From 11254ca438eca548d3662975e63ba242426d2c6d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 29 Nov 2019 21:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1855.json | 81 ++++++++++++++++++++++++++++++++-- 2015/2xxx/CVE-2015-2060.json | 78 +++++++++++++++++++++++++++++++- 2015/3xxx/CVE-2015-3406.json | 68 +++++++++++++++++++++++++++- 2019/18xxx/CVE-2019-18849.json | 5 +++ 2019/19xxx/CVE-2019-19396.json | 18 ++++++++ 2019/5xxx/CVE-2019-5247.json | 58 +++++++++++++++++++++--- 2019/5xxx/CVE-2019-5268.json | 58 +++++++++++++++++++++--- 2019/5xxx/CVE-2019-5271.json | 58 +++++++++++++++++++++--- 2019/5xxx/CVE-2019-5308.json | 58 +++++++++++++++++++++--- 2019/5xxx/CVE-2019-5309.json | 58 +++++++++++++++++++++--- 10 files changed, 498 insertions(+), 42 deletions(-) create mode 100644 2019/19xxx/CVE-2019-19396.json diff --git a/2015/1xxx/CVE-2015-1855.json b/2015/1xxx/CVE-2015-1855.json index e6d3b0c73b5..ba1772d80f2 100644 --- a/2015/1xxx/CVE-2015-1855.json +++ b/2015/1xxx/CVE-2015-1855.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1855", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,82 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ruby", + "product": { + "product_data": [ + { + "product_name": "Ruby", + "version": { + "version_data": [ + { + "version_value": "before 2.0.0 patchlevel 645" + }, + { + "version_value": "2.1.x before 2.1.6" + }, + { + "version_value": "and 2.2.x before 2.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3247", + "url": "http://www.debian.org/security/2015/dsa-3247" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3245", + "url": "http://www.debian.org/security/2015/dsa-3245" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3246", + "url": "http://www.debian.org/security/2015/dsa-3246" + }, + { + "refsource": "MISC", + "name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", + "url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/" + }, + { + "refsource": "MISC", + "name": "https://puppetlabs.com/security/cve/cve-2015-1855", + "url": "https://puppetlabs.com/security/cve/cve-2015-1855" + }, + { + "refsource": "MISC", + "name": "https://bugs.ruby-lang.org/issues/9644", + "url": "https://bugs.ruby-lang.org/issues/9644" } ] } diff --git a/2015/2xxx/CVE-2015-2060.json b/2015/2xxx/CVE-2015-2060.json index 6aaba83f421..c179fad50d0 100644 --- a/2015/2xxx/CVE-2015-2060.json +++ b/2015/2xxx/CVE-2015-2060.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2060", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/02/18/3", + "url": "http://www.openwall.com/lists/oss-security/2015/02/18/3" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/02/23/16", + "url": "http://www.openwall.com/lists/oss-security/2015/02/23/16" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/02/23/24", + "url": "http://www.openwall.com/lists/oss-security/2015/02/23/24" + }, + { + "refsource": "MISC", + "name": "http://www.cabextract.org.uk/", + "url": "http://www.cabextract.org.uk/" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html" + }, + { + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064" } ] } diff --git a/2015/3xxx/CVE-2015-3406.json b/2015/3xxx/CVE-2015-3406.json index 124afebad48..4dce795b938 100644 --- a/2015/3xxx/CVE-2015-3406.json +++ b/2015/3xxx/CVE-2015-3406.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3406", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,72 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/07/1", + "url": "http://www.openwall.com/lists/oss-security/2015/04/07/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/23/17", + "url": "http://www.openwall.com/lists/oss-security/2015/04/23/17" + }, + { + "refsource": "MISC", + "name": "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f", + "url": "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f" + }, + { + "refsource": "MISC", + "name": "https://metacpan.org/changes/distribution/Module-Signature", + "url": "https://metacpan.org/changes/distribution/Module-Signature" + }, + { + "refsource": "MISC", + "name": "http://ubuntu.com/usn/usn-2607-1", + "url": "http://ubuntu.com/usn/usn-2607-1" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18849.json b/2019/18xxx/CVE-2019-18849.json index 1c46fa82323..edd7892fbea 100644 --- a/2019/18xxx/CVE-2019-18849.json +++ b/2019/18xxx/CVE-2019-18849.json @@ -61,6 +61,11 @@ "url": "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18", "refsource": "MISC", "name": "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2005-1] tnef security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html" } ] } diff --git a/2019/19xxx/CVE-2019-19396.json b/2019/19xxx/CVE-2019-19396.json new file mode 100644 index 00000000000..3423226168c --- /dev/null +++ b/2019/19xxx/CVE-2019-19396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5247.json b/2019/5xxx/CVE-2019-5247.json index ca4d2426045..b1421c4b97e 100644 --- a/2019/5xxx/CVE-2019-5247.json +++ b/2019/5xxx/CVE-2019-5247.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5247", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5247", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Atlas 300, Atlas 500", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-atlas-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-atlas-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash." } ] } diff --git a/2019/5xxx/CVE-2019-5268.json b/2019/5xxx/CVE-2019-5268.json index 2d54d1012cd..cfd2d800f02 100644 --- a/2019/5xxx/CVE-2019-5268.json +++ b/2019/5xxx/CVE-2019-5268.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5268", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5268", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CD10-10, CD16-10, CD17-10, CD18-10, HiRouter-CD15-10, HiRouter-CD20-10, HiRouter-CD21-16, HiRouter-CD30-10, HiRouter-CD30-11, HiRouter-H1-10, TC5200-10, WS5100-10, WS5102-10, WS5106-10, WS5108-10, WS5200-10, WS5200-11, , WS5280-10, WS5280-11, WS6500-10, WS6500-11, WS826-10", + "version": { + "version_data": [ + { + "version_value": "10.0.2.2, 10.0.2.3, 9.0.3.3, 9.0.2.23, 9.0.2.3, 9.0.3.9, 10.0.2.8, 9.0.3.11, 9.0.3.22" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories." } ] } diff --git a/2019/5xxx/CVE-2019-5271.json b/2019/5xxx/CVE-2019-5271.json index e4b912e2ee9..ebeeef4425a 100644 --- a/2019/5xxx/CVE-2019-5271.json +++ b/2019/5xxx/CVE-2019-5271.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5271", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5271", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Myna", + "version": { + "version_data": [ + { + "version_value": "9.0.1.10(H100SP10C00), 9.0.1.10(H100SP11C00), 9.0.1.10(H100SP12C00), 9.0.1.10(H100SP5C00), 9.0.1.10(H100SP8C00), 9.0.1.9(H100SP6C00)," + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations." } ] } diff --git a/2019/5xxx/CVE-2019-5308.json b/2019/5xxx/CVE-2019-5308.json index 7edda412164..fc1262f081e 100644 --- a/2019/5xxx/CVE-2019-5308.json +++ b/2019/5xxx/CVE-2019-5308.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5308", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5308", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mate 20 RS", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 9.1.0.135(C786E133R3P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-smartphone-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation." } ] } diff --git a/2019/5xxx/CVE-2019-5309.json b/2019/5xxx/CVE-2019-5309.json index 1e057b9eb57..b98b2ba246c 100644 --- a/2019/5xxx/CVE-2019-5309.json +++ b/2019/5xxx/CVE-2019-5309.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5309", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5309", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honor play", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition." } ] }