From fdb99fbe27ec1833d1430f21e55e35a6d703d873 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 14 Oct 2019 17:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14225.json | 67 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14226.json | 67 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14227.json | 67 +++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16278.json | 72 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16279.json | 72 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17043.json | 67 +++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17044.json | 72 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17092.json | 5 +++ 2019/17xxx/CVE-2019-17503.json | 5 +++ 2019/17xxx/CVE-2019-17504.json | 5 +++ 10 files changed, 499 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14225.json create mode 100644 2019/14xxx/CVE-2019-14226.json create mode 100644 2019/14xxx/CVE-2019-14227.json create mode 100644 2019/16xxx/CVE-2019-16278.json create mode 100644 2019/16xxx/CVE-2019-16279.json create mode 100644 2019/17xxx/CVE-2019-17043.json create mode 100644 2019/17xxx/CVE-2019-17044.json diff --git a/2019/14xxx/CVE-2019-14225.json b/2019/14xxx/CVE-2019-14225.json new file mode 100644 index 00000000000..a59faa69248 --- /dev/null +++ b/2019/14xxx/CVE-2019-14225.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OX App Suite 7.10.1 and 7.10.2 allows SSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", + "url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html" + }, + { + "refsource": "FULLDISC", + "name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", + "url": "https://seclists.org/fulldisclosure/2019/Oct/25" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14226.json b/2019/14xxx/CVE-2019-14226.json new file mode 100644 index 00000000000..d0b1cbd3562 --- /dev/null +++ b/2019/14xxx/CVE-2019-14226.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OX App Suite through 7.10.2 has Insecure Permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", + "url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html" + }, + { + "refsource": "FULLDISC", + "name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", + "url": "https://seclists.org/fulldisclosure/2019/Oct/25" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14227.json b/2019/14xxx/CVE-2019-14227.json new file mode 100644 index 00000000000..c7cb4f463ed --- /dev/null +++ b/2019/14xxx/CVE-2019-14227.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OX App Suite 7.10.1 and 7.10.2 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20191011 Open-Xchange Security Advisory 2019-10-09", + "url": "http://seclists.org/fulldisclosure/2019/Oct/25" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", + "url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16278.json b/2019/16xxx/CVE-2019-16278.json new file mode 100644 index 00000000000..b8c530b1448 --- /dev/null +++ b/2019/16xxx/CVE-2019-16278.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.nazgul.ch/dev/nostromo_cl.txt", + "refsource": "MISC", + "name": "http://www.nazgul.ch/dev/nostromo_cl.txt" + }, + { + "url": "https://sp0re.sh", + "refsource": "MISC", + "name": "https://sp0re.sh" + }, + { + "refsource": "MISC", + "name": "https://git.sp0re.sh/sp0re/Nhttpd-exploits", + "url": "https://git.sp0re.sh/sp0re/Nhttpd-exploits" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16279.json b/2019/16xxx/CVE-2019-16279.json new file mode 100644 index 00000000000..8480b2f43fa --- /dev/null +++ b/2019/16xxx/CVE-2019-16279.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.nazgul.ch/dev/nostromo_cl.txt", + "refsource": "MISC", + "name": "http://www.nazgul.ch/dev/nostromo_cl.txt" + }, + { + "url": "https://sp0re.sh", + "refsource": "MISC", + "name": "https://sp0re.sh" + }, + { + "refsource": "MISC", + "name": "https://git.sp0re.sh/sp0re/Nhttpd-exploits", + "url": "https://git.sp0re.sh/sp0re/Nhttpd-exploits" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17043.json b/2019/17xxx/CVE-2019-17043.json new file mode 100644 index 00000000000..7d3ac73750d --- /dev/null +++ b/2019/17xxx/CVE-2019-17043.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the \"patrol\" user by specially crafting a shared library .so file that will be loaded during execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/whira_wr", + "refsource": "MISC", + "name": "https://twitter.com/whira_wr" + }, + { + "refsource": "MISC", + "name": "https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation", + "url": "https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17044.json b/2019/17xxx/CVE-2019-17044.json new file mode 100644 index 00000000000..d8d71c427e2 --- /dev/null +++ b/2019/17xxx/CVE-2019-17044.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with \"patrol\" privileges to elevate his/her privileges to the ones of the \"root\" user by specially crafting a shared library .so file that will be loaded during execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/whira_wr", + "refsource": "MISC", + "name": "https://twitter.com/whira_wr" + }, + { + "refsource": "MISC", + "name": "https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation", + "url": "https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.bmc.com/docs/PATROLAgent/11302/notification-of-action-required-by-patrol-agent-users-to-apply-the-security-patch-898411558.html", + "url": "https://docs.bmc.com/docs/PATROLAgent/11302/notification-of-action-required-by-patrol-agent-users-to-apply-the-security-patch-898411558.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17092.json b/2019/17xxx/CVE-2019-17092.json index 3ef8dfe3c81..ead7f45efc2 100644 --- a/2019/17xxx/CVE-2019-17092.json +++ b/2019/17xxx/CVE-2019-17092.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://groups.google.com/forum/#!topic/openproject-security/tEsx0UXWxXA", "url": "https://groups.google.com/forum/#!topic/openproject-security/tEsx0UXWxXA" + }, + { + "refsource": "FULLDISC", + "name": "20191014 SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject", + "url": "http://seclists.org/fulldisclosure/2019/Oct/29" } ] } diff --git a/2019/17xxx/CVE-2019-17503.json b/2019/17xxx/CVE-2019-17503.json index f1672a24797..2eead858d5f 100644 --- a/2019/17xxx/CVE-2019-17503.json +++ b/2019/17xxx/CVE-2019-17503.json @@ -56,6 +56,11 @@ "url": "https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities", "refsource": "MISC", "name": "https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html" } ] } diff --git a/2019/17xxx/CVE-2019-17504.json b/2019/17xxx/CVE-2019-17504.json index e65036a688d..d7a86052952 100644 --- a/2019/17xxx/CVE-2019-17504.json +++ b/2019/17xxx/CVE-2019-17504.json @@ -56,6 +56,11 @@ "url": "https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities", "refsource": "MISC", "name": "https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html" } ] }