From e235576a81eb0af5d5d28408b44428f5e5929882 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 31 May 2019 21:00:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1331.json | 5 +++ 2015/1xxx/CVE-2015-1334.json | 5 +++ 2015/1xxx/CVE-2015-1335.json | 5 +++ 2017/5xxx/CVE-2017-5985.json | 5 +++ 2018/1000xxx/CVE-2018-1000632.json | 5 +++ 2018/6xxx/CVE-2018-6556.json | 5 +++ 2019/10xxx/CVE-2019-10981.json | 55 +++++++++++++++++++++++-- 2019/5xxx/CVE-2019-5736.json | 5 +++ 2019/9xxx/CVE-2019-9874.json | 66 +++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9875.json | 66 +++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9891.json | 56 ++++++++++++++++++++++--- 11 files changed, 257 insertions(+), 21 deletions(-) diff --git a/2015/1xxx/CVE-2015-1331.json b/2015/1xxx/CVE-2015-1331.json index 926f445e968..28843d283ff 100644 --- a/2015/1xxx/CVE-2015-1331.json +++ b/2015/1xxx/CVE-2015-1331.json @@ -86,6 +86,11 @@ "name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1481", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html" } ] } diff --git a/2015/1xxx/CVE-2015-1334.json b/2015/1xxx/CVE-2015-1334.json index b27d1363f52..1d3958cc08c 100644 --- a/2015/1xxx/CVE-2015-1334.json +++ b/2015/1xxx/CVE-2015-1334.json @@ -86,6 +86,11 @@ "name": "openSUSE-SU-2015:1317", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1481", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html" } ] } diff --git a/2015/1xxx/CVE-2015-1335.json b/2015/1xxx/CVE-2015-1335.json index 8e3c50b9839..1cca144ab89 100644 --- a/2015/1xxx/CVE-2015-1335.json +++ b/2015/1xxx/CVE-2015-1335.json @@ -111,6 +111,11 @@ "name": "openSUSE-SU-2015:1717", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1481", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html" } ] } diff --git a/2017/5xxx/CVE-2017-5985.json b/2017/5xxx/CVE-2017-5985.json index 2a18d905854..60eb041a986 100644 --- a/2017/5xxx/CVE-2017-5985.json +++ b/2017/5xxx/CVE-2017-5985.json @@ -81,6 +81,11 @@ "name": "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/03/09/4" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1481", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000632.json b/2018/1000xxx/CVE-2018-1000632.json index ce46d3b26f7..be92e130c04 100644 --- a/2018/1000xxx/CVE-2018-1000632.json +++ b/2018/1000xxx/CVE-2018-1000632.json @@ -124,6 +124,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190530-0001/", "url": "https://security.netapp.com/advisory/ntap-20190530-0001/" + }, + { + "refsource": "MLIST", + "name": "[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)", + "url": "https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E" } ] } diff --git a/2018/6xxx/CVE-2018-6556.json b/2018/6xxx/CVE-2018-6556.json index 7094bfb2fb0..65d57419532 100644 --- a/2018/6xxx/CVE-2018-6556.json +++ b/2018/6xxx/CVE-2018-6556.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1275", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1481", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10981.json b/2019/10xxx/CVE-2019-10981.json index 4c177e1a2ed..4e3b428d562 100644 --- a/2019/10xxx/CVE-2019-10981.json +++ b/2019/10xxx/CVE-2019-10981.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AVEVA", + "product": { + "product_data": [ + { + "product_name": "AVEVA Vijeo Citect and CitectSCADA", + "version": { + "version_data": [ + { + "version_value": "Vijeo Citect 7.30 and 7.40 CitectSCADA 7.30 and 7.40" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficiently Protected Credentials CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-150-01" + }, + { + "refsource": "CONFIRM", + "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityAdvisory_LFSec136.pdf", + "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityAdvisory_LFSec136.pdf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials." } ] } diff --git a/2019/5xxx/CVE-2019-5736.json b/2019/5xxx/CVE-2019-5736.json index 1c909b1c2ee..78254c2d325 100644 --- a/2019/5xxx/CVE-2019-5736.json +++ b/2019/5xxx/CVE-2019-5736.json @@ -271,6 +271,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1444", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1481", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html" } ] } diff --git a/2019/9xxx/CVE-2019-9874.json b/2019/9xxx/CVE-2019-9874.json index 15776cc8636..2e261cd26fa 100644 --- a/2019/9xxx/CVE-2019-9874.json +++ b/2019/9xxx/CVE-2019-9874.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dev.sitecore.net/Downloads.aspx", + "refsource": "MISC", + "name": "https://dev.sitecore.net/Downloads.aspx" + }, + { + "url": "https://www.synacktiv.com/blog.html", + "refsource": "MISC", + "name": "https://www.synacktiv.com/blog.html" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf", + "url": "https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf" } ] } diff --git a/2019/9xxx/CVE-2019-9875.json b/2019/9xxx/CVE-2019-9875.json index 98fdf823d60..1a0b3de45be 100644 --- a/2019/9xxx/CVE-2019-9875.json +++ b/2019/9xxx/CVE-2019-9875.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9875", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9875", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dev.sitecore.net/Downloads.aspx", + "refsource": "MISC", + "name": "https://dev.sitecore.net/Downloads.aspx" + }, + { + "url": "https://www.synacktiv.com/blog.html", + "refsource": "MISC", + "name": "https://www.synacktiv.com/blog.html" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf", + "url": "https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf" } ] } diff --git a/2019/9xxx/CVE-2019-9891.json b/2019/9xxx/CVE-2019-9891.json index f60c6de9f87..d5c137f7bc2 100644 --- a/2019/9xxx/CVE-2019-9891.json +++ b/2019/9xxx/CVE-2019-9891.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9891", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9891", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2019-007", + "refsource": "MISC", + "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2019-007" } ] }