From 00830852289b8c9e0846c2f82bd61fa00e879aab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Nov 2019 19:01:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/3xxx/CVE-2013-3070.json | 68 +++++++++++++++++++++++++++++++++- 2013/3xxx/CVE-2013-3072.json | 63 ++++++++++++++++++++++++++++++- 2013/4xxx/CVE-2013-4109.json | 65 ++++++++++++++++++++++++++++++-- 2019/0xxx/CVE-2019-0139.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0140.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0142.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0143.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0144.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0145.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0146.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0147.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0148.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0149.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0150.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0154.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0155.json | 58 +++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0185.json | 58 +++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11112.json | 50 +++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11135.json | 50 +++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11139.json | 50 +++++++++++++++++++++++-- 2019/18xxx/CVE-2019-18937.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18938.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18939.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18957.json | 5 +++ 24 files changed, 1235 insertions(+), 114 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18937.json create mode 100644 2019/18xxx/CVE-2019-18938.json create mode 100644 2019/18xxx/CVE-2019-18939.json diff --git a/2013/3xxx/CVE-2013-3070.json b/2013/3xxx/CVE-2013-3070.json index bc88a908484..8d7ab1e64b1 100644 --- a/2013/3xxx/CVE-2013-3070.json +++ b/2013/3xxx/CVE-2013-3070.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3070", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf", + "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only", + "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/59308", + "url": "https://www.securityfocus.com/bid/59308" } ] } diff --git a/2013/3xxx/CVE-2013-3072.json b/2013/3xxx/CVE-2013-3072.json index 849429a3a35..790e30ca066 100644 --- a/2013/3xxx/CVE-2013-3072.json +++ b/2013/3xxx/CVE-2013-3072.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3072", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http:///apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52", + "url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/", + "url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/" } ] } diff --git a/2013/4xxx/CVE-2013-4109.json b/2013/4xxx/CVE-2013-4109.json index e6773a5eea1..246ed048cf1 100644 --- a/2013/4xxx/CVE-2013-4109.json +++ b/2013/4xxx/CVE-2013-4109.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4109", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cryptocat", + "product": { + "product_data": [ + { + "product_name": "Message Handling", + "version": { + "version_data": [ + { + "version_value": "1.1.165" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Handling Unspecified XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2013/07/10/15", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2013/07/10/15" + }, + { + "url": "https://tobtu.com/decryptocat.php", + "refsource": "MISC", + "name": "https://tobtu.com/decryptocat.php" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/61097", + "url": "https://www.securityfocus.com/bid/61097" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/es/?id.9445", + "url": "https://vuldb.com/es/?id.9445" } ] } diff --git a/2019/0xxx/CVE-2019-0139.json b/2019/0xxx/CVE-2019-0139.json index 6f951f2bf7a..50e4059457d 100644 --- a/2019/0xxx/CVE-2019-0139.json +++ b/2019/0xxx/CVE-2019-0139.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0139", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0139", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0140.json b/2019/0xxx/CVE-2019-0140.json index 00a31b726f4..cd0ee299556 100644 --- a/2019/0xxx/CVE-2019-0140.json +++ b/2019/0xxx/CVE-2019-0140.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0140", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0140", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access." } ] } diff --git a/2019/0xxx/CVE-2019-0142.json b/2019/0xxx/CVE-2019-0142.json index fdc793e1d11..d9c59bd858d 100644 --- a/2019/0xxx/CVE-2019-0142.json +++ b/2019/0xxx/CVE-2019-0142.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0142", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0142", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0143.json b/2019/0xxx/CVE-2019-0143.json index ed961f9349c..ed1cbf51376 100644 --- a/2019/0xxx/CVE-2019-0143.json +++ b/2019/0xxx/CVE-2019-0143.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0143", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0143", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0144.json b/2019/0xxx/CVE-2019-0144.json index 811218f6dc0..54ca88808b6 100644 --- a/2019/0xxx/CVE-2019-0144.json +++ b/2019/0xxx/CVE-2019-0144.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0144", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0144", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0145.json b/2019/0xxx/CVE-2019-0145.json index 97877b9db3d..a6040f067e3 100644 --- a/2019/0xxx/CVE-2019-0145.json +++ b/2019/0xxx/CVE-2019-0145.