_value" : "5.1.0.13" - }, - { - "version_value" : "5.1.0.14" - }, - { - "version_value" : "5.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "A": "H", + "SCORE": "8.800", + "AV": "N", + "PR": "L", + "AC": "L", + "UI": "N", + "C": "H", + "I": "H" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10879381", - "title" : "IBM Security Bulletin 879381 (Intelligent Operations Center)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10879381" - }, - { - "name" : "ibm-ioc-cve20194066-create-user (157011)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ID": "CVE-2019-4066", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Operations Center", + "version": { + "version_data": [ + { + "version_value": "5.1.0" + }, + { + "version_value": "5.1.0.1" + }, + { + "version_value": "5.1.0.2" + }, + { + "version_value": "5.1.0.3" + }, + { + "version_value": "5.1.0.4" + }, + { + "version_value": "5.1.0.5" + }, + { + "version_value": "5.1.0.6" + }, + { + "version_value": "5.1.0.7" + }, + { + "version_value": "5.1.0.8" + }, + { + "version_value": "5.1.0.9" + }, + { + "version_value": "5.1.0.10" + }, + { + "version_value": "5.1.0.11" + }, + { + "version_value": "5.1.0.12" + }, + { + "version_value": "5.1.0.13" + }, + { + "version_value": "5.1.0.14" + }, + { + "version_value": "5.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879381", + "title": "IBM Security Bulletin 879381 (Intelligent Operations Center)", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879381" + }, + { + "name": "ibm-ioc-cve20194066-create-user (157011)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4067.json b/2019/4xxx/CVE-2019-4067.json index a8b4d474dc6..ed65c95f359 100644 --- a/2019/4xxx/CVE-2019-4067.json +++ b/2019/4xxx/CVE-2019-4067.json @@ -1,135 +1,135 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4067", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-05-31T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "I" : "N", - "SCORE" : "5.900", - "AV" : "N", - "PR" : "N", - "UI" : "N", - "AC" : "H", - "C" : "H", - "S" : "U", - "A" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880213", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880213", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 880213 (Intelligent Operations Center)" - }, - { - "name" : "ibm-ioc-cve20194067-info-disc (157012)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.1.0" - }, - { - "version_value" : "5.1.0.1" - }, - { - "version_value" : "5.1.0.2" - }, - { - "version_value" : "5.1.0.3" - }, - { - "version_value" : "5.1.0.4" - }, - { - "version_value" : "5.1.0.5" - }, - { - "version_value" : "5.1.0.6" - }, - { - "version_value" : "5.1.0.7" - }, - { - "version_value" : "5.1.0.8" - }, - { - "version_value" : "5.1.0.9" - }, - { - "version_value" : "5.1.0.10" - }, - { - "version_value" : "5.1.0.11" - }, - { - "version_value" : "5.1.0.12" - }, - { - "version_value" : "5.1.0.13" - }, - { - "version_value" : "5.1.0.14" - }, - { - "version_value" : "5.2.0" - } - ] - }, - "product_name" : "Intelligent Operations Center" - } - ] - }, - "vendor_name" : "IBM" + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4067", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "I": "N", + "SCORE": "5.900", + "AV": "N", + "PR": "N", + "UI": "N", + "AC": "H", + "C": "H", + "S": "U", + "A": "N" } - ] - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.", + "lang": "eng" + } + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880213", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880213", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 880213 (Intelligent Operations Center)" + }, + { + "name": "ibm-ioc-cve20194067-info-disc (157012)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.1.0" + }, + { + "version_value": "5.1.0.1" + }, + { + "version_value": "5.1.0.2" + }, + { + "version_value": "5.1.0.3" + }, + { + "version_value": "5.1.0.4" + }, + { + "version_value": "5.1.0.5" + }, + { + "version_value": "5.1.0.6" + }, + { + "version_value": "5.1.0.7" + }, + { + "version_value": "5.1.0.8" + }, + { + "version_value": "5.1.0.9" + }, + { + "version_value": "5.1.0.10" + }, + { + "version_value": "5.1.0.11" + }, + { + "version_value": "5.1.0.12" + }, + { + "version_value": "5.1.0.13" + }, + { + "version_value": "5.1.0.14" + }, + { + "version_value": "5.2.0" + } + ] + }, + "product_name": "Intelligent Operations Center" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4068.json b/2019/4xxx/CVE-2019-4068.json index 769eb50b154..5a52a437c1d 100644 --- a/2019/4xxx/CVE-2019-4068.json +++ b/2019/4xxx/CVE-2019-4068.json @@ -1,135 +1,135 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Operations Center", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.0" - }, - { - "version_value" : "5.1.0.1" - }, - { - "version_value" : "5.1.0.2" - }, - { - "version_value" : "5.1.0.3" - }, - { - "version_value" : "5.1.0.4" - }, - { - "version_value" : "5.1.0.5" - }, - { - "version_value" : "5.1.0.6" - }, - { - "version_value" : "5.1.0.7" - }, - { - "version_value" : "5.1.0.8" - }, - { - "version_value" : "5.1.0.9" - }, - { - "version_value" : "5.1.0.10" - }, - { - "version_value" : "5.1.0.11" - }, - { - "version_value" : "5.1.0.12" - }, - { - "version_value" : "5.1.0.13" - }, - { - "version_value" : "5.1.0.14" - }, - { - "version_value" : "5.2.