From dfaa1c328eedfbb0dee200e123c602139e64f8ee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 31 Dec 2019 17:01:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12837.json | 56 ++++++++++++++++++++++++++++++---- 2019/16xxx/CVE-2019-16405.json | 32 ++++++++++++++++++- 2019/20xxx/CVE-2019-20177.json | 18 +++++++++++ 2019/7xxx/CVE-2019-7751.json | 53 ++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9197.json | 53 ++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9206.json | 53 ++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9207.json | 53 ++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9553.json | 53 ++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9554.json | 53 ++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9556.json | 53 ++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9668.json | 48 +++++++++++++++++++++++++++-- 11 files changed, 502 insertions(+), 23 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20177.json diff --git a/2019/12xxx/CVE-2019-12837.json b/2019/12xxx/CVE-2019-12837.json index 5f8b329f0c8..5863e2b05dd 100644 --- a/2019/12xxx/CVE-2019-12837.json +++ b/2019/12xxx/CVE-2019-12837.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints, given that the attacker is authenticated as a student: 1) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/{student_id}/ 2) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/?page={page}." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://vulnz.avm99963.com/T15", + "url": "https://vulnz.avm99963.com/T15" } ] } diff --git a/2019/16xxx/CVE-2019-16405.json b/2019/16xxx/CVE-2019-16405.json index 9d184d4066e..5d86c2298e4 100644 --- a/2019/16xxx/CVE-2019-16405.json +++ b/2019/16xxx/CVE-2019-16405.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Centreon Web 19.04.4 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same." + "value": "Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same." } ] }, @@ -66,6 +66,36 @@ "refsource": "MISC", "name": "https://github.com/TheCyberGeek/CVE-2019-16405.rb", "url": "https://github.com/TheCyberGeek/CVE-2019-16405.rb" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/pull/7884", + "url": "https://github.com/centreon/centreon/pull/7884" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/pull/7864", + "url": "https://github.com/centreon/centreon/pull/7864" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html" } ] } diff --git a/2019/20xxx/CVE-2019-20177.json b/2019/20xxx/CVE-2019-20177.json new file mode 100644 index 00000000000..3e2c7f7c956 --- /dev/null +++ b/2019/20xxx/CVE-2019-20177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7751.json b/2019/7xxx/CVE-2019-7751.json index 3190179ab98..b53e434fe14 100644 --- a/2019/7xxx/CVE-2019-7751.json +++ b/2019/7xxx/CVE-2019-7751.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7751", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/151963/MarcomCentral-FusionPro-VDP-Creator-Directory-Traversal.html", + "url": "https://packetstormsecurity.com/files/151963/MarcomCentral-FusionPro-VDP-Creator-Directory-Traversal.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46494", + "url": "https://www.exploit-db.com/exploits/46494" } ] } diff --git a/2019/9xxx/CVE-2019-9197.json b/2019/9xxx/CVE-2019-9197.json index 9c5f7de9d9e..e2adf0f5a93 100644 --- a/2019/9xxx/CVE-2019-9197.json +++ b/2019/9xxx/CVE-2019-9197.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9197", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-252/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-252/" + }, + { + "refsource": "CONFIRM", + "name": "https://unity3d.com/security#CVE-2019-9197", + "url": "https://unity3d.com/security#CVE-2019-9197" } ] } diff --git a/2019/9xxx/CVE-2019-9206.json b/2019/9xxx/CVE-2019-9206.json index 3663b9919a3..9e536d9f559 100644 --- a/2019/9xxx/CVE-2019-9206.json +++ b/2019/9xxx/CVE-2019-9206.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9206", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/151925/PRTG-Network-Monitor-7.1.3.3378-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/151925/PRTG-Network-Monitor-7.1.3.3378-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2019/Mar/3", + "url": "https://seclists.org/fulldisclosure/2019/Mar/3" } ] } diff --git a/2019/9xxx/CVE-2019-9207.json b/2019/9xxx/CVE-2019-9207.json index 954cc45237f..750d727c7f1 100644 --- a/2019/9xxx/CVE-2019-9207.json +++ b/2019/9xxx/CVE-2019-9207.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9207", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/151925/PRTG-Network-Monitor-7.1.3.3378-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/151925/PRTG-Network-Monitor-7.1.3.3378-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2019/Mar/3", + "url": "https://seclists.org/fulldisclosure/2019/Mar/3" } ] } diff --git a/2019/9xxx/CVE-2019-9553.json b/2019/9xxx/CVE-2019-9553.json index 66c1f0c04ba..88a280faf62 100644 --- a/2019/9xxx/CVE-2019-9553.json +++ b/2019/9xxx/CVE-2019-9553.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9553", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46495", + "url": "https://www.exploit-db.com/exploits/46495" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/151943/Bold-CMS-3.6.4-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/151943/Bold-CMS-3.6.4-Cross-Site-Scripting.html" } ] } diff --git a/2019/9xxx/CVE-2019-9554.json b/2019/9xxx/CVE-2019-9554.json index 24b628d3935..a88c98eea5e 100644 --- a/2019/9xxx/CVE-2019-9554.json +++ b/2019/9xxx/CVE-2019-9554.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9554", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/151944/Craft-CMS-3.1.12-Pro-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/151944/Craft-CMS-3.1.12-Pro-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46496", + "url": "https://www.exploit-db.com/exploits/46496" } ] } diff --git a/2019/9xxx/CVE-2019-9556.json b/2019/9xxx/CVE-2019-9556.json index 840aaef7634..c718bcec916 100644 --- a/2019/9xxx/CVE-2019-9556.json +++ b/2019/9xxx/CVE-2019-9556.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9556", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FiberHome an5506-04-f RP2669 devices have XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/151959/Fiberhome-AN5506-04-F-RP2669-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/151959/Fiberhome-AN5506-04-F-RP2669-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46498", + "url": "https://www.exploit-db.com/exploits/46498" } ] } diff --git a/2019/9xxx/CVE-2019-9668.json b/2019/9xxx/CVE-2019-9668.json index a68965d7b4c..631d28ab01f 100644 --- a/2019/9xxx/CVE-2019-9668.json +++ b/2019/9xxx/CVE-2019-9668.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9668", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/152058/robinbhandari-FTP-Remote-Denial-Of-Service.html", + "url": "https://packetstormsecurity.com/files/152058/robinbhandari-FTP-Remote-Denial-Of-Service.html" } ] }