diff --git a/2018/12xxx/CVE-2018-12204.json b/2018/12xxx/CVE-2018-12204.json index 48e4ef6f5e5..6685e794871 100644 --- a/2018/12xxx/CVE-2018-12204.json +++ b/2018/12xxx/CVE-2018-12204.json @@ -67,6 +67,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us" } ] } diff --git a/2019/10xxx/CVE-2019-10664.json b/2019/10xxx/CVE-2019-10664.json index d9aea2c07ab..db0a614c87d 100644 --- a/2019/10xxx/CVE-2019-10664.json +++ b/2019/10xxx/CVE-2019-10664.json @@ -56,6 +56,11 @@ "url": "https://github.com/domoticz/domoticz/commit/ee70db46f81afa582c96b887b73bcd2a86feda00", "refsource": "MISC", "name": "https://github.com/domoticz/domoticz/commit/ee70db46f81afa582c96b887b73bcd2a86feda00" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46773", + "url": "https://www.exploit-db.com/exploits/46773/" } ] } diff --git a/2019/10xxx/CVE-2019-10678.json b/2019/10xxx/CVE-2019-10678.json index 9971fb6c0b8..d5ad367841c 100644 --- a/2019/10xxx/CVE-2019-10678.json +++ b/2019/10xxx/CVE-2019-10678.json @@ -56,6 +56,11 @@ "url": "https://github.com/domoticz/domoticz/commit/2119afbe74ee0c914c1d5c4c859c594c08b0ad42", "refsource": "MISC", "name": "https://github.com/domoticz/domoticz/commit/2119afbe74ee0c914c1d5c4c859c594c08b0ad42" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46773", + "url": "https://www.exploit-db.com/exploits/46773/" } ] } diff --git a/2019/10xxx/CVE-2019-10948.json b/2019/10xxx/CVE-2019-10948.json index f7b5ae0fe34..c20456b9d3b 100644 --- a/2019/10xxx/CVE-2019-10948.json +++ b/2019/10xxx/CVE-2019-10948.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fujifilm", + "product": { + "product_data": [ + { + "product_name": "Fujifilm FCR Capsula X/ Carbon X", + "version": { + "version_data": [ + { + "version_value": "CR-IR 357 FCR Carbon X" + }, + { + "version_value": "CR-IR 357 FCR XC-2" + }, + { + "version_value": "FCR-IR 357 FCR Capsula X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted." } ] } diff --git a/2019/10xxx/CVE-2019-10950.json b/2019/10xxx/CVE-2019-10950.json index f006cf077a9..8e640f3e27f 100644 --- a/2019/10xxx/CVE-2019-10950.json +++ b/2019/10xxx/CVE-2019-10950.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10950", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fujifilm", + "product": { + "product_data": [ + { + "product_name": "Fujifilm FCR Capsula X/ Carbon X", + "version": { + "version_data": [ + { + "version_value": "CR-IR 357 FCR Carbon X" + }, + { + "version_value": "CR-IR 357 FCR XC-2" + }, + { + "version_value": "FCR-IR 357 FCR Capsula X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01" + }, + { + "refsource": "BID", + "name": "108052", + "url": "http://www.securityfocus.com/bid/108052" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying operating system." } ] } diff --git a/2019/11xxx/CVE-2019-11415.json b/2019/11xxx/CVE-2019-11415.json index 7744b9bf263..091b0abe3d2 100644 --- a/2019/11xxx/CVE-2019-11415.json +++ b/2019/11xxx/CVE-2019-11415.json @@ -56,6 +56,11 @@ "url": "https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/", "refsource": "MISC", "name": "https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46768", + "url": "https://www.exploit-db.com/exploits/46768/" } ] } diff --git a/2019/11xxx/CVE-2019-11416.json b/2019/11xxx/CVE-2019-11416.json index 865fbb13623..a876d4f182b 100644 --- a/2019/11xxx/CVE-2019-11416.json +++ b/2019/11xxx/CVE-2019-11416.json @@ -56,6 +56,11 @@ "url": "https://1.337.zone/2019/04/08/intelbras-iwr-3000n-1-5-0-csrf-lead-to-router-takeover/", "refsource": "MISC", "name": "https://1.337.zone/2019/04/08/intelbras-iwr-3000n-1-5-0-csrf-lead-to-router-takeover/" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46770", + "url": "https://www.exploit-db.com/exploits/46770/" } ] } diff --git a/2019/11xxx/CVE-2019-11601.json b/2019/11xxx/CVE-2019-11601.json new file mode 100644 index 00000000000..48e22896bcf --- /dev/null +++ b/2019/11xxx/CVE-2019-11601.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11602.json b/2019/11xxx/CVE-2019-11602.json new file mode 100644 index 00000000000..27d25da0878 --- /dev/null +++ b/2019/11xxx/CVE-2019-11602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11603.json b/2019/11xxx/CVE-2019-11603.json new file mode 100644 index 00000000000..c349d2bbad3 --- /dev/null +++ b/2019/11xxx/CVE-2019-11603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5624.json b/2019/5xxx/CVE-2019-5624.json index 215cff0d1e1..202ea7cc9f2 100644 --- a/2019/5xxx/CVE-2019-5624.json +++ b/2019/5xxx/CVE-2019-5624.json @@ -1,115 +1,115 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.6" - }, - "CVE_data_meta": { - "ID": "CVE-2019-5624", - "ASSIGNER": "cve@rapid7.com", - "DATE_PUBLIC": "2019-04-24T18:00:00.000Z", - "TITLE": "Rapid7 Metasploit Framework Zip Import Directory Traversal", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "discovery": "USER" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Rapid7", - "product": { - "product_data": [ - { - "product_name": "Metasploit Framework", - "version": { - "version_data": [ - { - "version_name": "4.14.0", - "version_affected": "<=", - "version_value": "4.14.0", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "CVE_data_meta": { + "ID": "CVE-2019-5624", + "ASSIGNER": "cve@rapid7.com", + "DATE_PUBLIC": "2019-04-24T18:00:00.000Z", + "TITLE": "Rapid7 Metasploit Framework Zip Import Directory Traversal", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "discovery": "USER" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rapid7", + "product": { + "product_data": [ + { + "product_name": "Metasploit Framework", + "version": { + "version_data": [ + { + "version_name": "4.14.0", + "version_affected": "<=", + "version_value": "4.14.0", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } ] - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://github.com/rapid7/metasploit-framework/pull/11716", + "name": "https://github.com/rapid7/metasploit-framework/pull/11716" + }, + { + "refsource": "CONFIRM", + "url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416", + "name": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416" + }, + { + "refsource": "MISC", + "url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html", + "name": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.0", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 7.4, + "baseSeverity": "HIGH" + } + }, + "exploit": [], + "work_around": [], + "solution": [ + { + "lang": "eng", + "value": "Update to version 4.15.0 or later." + } + ], + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni." + } ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit.\nThis issue affects:\nRapid7 Metasploit Framework version 4.14.0 and prior versions." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://github.com/rapid7/metasploit-framework/pull/11716", - "name": "https://github.com/rapid7/metasploit-framework/pull/11716" - }, - { - "refsource": "CONFIRM", - "url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416", - "name": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416" - }, - { - "refsource": "MISC", - "url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html", - "name": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.0", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "REQUIRED", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", - "baseScore": 7.4, - "baseSeverity": "HIGH" - } - }, - "exploit": [], - "work_around": [], - "solution": [ - { - "lang": "eng", - "value": "Update to version 4.15.0 or later." - } - ], - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni." - } - ] -} +} \ No newline at end of file