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0145", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0145", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0146.json b/2019/0xxx/CVE-2019-0146.json index 9d00fcfac1f..26ac5931ce7 100644 --- a/2019/0xxx/CVE-2019-0146.json +++ b/2019/0xxx/CVE-2019-0146.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0146", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0146", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0147.json b/2019/0xxx/CVE-2019-0147.json index 3318aa4609d..5218135e47e 100644 --- a/2019/0xxx/CVE-2019-0147.json +++ b/2019/0xxx/CVE-2019-0147.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0147", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0147", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0148.json b/2019/0xxx/CVE-2019-0148.json index 3108be1e55c..11dfa553540 100644 --- a/2019/0xxx/CVE-2019-0148.json +++ b/2019/0xxx/CVE-2019-0148.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0148", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0148", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0149.json b/2019/0xxx/CVE-2019-0149.json index c8a639958ee..4afe1730af8 100644 --- a/2019/0xxx/CVE-2019-0149.json +++ b/2019/0xxx/CVE-2019-0149.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0149", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0149", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0150.json b/2019/0xxx/CVE-2019-0150.json index 92cb2268c25..e659ad32f7c 100644 --- a/2019/0xxx/CVE-2019-0150.json +++ b/2019/0xxx/CVE-2019-0150.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0150", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0150", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0154.json b/2019/0xxx/CVE-2019-0154.json index efe4cd0888d..8e36e0ea741 100644 --- a/2019/0xxx/CVE-2019-0154.json +++ b/2019/0xxx/CVE-2019-0154.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0154", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0154", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Processor Graphics Update", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0155.json b/2019/0xxx/CVE-2019-0155.json index e267dcda424..e09df5e028b 100644 --- a/2019/0xxx/CVE-2019-0155.json +++ b/2019/0xxx/CVE-2019-0155.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0155", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0155", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Graphics Driver for Windows* and Linux", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access." } ] } diff --git a/2019/0xxx/CVE-2019-0185.json b/2019/0xxx/CVE-2019-0185.json index 23cc938021b..332494fd7f5 100644 --- a/2019/0xxx/CVE-2019-0185.json +++ b/2019/0xxx/CVE-2019-0185.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0185", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0185", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Processor Graphics SMM", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00254.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00254.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access." } ] } diff --git a/2019/11xxx/CVE-2019-11112.json b/2019/11xxx/CVE-2019-11112.json index 86c0d09dd43..86726856f8a 100644 --- a/2019/11xxx/CVE-2019-11112.json +++ b/2019/11xxx/CVE-2019-11112.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Graphics Driver for Windows* and Linux", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access." } ] } diff --git a/2019/11xxx/CVE-2019-11135.json b/2019/11xxx/CVE-2019-11135.json index da3fd88ba5b..121c939af72 100644 --- a/2019/11xxx/CVE-2019-11135.json +++ b/2019/11xxx/CVE-2019-11135.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 TSX Asynchronous Abort", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access." } ] } diff --git a/2019/11xxx/CVE-2019-11139.json b/2019/11xxx/CVE-2019-11139.json index 55788f091c0..2a31bf448d7 100644 --- a/2019/11xxx/CVE-2019-11139.json +++ b/2019/11xxx/CVE-2019-11139.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "2019.2 IPU \u2013 Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation", + "version": { + "version_data": [ + { + "version_value": "See provided reference" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access." } ] } diff --git a/2019/18xxx/CVE-2019-18937.json b/2019/18xxx/CVE-2019-18937.json new file mode 100644 index 00000000000..1b65f87bf07 --- /dev/null +++ b/2019/18xxx/CVE-2019-18937.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://psytester.github.io/CVE-2019-18937/", + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2019-18937/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18938.json b/2019/18xxx/CVE-2019-18938.json new file mode 100644 index 00000000000..e473edc08b9 --- /dev/null +++ b/2019/18xxx/CVE-2019-18938.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://psytester.github.io/CVE-2019-18938/", + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2019-18938/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18939.json b/2019/18xxx/CVE-2019-18939.json new file mode 100644 index 00000000000..bb06cc0ae75 --- /dev/null +++ b/2019/18xxx/CVE-2019-18939.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://psytester.github.io/CVE-2019-18939/", + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2019-18939/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18957.json b/2019/18xxx/CVE-2019-18957.json index 0e45bfe3735..d609150d8df 100644 --- a/2019/18xxx/CVE-2019-18957.json +++ b/2019/18xxx/CVE-2019-18957.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html" + }, { "refsource": "MISC", "name": "https://seclists.org/bugtraq/2019/Nov/23",