diff --git a/2019/19xxx/CVE-2019-19603.json b/2019/19xxx/CVE-2019-19603.json index 07382737860..a170cedccda 100644 --- a/2019/19xxx/CVE-2019-19603.json +++ b/2019/19xxx/CVE-2019-19603.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name, as demonstrated by the sqlite_ substring." + "value": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.sqlite.org/", + "url": "https://www.sqlite.org/" + }, { "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", diff --git a/2019/19xxx/CVE-2019-19646.json b/2019/19xxx/CVE-2019-19646.json index 402ee6a6619..647aced8915 100644 --- a/2019/19xxx/CVE-2019-19646.json +++ b/2019/19xxx/CVE-2019-19646.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.sqlite.org/", + "url": "https://www.sqlite.org/" + }, { "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd", diff --git a/2019/19xxx/CVE-2019-19794.json b/2019/19xxx/CVE-2019-19794.json new file mode 100644 index 00000000000..e001b29a7f3 --- /dev/null +++ b/2019/19xxx/CVE-2019-19794.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/miekg/dns/issues/1043", + "refsource": "MISC", + "name": "https://github.com/miekg/dns/issues/1043" + }, + { + "url": "https://github.com/coredns/coredns/issues/3519", + "refsource": "MISC", + "name": "https://github.com/coredns/coredns/issues/3519" + }, + { + "url": "https://github.com/miekg/dns/pull/1044", + "refsource": "MISC", + "name": "https://github.com/miekg/dns/pull/1044" + }, + { + "url": "https://github.com/miekg/dns/compare/v1.1.24...v1.1.25", + "refsource": "MISC", + "name": "https://github.com/miekg/dns/compare/v1.1.24...v1.1.25" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19795.json b/2019/19xxx/CVE-2019-19795.json new file mode 100644 index 00000000000..1b667f2fe65 --- /dev/null +++ b/2019/19xxx/CVE-2019-19795.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/michaelforney/samurai/issues/29", + "refsource": "MISC", + "name": "https://github.com/michaelforney/samurai/issues/29" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19796.json b/2019/19xxx/CVE-2019-19796.json new file mode 100644 index 00000000000..6fd853e9c3d --- /dev/null +++ b/2019/19xxx/CVE-2019-19796.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/marcIhm/yabasic/issues/37", + "refsource": "MISC", + "name": "https://github.com/marcIhm/yabasic/issues/37" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5253.json b/2019/5xxx/CVE-2019-5253.json index eeb56d5faa3..ae0789e82d1 100644 --- a/2019/5xxx/CVE-2019-5253.json +++ b/2019/5xxx/CVE-2019-5253.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5253", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5253", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "E5572-855", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 8.0.1.3(H335SP1C233)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-04-dos-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-04-dos-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack." } ] } diff --git a/2019/5xxx/CVE-2019-5260.json b/2019/5xxx/CVE-2019-5260.json index c0b4be28b50..a2445ea7b14 100644 --- a/2019/5xxx/CVE-2019-5260.json +++ b/2019/5xxx/CVE-2019-5260.json @@ -1,17 +1,76 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5260", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5260", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI Y9 2019;Honor View 20", + "version": { + "version_data": [ + { + "version_value": "8.2.0.160(C185R2P2)" + }, + { + "version_value": "8.2.0.162(C605)" + }, + { + "version_value": "8.2.0.163(C605)" + }, + { + "version_value": "9.0.1.169(C636E1R4P1)" + }, + { + "version_value": "9.0.1.170(C185E2R3P1)" + }, + { + "version_value": "9.0.1.170(C432E1R3P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-mobile-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot." } ] } diff --git a/2019/5xxx/CVE-2019-5278.json b/2019/5xxx/CVE-2019-5278.json index a4aba65f3b4..adfc6161644 100644 --- a/2019/5xxx/CVE-2019-5278.json +++ b/2019/5xxx/CVE-2019-5278.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5278", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5278", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CampusInsight", + "version": { + "version_data": [ + { + "version_value": "V100R019C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash." } ] }