From 1ac0a0a6c326520873cf66aea23e3851d01ba04b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 Nov 2019 15:01:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/1xxx/CVE-2011-1028.json | 60 ++++++++++++++++++++++++++++++++-- 2012/6xxx/CVE-2012-6136.json | 55 +++++++++++++++++++++++++++++-- 2013/0xxx/CVE-2013-0193.json | 60 ++++++++++++++++++++++++++++++++-- 2013/0xxx/CVE-2013-0194.json | 60 ++++++++++++++++++++++++++++++++-- 2013/0xxx/CVE-2013-0195.json | 60 ++++++++++++++++++++++++++++++++-- 2016/5xxx/CVE-2016-5194.json | 50 ++++++++++++++++++++++++++-- 2016/9xxx/CVE-2016-9652.json | 50 ++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11687.json | 2 +- 8 files changed, 375 insertions(+), 22 deletions(-) diff --git a/2011/1xxx/CVE-2011-1028.json b/2011/1xxx/CVE-2011-1028.json index 38b435a3007..02a5609ed4d 100644 --- a/2011/1xxx/CVE-2011-1028.json +++ b/2011/1xxx/CVE-2011-1028.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1028", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "smarty3", + "version": { + "version_data": [ + { + "version_value": "3" + } + ] + } + } + ] + }, + "vendor_name": "smarty3" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNKNOWN_TYPE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2011-1028", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2011-1028" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2011-1028", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2011-1028" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2011/q1/313", + "url": "https://seclists.org/oss-sec/2011/q1/313" } ] } diff --git a/2012/6xxx/CVE-2012-6136.json b/2012/6xxx/CVE-2012-6136.json index 0179c8af577..652224db00b 100644 --- a/2012/6xxx/CVE-2012-6136.json +++ b/2012/6xxx/CVE-2012-6136.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6136", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tuned", + "version": { + "version_data": [ + { + "version_value": "2.10.0-1" + } + ] + } + } + ] + }, + "vendor_name": "tuned" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-6136", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-6136" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136" } ] } diff --git a/2013/0xxx/CVE-2013-0193.json b/2013/0xxx/CVE-2013-0193.json index 8600ad44a9b..923c5f105ba 100644 --- a/2013/0xxx/CVE-2013-0193.json +++ b/2013/0xxx/CVE-2013-0193.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0193", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "piwik", + "product": { + "product_data": [ + { + "product_name": "piwik", + "version": { + "version_data": [ + { + "version_value": "1.10.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-0193", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-0193" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/01/17/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/17/15" + }, + { + "refsource": "CONFIRM", + "name": "https://matomo.org/changelog/piwik-1-10/", + "url": "https://matomo.org/changelog/piwik-1-10/" } ] } diff --git a/2013/0xxx/CVE-2013-0194.json b/2013/0xxx/CVE-2013-0194.json index d8d4f82d699..9fa959aee2a 100644 --- a/2013/0xxx/CVE-2013-0194.json +++ b/2013/0xxx/CVE-2013-0194.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0194", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "piwik", + "product": { + "product_data": [ + { + "product_name": "piwik", + "version": { + "version_data": [ + { + "version_value": "1.10.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/17/15", + "url": "http://www.openwall.com/lists/oss-security/2013/01/17/15" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-0194", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-0194" + }, + { + "refsource": "CONFIRM", + "name": "https://matomo.org/changelog/piwik-1-10/", + "url": "https://matomo.org/changelog/piwik-1-10/" } ] } diff --git a/2013/0xxx/CVE-2013-0195.json b/2013/0xxx/CVE-2013-0195.json index 54ea179df73..e513a383fb5 100644 --- a/2013/0xxx/CVE-2013-0195.json +++ b/2013/0xxx/CVE-2013-0195.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0195", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "piwik", + "version": { + "version_data": [ + { + "version_value": "through 2013" + } + ] + } + } + ] + }, + "vendor_name": "piwik" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/17/15", + "url": "http://www.openwall.com/lists/oss-security/2013/01/17/15" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-0195", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-0195" + }, + { + "refsource": "CONFIRM", + "name": "https://matomo.org/changelog/piwik-1-10/", + "url": "https://matomo.org/changelog/piwik-1-10/" } ] } diff --git a/2016/5xxx/CVE-2016-5194.json b/2016/5xxx/CVE-2016-5194.json index 833eb464145..90522b23a12 100644 --- a/2016/5xxx/CVE-2016-5194.json +++ b/2016/5xxx/CVE-2016-5194.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@google.com", "ID": "CVE-2016-5194", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "before 54.0.2840.59" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "various fixes from internal audits" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html", + "url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html" } ] } diff --git a/2016/9xxx/CVE-2016-9652.json b/2016/9xxx/CVE-2016-9652.json index 6d5c224dee8..c342a983b3d 100644 --- a/2016/9xxx/CVE-2016-9652.json +++ b/2016/9xxx/CVE-2016-9652.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@google.com", "ID": "CVE-2016-9652", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "before 55.0.2883.75" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unspecified vulnerabilities in Google Chrome before 55.0.2883.75." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "various fixes from internal audits" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", + "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" } ] } diff --git a/2019/11xxx/CVE-2019-11687.json b/2019/11xxx/CVE-2019-11687.json index 8f3b2e747ca..715d7aee9b1 100644 --- a/2019/11xxx/CVE-2019-11687.json +++ b/2019/11xxx/CVE-2019-11687.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files. Credit for the discovery of this vulnerability goes to Markel Picado Ortiz (d00rt) of Cylera Labs." + "value": "An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files." } ] },