diff --git a/2016/10xxx/CVE-2016-10822.json b/2016/10xxx/CVE-2016-10822.json new file mode 100644 index 00000000000..ca7da4b3bec --- /dev/null +++ b/2016/10xxx/CVE-2016-10822.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10823.json b/2016/10xxx/CVE-2016-10823.json new file mode 100644 index 00000000000..c823c353996 --- /dev/null +++ b/2016/10xxx/CVE-2016-10823.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10824.json b/2016/10xxx/CVE-2016-10824.json new file mode 100644 index 00000000000..71dbe170c2e --- /dev/null +++ b/2016/10xxx/CVE-2016-10824.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10825.json b/2016/10xxx/CVE-2016-10825.json new file mode 100644 index 00000000000..26709cadf3a --- /dev/null +++ b/2016/10xxx/CVE-2016-10825.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10827.json b/2016/10xxx/CVE-2016-10827.json new file mode 100644 index 00000000000..8084b9a2bbe --- /dev/null +++ b/2016/10xxx/CVE-2016-10827.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10828.json b/2016/10xxx/CVE-2016-10828.json new file mode 100644 index 00000000000..18d02b12d6b --- /dev/null +++ b/2016/10xxx/CVE-2016-10828.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10829.json b/2016/10xxx/CVE-2016-10829.json new file mode 100644 index 00000000000..29d2b39529d --- /dev/null +++ b/2016/10xxx/CVE-2016-10829.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10830.json b/2016/10xxx/CVE-2016-10830.json new file mode 100644 index 00000000000..a2ae726a9aa --- /dev/null +++ b/2016/10xxx/CVE-2016-10830.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10831.json b/2016/10xxx/CVE-2016-10831.json new file mode 100644 index 00000000000..c08cc51619c --- /dev/null +++ b/2016/10xxx/CVE-2016-10831.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10832.json b/2016/10xxx/CVE-2016-10832.json new file mode 100644 index 00000000000..7f91d250536 --- /dev/null +++ b/2016/10xxx/CVE-2016-10832.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10833.json b/2016/10xxx/CVE-2016-10833.json new file mode 100644 index 00000000000..629480d3ca7 --- /dev/null +++ b/2016/10xxx/CVE-2016-10833.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10834.json b/2016/10xxx/CVE-2016-10834.json new file mode 100644 index 00000000000..2d65df3945b --- /dev/null +++ b/2016/10xxx/CVE-2016-10834.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10835.json b/2016/10xxx/CVE-2016-10835.json new file mode 100644 index 00000000000..796f0f3dcc9 --- /dev/null +++ b/2016/10xxx/CVE-2016-10835.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.cpanel.net/display/CL/56+Change+Log", + "refsource": "MISC", + "name": "https://documentation.cpanel.net/display/CL/56+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20936.json b/2018/20xxx/CVE-2018-20936.json new file mode 100644 index 00000000000..1de50c46be1 --- /dev/null +++ b/2018/20xxx/CVE-2018-20936.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20937.json b/2018/20xxx/CVE-2018-20937.json new file mode 100644 index 00000000000..1f807aa77a3 --- /dev/null +++ b/2018/20xxx/CVE-2018-20937.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20938.json b/2018/20xxx/CVE-2018-20938.json new file mode 100644 index 00000000000..176663e09c1 --- /dev/null +++ b/2018/20xxx/CVE-2018-20938.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20939.json b/2018/20xxx/CVE-2018-20939.json new file mode 100644 index 00000000000..2cce5c684e6 --- /dev/null +++ b/2018/20xxx/CVE-2018-20939.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20940.json b/2018/20xxx/CVE-2018-20940.json new file mode 100644 index 00000000000..5ee413da374 --- /dev/null +++ b/2018/20xxx/CVE-2018-20940.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20941.json b/2018/20xxx/CVE-2018-20941.json new file mode 100644 index 00000000000..1c92f207855 --- /dev/null +++ b/2018/20xxx/CVE-2018-20941.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20942.json b/2018/20xxx/CVE-2018-20942.json new file mode 100644 index 00000000000..0a86f3bbc3c --- /dev/null +++ b/2018/20xxx/CVE-2018-20942.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20943.json b/2018/20xxx/CVE-2018-20943.json new file mode 100644 index 00000000000..7e030150fb8 --- /dev/null +++ b/2018/20xxx/CVE-2018-20943.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20944.json b/2018/20xxx/CVE-2018-20944.json new file mode 100644 index 00000000000..252ebd08f8d --- /dev/null +++ b/2018/20xxx/CVE-2018-20944.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20945.json b/2018/20xxx/CVE-2018-20945.json new file mode 100644 index 00000000000..4cb061c9507 --- /dev/null +++ b/2018/20xxx/CVE-2018-20945.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20946.json b/2018/20xxx/CVE-2018-20946.json new file mode 100644 index 00000000000..144bccbafc8 --- /dev/null +++ b/2018/20xxx/CVE-2018-20946.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20947.json b/2018/20xxx/CVE-2018-20947.json new file mode 100644 index 00000000000..880813eab10 --- /dev/null +++ b/2018/20xxx/CVE-2018-20947.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20948.json b/2018/20xxx/CVE-2018-20948.json new file mode 100644 index 00000000000..4b45cec090a --- /dev/null +++ b/2018/20xxx/CVE-2018-20948.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20949.json b/2018/20xxx/CVE-2018-20949.json new file mode 100644 index 00000000000..efbd596cb3c --- /dev/null +++ b/2018/20xxx/CVE-2018-20949.