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 880229 (Intelligent Operations Center)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880229", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880229" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013", - "name" : "ibm-ioc-cve20194068-info-disc (157013)" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "I" : "N", - "AV" : "N", - "SCORE" : "5.900", - "PR" : "N", - "AC" : "H", - "UI" : "N", - "C" : "H", - "S" : "U", - "A" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Intelligent Operations Center", + "version": { + "version_data": [ + { + "version_value": "5.1.0" + }, + { + "version_value": "5.1.0.1" + }, + { + "version_value": "5.1.0.2" + }, + { + "version_value": "5.1.0.3" + }, + { + "version_value": "5.1.0.4" + }, + { + "version_value": "5.1.0.5" + }, + { + "version_value": "5.1.0.6" + }, + { + "version_value": "5.1.0.7" + }, + { + "version_value": "5.1.0.8" + }, + { + "version_value": "5.1.0.9" + }, + { + "version_value": "5.1.0.10" + }, + { + "version_value": "5.1.0.11" + }, + { + "version_value": "5.1.0.12" + }, + { + "version_value": "5.1.0.13" + }, + { + "version_value": "5.1.0.14" + }, + { + "version_value": "5.2.0" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4068", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-05-31T00:00:00" - } -} + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 880229 (Intelligent Operations Center)", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880229" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013", + "name": "ibm-ioc-cve20194068-info-disc (157013)" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "I": "N", + "AV": "N", + "SCORE": "5.900", + "PR": "N", + "AC": "H", + "UI": "N", + "C": "H", + "S": "U", + "A": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4068", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-05-31T00:00:00" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4069.json b/2019/4xxx/CVE-2019-4069.json index 2fb2add393e..9eacd3437c1 100644 --- a/2019/4xxx/CVE-2019-4069.json +++ b/2019/4xxx/CVE-2019-4069.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4069", - "DATE_PUBLIC" : "2019-05-31T00:00:00" - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "A" : "H", - "S" : "U", - "C" : "H", - "AC" : "L", - "UI" : "R", - "SCORE" : "8.000", - "AV" : "N", - "PR" : "L", - "I" : "H" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2019-4069", + "DATE_PUBLIC": "2019-05-31T00:00:00" + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.1.0" - }, - { - "version_value" : "5.1.0.1" - }, - { - "version_value" : "5.1.0.2" - }, - { - "version_value" : "5.1.0.3" - }, - { - "version_value" : "5.1.0.4" - }, - { - "version_value" : "5.1.0.5" - }, - { - "version_value" : "5.1.0.6" - }, - { - "version_value" : "5.1.0.7" - }, - { - "version_value" : "5.1.0.8" - }, - { - "version_value" : "5.1.0.9" - }, - { - "version_value" : "5.1.0.10" - }, - { - "version_value" : "5.1.0.11" - }, - { - "version_value" : "5.1.0.12" - }, - { - "version_value" : "5.1.0.13" - }, - { - "version_value" : "5.1.0.14" - }, - { - "version_value" : "5.2.0" - } - ] - }, - "product_name" : "Intelligent Operations Center" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10879953", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 879953 (Intelligent Operations Center)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10879953" - }, - { - "name" : "ibm-ioc-cve20194069-file-upload (157014)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "A": "H", + "S": "U", + "C": "H", + "AC": "L", + "UI": "R", + "SCORE": "8.000", + "AV": "N", + "PR": "L", + "I": "H" + } + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.1.0" + }, + { + "version_value": "5.1.0.1" + }, + { + "version_value": "5.1.0.2" + }, + { + "version_value": "5.1.0.3" + }, + { + "version_value": "5.1.0.4" + }, + { + "version_value": "5.1.0.5" + }, + { + "version_value": "5.1.0.6" + }, + { + "version_value": "5.1.0.7" + }, + { + "version_value": "5.1.0.8" + }, + { + "version_value": "5.1.0.9" + }, + { + "version_value": "5.1.0.10" + }, + { + "version_value": "5.1.0.11" + }, + { + "version_value": "5.1.0.12" + }, + { + "version_value": "5.1.0.13" + }, + { + "version_value": "5.1.0.14" + }, + { + "version_value": "5.2.0" + } + ] + }, + "product_name": "Intelligent