From f2b3d0e6a86900efa7e5718fa51d8cf161f54581 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 16 Jul 2019 19:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/17xxx/CVE-2017-17485.json | 5 + 2018/12xxx/CVE-2018-12022.json | 5 + 2018/12xxx/CVE-2018-12023.json | 5 + 2018/14xxx/CVE-2018-14718.json | 5 + 2018/14xxx/CVE-2018-14719.json | 5 + 2018/15xxx/CVE-2018-15756.json | 7 +- 2018/18xxx/CVE-2018-18095.json | 5 + 2018/19xxx/CVE-2018-19360.json | 5 + 2018/19xxx/CVE-2018-19361.json | 5 + 2018/19xxx/CVE-2018-19362.json | 5 + 2019/1010xxx/CVE-2019-1010042.json | 58 ++------- 2019/1010xxx/CVE-2019-1010061.json | 63 ++-------- 2019/6xxx/CVE-2019-6160.json | 187 +++++++++++++++-------------- 2019/9xxx/CVE-2019-9700.json | 58 +++++++-- 14 files changed, 210 insertions(+), 208 deletions(-) diff --git a/2017/17xxx/CVE-2017-17485.json b/2017/17xxx/CVE-2017-17485.json index 0a915418d8d..36fc76dcbb9 100644 --- a/2017/17xxx/CVE-2017-17485.json +++ b/2017/17xxx/CVE-2017-17485.json @@ -146,6 +146,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2018/12xxx/CVE-2018-12022.json b/2018/12xxx/CVE-2018-12022.json index 7f4d508a65f..725c92a1f22 100644 --- a/2018/12xxx/CVE-2018-12022.json +++ b/2018/12xxx/CVE-2018-12022.json @@ -141,6 +141,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2018/12xxx/CVE-2018-12023.json b/2018/12xxx/CVE-2018-12023.json index fa650ebeb42..930cdcb5ba0 100644 --- a/2018/12xxx/CVE-2018-12023.json +++ b/2018/12xxx/CVE-2018-12023.json @@ -146,6 +146,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2018/14xxx/CVE-2018-14718.json b/2018/14xxx/CVE-2018-14718.json index a44ef30d716..b76b03d48d3 100644 --- a/2018/14xxx/CVE-2018-14718.json +++ b/2018/14xxx/CVE-2018-14718.json @@ -136,6 +136,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2018/14xxx/CVE-2018-14719.json b/2018/14xxx/CVE-2018-14719.json index 5658e7196c3..e1c195c38b9 100644 --- a/2018/14xxx/CVE-2018-14719.json +++ b/2018/14xxx/CVE-2018-14719.json @@ -121,6 +121,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index 7b1de28f3c2..352974562b8 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security_alert@emc.com", + "ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2018-10-16T07:00:00.000Z", "ID": "CVE-2018-15756", "STATE": "PUBLIC", @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756", + "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2018/18xxx/CVE-2018-18095.json b/2018/18xxx/CVE-2018-18095.json index 2a7b61b6aa2..46c88aa5abb 100644 --- a/2018/18xxx/CVE-2018-18095.json +++ b/2018/18xxx/CVE-2018-18095.json @@ -53,6 +53,11 @@ "refsource": "BID", "name": "109103", "url": "http://www.securityfocus.com/bid/109103" + }, + { + "refsource": "CONFIRM", + "name": "https://support.lenovo.com/us/en/product_security/LEN-28116", + "url": "https://support.lenovo.com/us/en/product_security/LEN-28116" } ] }, diff --git a/2018/19xxx/CVE-2018-19360.json b/2018/19xxx/CVE-2018-19360.json index f9b56d7995d..70f60c69cc0 100644 --- a/2018/19xxx/CVE-2018-19360.json +++ b/2018/19xxx/CVE-2018-19360.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2018/19xxx/CVE-2018-19361.json b/2018/19xxx/CVE-2018-19361.json index 9d52d175374..a6a7f9baa09 100644 --- a/2018/19xxx/CVE-2018-19361.json +++ b/2018/19xxx/CVE-2018-19361.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index 56cf5f15185..c40c1524d83 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1782", "url": "https://access.redhat.com/errata/RHSA-2019:1782" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1797", + "url": "https://access.redhat.com/errata/RHSA-2019:1797" } ] } diff --git a/2019/1010xxx/CVE-2019-1010042.json b/2019/1010xxx/CVE-2019-1010042.json index 61922bcfcde..4e3c89a9c57 100644 --- a/2019/1010xxx/CVE-2019-1010042.json +++ b/2019/1010xxx/CVE-2019-1010042.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "ID": "CVE-2019-1010042", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "couchcms", - "version": { - "version_data": [ - { - "version_value": "2" - } - ] - } - } - ] - }, - "vendor_name": "couchcms" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1010042", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "couchcms 2 is affected by: Web Site physical path leakage. The impact is: disclosure the full path. The component is: includes/mysql2i/mysql2i.func.php and addons/phpmailer/phpmailer.php. The attack vector is: network connectivity." