From ecca289be6e24f937566a6b0345d92d01b966b20 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 26 Aug 2019 21:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15756.json | 5 +++ 2018/18xxx/CVE-2018-18668.json | 58 ++++++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19857.json | 5 +++ 2019/10xxx/CVE-2019-10747.json | 2 +- 2019/12xxx/CVE-2019-12874.json | 5 +++ 2019/13xxx/CVE-2019-13602.json | 5 +++ 2019/13xxx/CVE-2019-13962.json | 5 +++ 2019/15xxx/CVE-2019-15055.json | 67 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15295.json | 5 +++ 2019/15xxx/CVE-2019-15497.json | 62 +++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15525.json | 5 +++ 2019/5xxx/CVE-2019-5439.json | 5 +++ 2019/5xxx/CVE-2019-5459.json | 5 +++ 2019/5xxx/CVE-2019-5460.json | 5 +++ 14 files changed, 236 insertions(+), 3 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15055.json create mode 100644 2019/15xxx/CVE-2019-15497.json diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index 2bb14746c0b..acef73f4d49 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -141,6 +141,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2018/18xxx/CVE-2018-18668.json b/2018/18xxx/CVE-2018-18668.json index 8d0d4c7cc79..2ad7970e6a0 100644 --- a/2018/18xxx/CVE-2018-18668.json +++ b/2018/18xxx/CVE-2018-18668.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18668", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"homepage title\" parameter, aka the adm/config_form_update.php cf_title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172", + "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496", + "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-53f7f220c2d2861a98444adf09471496" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0", + "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0" } ] } diff --git a/2018/19xxx/CVE-2018-19857.json b/2018/19xxx/CVE-2018-19857.json index 25f3634f650..efd7ae59e18 100644 --- a/2018/19xxx/CVE-2018-19857.json +++ b/2018/19xxx/CVE-2018-19857.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1897", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2015", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html" } ] } diff --git a/2019/10xxx/CVE-2019-10747.json b/2019/10xxx/CVE-2019-10747.json index 4677d145d4f..ff673848cee 100644 --- a/2019/10xxx/CVE-2019-10747.json +++ b/2019/10xxx/CVE-2019-10747.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "set-value is vulnerable to Prototype Pollution in versions before 2.0.1 and version 3.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads." + "value": "set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads." } ] } diff --git a/2019/12xxx/CVE-2019-12874.json b/2019/12xxx/CVE-2019-12874.json index 3e4152fc429..9527c1d3b77 100644 --- a/2019/12xxx/CVE-2019-12874.json +++ b/2019/12xxx/CVE-2019-12874.json @@ -86,6 +86,11 @@ "refsource": "GENTOO", "name": "GLSA-201908-23", "url": "https://security.gentoo.org/glsa/201908-23" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2015", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html" } ] } diff --git a/2019/13xxx/CVE-2019-13602.json b/2019/13xxx/CVE-2019-13602.json index 6a038da1d3a..61680fcd7a9 100644 --- a/2019/13xxx/CVE-2019-13602.json +++ b/2019/13xxx/CVE-2019-13602.json @@ -96,6 +96,11 @@ "refsource": "BUGTRAQ", "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update", "url": "https://seclists.org/bugtraq/2019/Aug/36" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2015", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html" } ] } diff --git a/2019/13xxx/CVE-2019-13962.json b/2019/13xxx/CVE-2019-13962.json index 73d55a1c940..8a5800aafd7 100644 --- a/2019/13xxx/CVE-2019-13962.json +++ b/2019/13xxx/CVE-2019-13962.json @@ -91,6 +91,11 @@ "refsource": "BUGTRAQ", "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update", "url": "https://seclists.org/bugtraq/2019/Aug/36" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2015", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html" } ] } diff --git a/2019/15xxx/CVE-2019-15055.json b/2019/15xxx/CVE-2019-15055.json new file mode 100644 index 00000000000..656b878c40a --- /dev/null +++ b/2019/15xxx/CVE-2019-15055.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mikrotik.com/download/changelogs/testing-release-tree", + "url": "https://mikrotik.com/download/changelogs/testing-release-tree" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-19-108", + "url": "https://fortiguard.com/zeroday/FG-VD-19-108" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15295.json b/2019/15xxx/CVE-2019-15295.json index 94375a68453..dc558ea55b2 100644 --- a/2019/15xxx/CVE-2019-15295.json +++ b/2019/15xxx/CVE-2019-15295.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/", "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/" + }, + { + "refsource": "MISC", + "name": "https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM", + "url": "https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM" } ] } diff --git a/2019/15xxx/CVE-2019-15497.json b/2019/15xxx/CVE-2019-15497.json new file mode 100644 index 00000000000..3dc0fdc1b94 --- /dev/null +++ b/2019/15xxx/CVE-2019-15497.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://experiencesofasysadmin.wordpress.com/2019/08/23/cve-2019-15497-default-credentials/", + "url": "https://experiencesofasysadmin.wordpress.com/2019/08/23/cve-2019-15497-default-credentials/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15525.json b/2019/15xxx/CVE-2019-15525.json index 16ba9304256..6ccecedbcff 100644 --- a/2019/15xxx/CVE-2019-15525.json +++ b/2019/15xxx/CVE-2019-15525.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2019/08/26/1", "url": "https://www.openwall.com/lists/oss-security/2019/08/26/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190826 CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270", + "url": "http://www.openwall.com/lists/oss-security/2019/08/26/1" } ] } diff --git a/2019/5xxx/CVE-2019-5439.json b/2019/5xxx/CVE-2019-5439.json index cd73154ae61..28485898db6 100644 --- a/2019/5xxx/CVE-2019-5439.json +++ b/2019/5xxx/CVE-2019-5439.json @@ -78,6 +78,11 @@ "refsource": "GENTOO", "name": "GLSA-201908-23", "url": "https://security.gentoo.org/glsa/201908-23" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2015", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5459.json b/2019/5xxx/CVE-2019-5459.json index 2278405301d..8af01ce799f 100644 --- a/2019/5xxx/CVE-2019-5459.json +++ b/2019/5xxx/CVE-2019-5459.json @@ -63,6 +63,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1897", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2015", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5460.json b/2019/5xxx/CVE-2019-5460.json index 3fb299dc5e1..d238904244a 100644 --- a/2019/5xxx/CVE-2019-5460.json +++ b/2019/5xxx/CVE-2019-5460.json @@ -63,6 +63,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1897", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2015", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html" } ] },