diff --git a/2018/16xxx/CVE-2018-16877.json b/2018/16xxx/CVE-2018-16877.json index a27a7712495..a4e94a7aa4a 100644 --- a/2018/16xxx/CVE-2018-16877.json +++ b/2018/16xxx/CVE-2018-16877.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-16877", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16878.json b/2018/16xxx/CVE-2018-16878.json index 94398391974..ca1ebb802e5 100644 --- a/2018/16xxx/CVE-2018-16878.json +++ b/2018/16xxx/CVE-2018-16878.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-16878", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17287.json b/2018/17xxx/CVE-2018-17287.json index b781b26fdc5..9ae1c75f838 100644 --- a/2018/17xxx/CVE-2018-17287.json +++ b/2018/17xxx/CVE-2018-17287.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17287", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end \"download\" feature, as demonstrated by an mfp.password downloadsettingvalue operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17287-Information%20Disclosure-Kofax", + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17287-Information%20Disclosure-Kofax" } ] } diff --git a/2018/17xxx/CVE-2018-17288.json b/2018/17xxx/CVE-2018-17288.json index a86e80e1bdf..3cb86d6dc62 100644 --- a/2018/17xxx/CVE-2018-17288.json +++ b/2018/17xxx/CVE-2018-17288.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17288", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) \"Filename\" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) \"DeviceName\" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17288-XSS-Kofax", + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17288-XSS-Kofax" } ] } diff --git a/2018/17xxx/CVE-2018-17289.json b/2018/17xxx/CVE-2018-17289.json index 0ffb10577d7..9beb611d99b 100644 --- a/2018/17xxx/CVE-2018-17289.json +++ b/2018/17xxx/CVE-2018-17289.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17289", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17289-XXE-Kofax", + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17289-XXE-Kofax" } ] } diff --git a/2019/11xxx/CVE-2019-11017.json b/2019/11xxx/CVE-2019-11017.json index 7ca08ccb561..2d636e72958 100644 --- a/2019/11xxx/CVE-2019-11017.json +++ b/2019/11xxx/CVE-2019-11017.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11017", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11017", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46687", + "url": "https://www.exploit-db.com/exploits/46687" } ] } diff --git a/2019/11xxx/CVE-2019-11191.json b/2019/11xxx/CVE-2019-11191.json index b1a037559da..c3e6918bfca 100644 --- a/2019/11xxx/CVE-2019-11191.json +++ b/2019/11xxx/CVE-2019-11191.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107887", "url": "http://www.securityfocus.com/bid/107887" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190418 Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID", + "url": "http://www.openwall.com/lists/oss-security/2019/04/18/5" } ] } diff --git a/2019/11xxx/CVE-2019-11223.json b/2019/11xxx/CVE-2019-11223.json index bd48aa2bad0..c0379314010 100644 --- a/2019/11xxx/CVE-2019-11223.json +++ b/2019/11xxx/CVE-2019-11223.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11223", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wordpress.org/plugins/supportcandy/#developers", + "url": "https://wordpress.org/plugins/supportcandy/#developers" + }, + { + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/", + "url": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/" } ] } diff --git a/2019/3xxx/CVE-2019-3398.json b/2019/3xxx/CVE-2019-3398.json index a385d5b615e..6fee6538f5f 100644 --- a/2019/3xxx/CVE-2019-3398.json +++ b/2019/3xxx/CVE-2019-3398.json @@ -1,98 +1,100 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-04-17T00:00:00", - "ID": "CVE-2019-3398", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Confluence", - "version": { - "version_data": [ - { - "version_value": "2.0.0", - "version_affected": ">=" - }, - { - "version_value": "6.6.13", - "version_affected": "<" - }, - { - "version_value": "6.7.0", - "version_affected": ">=" - }, - { - "version_value": "6.12.4", - "version_affected": "<" - }, - { - "version_value": "6.13.0", - "version_affected": ">=" - }, - { - "version_value": "6.13.4", - "version_affected": "<" - }, - { - "version_value": "6.14.0", - "version_affected": ">=" - }, - { - "version_value": "6.14.3", - "version_affected": "<" - }, - { - "version_value": "6.15.0", - "version_affected": ">=" - }, - { - "version_value": "6.15.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Path Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-04-17T00:00:00", + "ID": "CVE-2019-3398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence", + "version": { + "version_data": [ + { + "version_value": "2.0.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.13", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.12.4", + "version_affected": "<" + }, + { + "version_value": "6.13.0", + "version_affected": ">=" + }, + { + "version_value": "6.13.4", + "version_affected": "<" + }, + { + "version_value": "6.14.0", + "version_affected": ">=" + }, + { + "version_value": "6.14.3", + "version_affected": "<" + }, + { + "version_value": "6.15.0", + "version_affected": ">=" + }, + { + "version_value": "6.15.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CONFSERVER-58102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-58102", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CONFSERVER-58102" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3885.json b/2019/3xxx/CVE-2019-3885.json index e03db67aa11..ad9aa6db177 100644 --- a/2019/3xxx/CVE-2019-3885.json +++ b/2019/3xxx/CVE-2019-3885.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3885", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,13 +45,13 @@ "references": { "reference_data": [ { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885", + "url": "https://github.com/ClusterLabs/pacemaker/pull/1749", + "name": "https://github.com/ClusterLabs/pacemaker/pull/1749", "refsource": "CONFIRM" }, { - "url": "https://github.com/ClusterLabs/pacemaker/pull/1749", - "name": "https://github.com/ClusterLabs/pacemaker/pull/1749", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885", "refsource": "CONFIRM" } ] @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9005.json b/2019/9xxx/CVE-2019-9005.json index 91e5b00b065..258e6f41fe6 100644 --- a/2019/9xxx/CVE-2019-9005.json +++ b/2019/9xxx/CVE-2019-9005.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9005", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://marketplace.atlassian.com/apps/43318/power-scripts-jira-script-automation/version-history", + "url": "https://marketplace.atlassian.com/apps/43318/power-scripts-jira-script-automation/version-history" + }, + { + "refsource": "MISC", + "name": "https://www.detack.de/en/cve-2019-9005", + "url": "https://www.detack.de/en/cve-2019-9005" } ] }