diff --git a/2018/19xxx/CVE-2018-19879.json b/2018/19xxx/CVE-2018-19879.json index 5237d3b0527..30c3a4247bb 100644 --- a/2018/19xxx/CVE-2018-19879.json +++ b/2018/19xxx/CVE-2018-19879.json @@ -58,9 +58,9 @@ "name": "https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware" }, { - "url": "https://www.triadsec.com/CVE-2018-19878.pdf", "refsource": "MISC", - "name": "https://www.triadsec.com/CVE-2018-19878.pdf" + "name": "https://www.triadsec.com/CVE-2018-19879.pdf", + "url": "https://www.triadsec.com/CVE-2018-19879.pdf" } ] }, diff --git a/2018/5xxx/CVE-2018-5757.json b/2018/5xxx/CVE-2018-5757.json index dcca7188583..9acca0b0e99 100644 --- a/2018/5xxx/CVE-2018-5757.json +++ b/2018/5xxx/CVE-2018-5757.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5757", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-5757", + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-5757" } ] } diff --git a/2019/10xxx/CVE-2019-10685.json b/2019/10xxx/CVE-2019-10685.json new file mode 100644 index 00000000000..4643bf135a7 --- /dev/null +++ b/2019/10xxx/CVE-2019-10685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10686.json b/2019/10xxx/CVE-2019-10686.json new file mode 100644 index 00000000000..c5f05304f15 --- /dev/null +++ b/2019/10xxx/CVE-2019-10686.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ctripcorp/apollo/issues/2103", + "refsource": "MISC", + "name": "https://github.com/ctripcorp/apollo/issues/2103" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9132.json b/2019/9xxx/CVE-2019-9132.json index 0fcc03a574e..98ad32ba4a3 100644 --- a/2019/9xxx/CVE-2019-9132.json +++ b/2019/9xxx/CVE-2019-9132.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-9132", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,39 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KaKao", + "product": { + "product_data": [ + { + "product_name": "Kakaotalk Windows PC Messenger", + "version": { + "version_data": [ + { + "version_value": "2.7.5.2024 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34981", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34981" } ] }