From e5628724bd83a302adc50bfbbece3e0ae1348389 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 6 Jun 2019 17:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12135.json | 61 ++++++++++++++++++++++++++++++---- 2019/12xxx/CVE-2019-12291.json | 56 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7215.json | 53 +++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9929.json | 61 ++++++++++++++++++++++++++++++---- 4 files changed, 211 insertions(+), 20 deletions(-) diff --git a/2019/12xxx/CVE-2019-12135.json b/2019/12xxx/CVE-2019-12135.json index 98d0f0f55a6..93f238a16fc 100644 --- a/2019/12xxx/CVE-2019-12135.json +++ b/2019/12xxx/CVE-2019-12135.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12135", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12135", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.papercut.com/products/mf/release-history/", + "url": "https://www.papercut.com/products/mf/release-history/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.papercut.com/products/ng/release-history/", + "url": "https://www.papercut.com/products/ng/release-history/" } ] } diff --git a/2019/12xxx/CVE-2019-12291.json b/2019/12xxx/CVE-2019-12291.json index bb67be00a25..afefbfbcc68 100644 --- a/2019/12xxx/CVE-2019-12291.json +++ b/2019/12xxx/CVE-2019-12291.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12291", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12291", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hashicorp.com/blog/category/consul", + "refsource": "MISC", + "name": "https://www.hashicorp.com/blog/category/consul" } ] } diff --git a/2019/7xxx/CVE-2019-7215.json b/2019/7xxx/CVE-2019-7215.json index 72873251cb9..dac9c4c1c76 100644 --- a/2019/7xxx/CVE-2019-7215.json +++ b/2019/7xxx/CVE-2019-7215.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7215", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://knowledgebase.progress.com/#sort=relevancy&f:@objecttypelabel=[Product%20Alert]", + "refsource": "MISC", + "name": "https://knowledgebase.progress.com/#sort=relevancy&f:@objecttypelabel=[Product%20Alert]" + }, + { + "refsource": "CONFIRM", + "name": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019", + "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019" } ] } diff --git a/2019/9xxx/CVE-2019-9929.json b/2019/9xxx/CVE-2019-9929.json index 5e4eaf38592..0f4fe393f43 100644 --- a/2019/9xxx/CVE-2019-9929.json +++ b/2019/9xxx/CVE-2019-9929.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9929", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9929", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cfengine.com/product/latest-release/", + "refsource": "MISC", + "name": "https://cfengine.com/product/latest-release/" + }, + { + "refsource": "MISC", + "name": "https://cfengine.com/company/blog-detail/cve-2019-9929-internal-authentication-secrets-leaked-in-logs/", + "url": "https://cfengine.com/company/blog-detail/cve-2019-9929-internal-authentication-secrets-leaked-in-logs/" } ] }