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20950.json b/2018/20xxx/CVE-2018-20950.json new file mode 100644 index 00000000000..1a9232c136d --- /dev/null +++ b/2018/20xxx/CVE-2018-20950.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20951.json b/2018/20xxx/CVE-2018-20951.json new file mode 100644 index 00000000000..ae876e4254e --- /dev/null +++ b/2018/20xxx/CVE-2018-20951.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20952.json b/2018/20xxx/CVE-2018-20952.json new file mode 100644 index 00000000000..1be5530d747 --- /dev/null +++ b/2018/20xxx/CVE-2018-20952.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20953.json b/2018/20xxx/CVE-2018-20953.json new file mode 100644 index 00000000000..2821ef7fcd5 --- /dev/null +++ b/2018/20xxx/CVE-2018-20953.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://documentation.cpanel.net/display/CL/68+Change+Log", + "url": "https://documentation.cpanel.net/display/CL/68+Change+Log" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14491.json b/2019/14xxx/CVE-2019-14491.json new file mode 100644 index 00000000000..05caa991c9e --- /dev/null +++ b/2019/14xxx/CVE-2019-14491.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opencv/opencv/issues/15125", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/issues/15125" + }, + { + "url": "https://github.com/opencv/opencv/compare/33b765d...4a7ca5a", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/compare/33b765d...4a7ca5a" + }, + { + "url": "https://github.com/opencv/opencv/compare/371bba8...ddbd10c", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/compare/371bba8...ddbd10c" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14492.json b/2019/14xxx/CVE-2019-14492.json new file mode 100644 index 00000000000..31a3d89cc42 --- /dev/null +++ b/2019/14xxx/CVE-2019-14492.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opencv/opencv/compare/33b765d...4a7ca5a", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/compare/33b765d...4a7ca5a" + }, + { + "url": "https://github.com/opencv/opencv/compare/371bba8...ddbd10c", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/compare/371bba8...ddbd10c" + }, + { + "url": "https://github.com/opencv/opencv/issues/15124", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/issues/15124" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14493.json b/2019/14xxx/CVE-2019-14493.json new file mode 100644 index 00000000000..0a85f89b3a2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14493.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opencv/opencv/compare/371bba8...ddbd10c", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/compare/371bba8...ddbd10c" + }, + { + "url": "https://github.com/opencv/opencv/issues/15127", + "refsource": "MISC", + "name": "https://github.com/opencv/opencv/issues/15127" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14494.json b/2019/14xxx/CVE-2019-14494.json new file mode 100644 index 00000000000..fef23a36691 --- /dev/null +++ b/2019/14xxx/CVE-2019-14494.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/802", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/poppler/poppler/issues/802" + }, + { + "url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14495.json b/2019/14xxx/CVE-2019-14495.json new file mode 100644 index 00000000000..86d5deaf4ed --- /dev/null +++ b/2019/14xxx/CVE-2019-14495.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z3APA3A/3proxy/releases/tag/0.8.13", + "refsource": "MISC", + "name": "https://github.com/z3APA3A/3proxy/releases/tag/0.8.13" + }, + { + "url": "https://github.com/z3APA3A/3proxy/compare/0.8.12...0.8.13", + "refsource": "MISC", + "name": "https://github.com/z3APA3A/3proxy/compare/0.8.12...0.8.13" + }, + { + "url": "https://github.com/z3APA3A/3proxy/commit/3b67dc844789dc0f00e934270c7b349bcb547865", + "refsource": "MISC", + "name": "https://github.com/z3APA3A/3proxy/commit/3b67dc844789dc0f00e934270c7b349bcb547865" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:H/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7317.json b/2019/7xxx/CVE-2019-7317.json index fb2ba08f7e3..d1431b3d312 100644 --- a/2019/7xxx/CVE-2019-7317.json +++ b/2019/7xxx/CVE-2019-7317.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute." + "value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute." } ] }, diff --git a/2019/9xxx/CVE-2019-9140.json b/2019/9xxx/CVE-2019-9140.json index 69eef6f9118..2576f9f9560 100644 --- a/2019/9xxx/CVE-2019-9140.json +++ b/2019/9xxx/CVE-2019-9140.json @@ -1,8 +1,36 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2019-08-01T04:00:00.000Z", "ID": "CVE-2019-9140", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Happypoint mobile application information disclosure vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Happypoint mobile app", + "version": { + "version_data": [ + { + "platform": "Android", + "version_affected": "<=", + "version_name": "6.3.19", + "version_value": "6.3.19" + } + ] + } + } + ] + }, + "vendor_name": "SPC CLOUD" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +39,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35103", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35103" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file