diff --git a/2018/20xxx/CVE-2018-20783.json b/2018/20xxx/CVE-2018-20783.json new file mode 100644 index 00000000000..bbb4bdf79ae --- /dev/null +++ b/2018/20xxx/CVE-2018-20783.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20783", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://php.net/ChangeLog-5.php", + "refsource" : "MISC", + "url" : "http://php.net/ChangeLog-5.php" + }, + { + "name" : "http://php.net/ChangeLog-7.php", + "refsource" : "MISC", + "url" : "http://php.net/ChangeLog-7.php" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77143", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77143" + } + ] + } +} diff --git a/2019/1xxx/CVE-2019-1664.json b/2019/1xxx/CVE-2019-1664.json index 4950bb441d8..5118859ca60 100644 --- a/2019/1xxx/CVE-2019-1664.json +++ b/2019/1xxx/CVE-2019-1664.json @@ -1,87 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-20T16:00:00-0800", - "ID": "CVE-2019-1664", - "STATE": "PUBLIC", - "TITLE": "Cisco HyperFlex Software Unauthenticated Root Access Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco HyperFlex HX-Series ", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "3.5(2a)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-20T16:00:00-0800", + "ID" : "CVE-2019-1664", + "STATE" : "PUBLIC", + "TITLE" : "Cisco HyperFlex Software Unauthenticated Root Access Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco HyperFlex HX-Series ", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "3.5(2a)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a)." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "8.1", + "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-284" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a). " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190220-chn-root-access", - "defect": [ - [ - "CSCvk31047" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190220-chn-root-access", + "defect" : [ + [ + "CSCvk31047" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1665.json b/2019/1xxx/CVE-2019-1665.json index 6a806699e03..5a7d90737e3 100644 --- a/2019/1xxx/CVE-2019-1665.json +++ b/2019/1xxx/CVE-2019-1665.json @@ -1,87 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-20T16:00:00-0800", - "ID": "CVE-2019-1665", - "STATE": "PUBLIC", - "TITLE": "Cisco Hyperflex Stored Cross-Site Scripting Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco HyperFlex HX-Series ", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "3.5(1a)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-20T16:00:00-0800", + "ID" : "CVE-2019-1665", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Hyperflex Stored Cross-Site Scripting Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco HyperFlex HX-Series ", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "3.5(1a)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "4.7", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected." - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "4.7", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190220 Cisco Hyperflex Stored Cross-Site Scripting Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-xss" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190220-hyper-xss", - "defect": [ - [ - "CSCvk59165" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190220 Cisco Hyperflex Stored Cross-Site Scripting Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-xss" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190220-hyper-xss", + "defect" : [ + [ + "CSCvk59165" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/1xxx/CVE-2019-1666.json b/2019/1xxx/CVE-2019-1666.json index cbaca99a04e..55120090dc9 100644 --- a/2019/1xxx/CVE-2019-1666.json +++ b/2019/1xxx/CVE-2019-1666.json @@ -1,87 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-20T16:00:00-0800", - "ID": "CVE-2019-1666", - "STATE": "PUBLIC", - "TITLE": "Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco HyperFlex HX-Series ", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "3.5(2a)" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-20T16:00:00-0800", + "ID" : "CVE-2019-1666", + "STATE" : "PUBLIC", + "TITLE" : "Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco HyperFlex HX-Series ", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "3.5(2a)" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "5.3", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-284" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190220 Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-retrieve" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190220-hyper-retrieve", - "defect": [ - [ - "CSCvj95580" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190220 Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-retrieve" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190220-hyper-retrieve", + "defect" : [ + [ + "CSCvj95580" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/8xxx/CVE-2019-8985.json b/2019/8xxx/CVE-2019-8985.json new file mode 100644 index 00000000000..8a17e69e35f --- /dev/null +++ b/2019/8xxx/CVE-2019-8985.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-8985", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP \"Authorization: Basic\" header that is mishandled by user_auth->user_ok in /bin/boa." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/netis/buffer%20overflow.md", + "refsource" : "MISC", + "url" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/netis/buffer%20overflow.md" + } + ] + } +}