Operations Center" + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879953", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 879953 (Intelligent Operations Center)", + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879953" + }, + { + "name": "ibm-ioc-cve20194069-file-upload (157014)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4070.json b/2019/4xxx/CVE-2019-4070.json index 6c041ee4628..f7ddfcca92e 100644 --- a/2019/4xxx/CVE-2019-4070.json +++ b/2019/4xxx/CVE-2019-4070.json @@ -1,135 +1,135 @@ { - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10879943", - "title" : "IBM Security Bulletin 879943 (Intelligent Operations Center)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10879943", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-ioc-cve20194070-xss (157015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.1.0" - }, - { - "version_value" : "5.1.0.1" - }, - { - "version_value" : "5.1.0.2" - }, - { - "version_value" : "5.1.0.3" - }, - { - "version_value" : "5.1.0.4" - }, - { - "version_value" : "5.1.0.5" - }, - { - "version_value" : "5.1.0.6" - }, - { - "version_value" : "5.1.0.7" - }, - { - "version_value" : "5.1.0.8" - }, - { - "version_value" : "5.1.0.9" - }, - { - "version_value" : "5.1.0.10" - }, - { - "version_value" : "5.1.0.11" - }, - { - "version_value" : "5.1.0.12" - }, - { - "version_value" : "5.1.0.13" - }, - { - "version_value" : "5.1.0.14" - }, - { - "version_value" : "5.2.0" - } - ] - }, - "product_name" : "Intelligent Operations Center" - } - ] - }, - "vendor_name" : "IBM" + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879943", + "title": "IBM Security Bulletin 879943 (Intelligent Operations Center)", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879943", + "refsource": "CONFIRM" + }, + { + "name": "ibm-ioc-cve20194070-xss (157015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015." - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.1.0" + }, + { + "version_value": "5.1.0.1" + }, + { + "version_value": "5.1.0.2" + }, + { + "version_value": "5.1.0.3" + }, + { + "version_value": "5.1.0.4" + }, + { + "version_value": "5.1.0.5" + }, + { + "version_value": "5.1.0.6" + }, + { + "version_value": "5.1.0.7" + }, + { + "version_value": "5.1.0.8" + }, + { + "version_value": "5.1.0.9" + }, + { + "version_value": "5.1.0.10" + }, + { + "version_value": "5.1.0.11" + }, + { + "version_value": "5.1.0.12" + }, + { + "version_value": "5.1.0.13" + }, + { + "version_value": "5.1.0.14" + }, + { + "version_value": "5.2.0" + } + ] + }, + "product_name": "Intelligent Operations Center" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "S" : "C", - "A" : "N", - "SCORE" : "5.400", - "AV" : "N", - "PR" : "L", - "C" : "L", - "UI" : "R", - "AC" : "L", - "I" : "L" - } - } - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2019-05-31T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4070" - } -} + } + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015." + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + }, + "BM": { + "S": "C", + "A": "N", + "SCORE": "5.400", + "AV": "N", + "PR": "L", + "C": "L", + "UI": "R", + "AC": "L", + "I": "L" + } + } + }, + "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2019-05-31T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2019-4070" + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8282.json b/2019/8xxx/CVE-2019-8282.json index ac9bd32b173..8750af7aca7 100644 --- a/2019/8xxx/CVE-2019-8282.json +++ b/2019/8xxx/CVE-2019-8282.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8282", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8282", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Sentinel LDK RTE", + "version": { + "version_data": [ + { + "version_value": "7.91" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one." } ] } diff --git a/2019/8xxx/CVE-2019-8283.json b/2019/8xxx/CVE-2019-8283.json index 3dd28ad89bc..c142139797a 100644 --- a/2019/8xxx/CVE-2019-8283.json +++ b/2019/8xxx/CVE-2019-8283.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8283", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8283", + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Sentinel LDK RTE", + "version": { + "version_data": [ + { + "version_value": "7.91" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it." } ] }