From ed9d0faee8886f07596ba07fa1fc7a33d6fd71f1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 25 Feb 2019 13:06:14 -0500 Subject: [PATCH] - Synchronized data. --- 2019/1xxx/CVE-2019-1689.json | 168 +++++++++++++++++------------------ 2019/9xxx/CVE-2019-9146.json | 62 +++++++++++++ 2 files changed, 146 insertions(+), 84 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9146.json diff --git a/2019/1xxx/CVE-2019-1689.json b/2019/1xxx/CVE-2019-1689.json index fab6e202ca1..fa50d89efd5 100644 --- a/2019/1xxx/CVE-2019-1689.json +++ b/2019/1xxx/CVE-2019-1689.json @@ -1,87 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2019-02-20T16:00:00-0800", - "ID": "CVE-2019-1689", - "STATE": "PUBLIC", - "TITLE": "Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Webex Teams ", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "3.13.26920" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2019-02-20T16:00:00-0800", + "ID" : "CVE-2019-1689", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Webex Teams ", + "version" : { + "version_data" : [ + { + "affected" : "<", + "version_value" : "3.13.26920" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "7.3", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-20" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920." - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "7.3", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20190220 Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file" - } - ] - }, - "source": { - "advisory": "cisco-sa-20190220-webx-ios-file", - "defect": [ - [ - "CSCvn16403" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20190220 Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20190220-webx-ios-file", + "defect" : [ + [ + "CSCvn16403" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2019/9xxx/CVE-2019-9146.json b/2019/9xxx/CVE-2019-9146.json new file mode 100644 index 00000000000..152ebb92eab --- /dev/null +++ b/2019/9xxx/CVE-2019-9146.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9146", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the \"publish Bash shell scripts\" feature to insert \"/Applications/Utilities/Terminal app/Contents/MacOS/Terminal\" into the TCP data stream." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/JAMF/JAMF%20software%20%20local%20permission%20promotion%20vulnerability.md", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/JAMF/JAMF%20software%20%20local%20permission%20promotion%20vulnerability.md" + } + ] + } +}