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Web Site physical path leakage" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/CouchCMS/CouchCMS/issues/46", - "refsource": "MISC", - "name": "https://github.com/CouchCMS/CouchCMS/issues/46" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7662. Reason: This candidate is a reservation duplicate of CVE-2018-7662. Notes: All CVE users should reference CVE-2018-7662 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/1010xxx/CVE-2019-1010061.json b/2019/1010xxx/CVE-2019-1010061.json index 23534d5d957..46158e7e6a7 100644 --- a/2019/1010xxx/CVE-2019-1010061.json +++ b/2019/1010xxx/CVE-2019-1010061.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "ID": "CVE-2019-1010061", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "BigTree-CMS", - "version": { - "version_data": [ - { - "version_value": "commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6 and earlier [fixed: after commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6]" - } - ] - } - } - ] - }, - "vendor_name": "BigTree-CMS" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1010061", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "BigTree-CMS commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6 and earlier is affected by: Improper Neutralization of Script-Related HTML Tags in a Web Page. The impact is: Any Javascript code can be executed. The component is: users management page. The attack vector is: Insert payload into users' profile and wait for administrators to visit the users management page. The fixed version is: after commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/bigtreecms/BigTree-CMS/issues/332", - "refsource": "MISC", - "name": "https://github.com/bigtreecms/BigTree-CMS/issues/332" - }, - { - "url": "https://github.com/bigtreecms/BigTree-CMS/commit/b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6", - "refsource": "MISC", - "name": "https://github.com/bigtreecms/BigTree-CMS/commit/b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10364. Reason: This candidate is a reservation duplicate of CVE-2018-10364. Notes: All CVE users should reference CVE-2018-10364 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/6xxx/CVE-2019-6160.json b/2019/6xxx/CVE-2019-6160.json index b8b99ec52a8..423f6905941 100644 --- a/2019/6xxx/CVE-2019-6160.json +++ b/2019/6xxx/CVE-2019-6160.json @@ -1,95 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-07-16T16:00:00.000Z", - "ID": "CVE-2019-6160", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "NAS products", - "version": { - "version_data": [ - { - "affected": "=", - "version_value": "various" - } - ] - } - } - ] - }, - "vendor_name": "Iomega and LenovoEMC" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Lenovo would like to thank WhiteHat Security and Vertical Structure for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-07-16T16:00:00.000Z", + "ID": "CVE-2019-6160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NAS products", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "various" + } + ] + } + } + ] + }, + "vendor_name": "Iomega and LenovoEMC" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-25557" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Update to the firmware level (or later) described for your system in the Product Impact section of LEN-25557. If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares and using the device only on trusted networks." - } - ], - "source": { - "advisory": "LEN-25557", - "discovery": "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank WhiteHat Security and Vertical Structure for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.lenovo.com/solutions/LEN-25557", + "url": "https://support.lenovo.com/solutions/LEN-25557" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to the firmware level (or later) described for your system in the Product Impact section of LEN-25557. If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares and using the device only on trusted networks." + } + ], + "source": { + "advisory": "LEN-25557", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9700.json b/2019/9xxx/CVE-2019-9700.json index 8891b088983..4a10fe30738 100644 --- a/2019/9xxx/CVE-2019-9700.json +++ b/2019/9xxx/CVE-2019-9700.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9700", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9700", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Norton", + "product": { + "product_data": [ + { + "product_name": "Norton Password Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.3.0.2082" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Address Spoof" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1483.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1483.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic." } ] }