diff --git a/2010/4xxx/CVE-2010-4653.json b/2010/4xxx/CVE-2010-4653.json index 5855a523ce7..db29292f22a 100644 --- a/2010/4xxx/CVE-2010-4653.json +++ b/2010/4xxx/CVE-2010-4653.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4653", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "poppler", + "product": { + "product_data": [ + { + "product_name": "poppler", + "version": { + "version_data": [ + { + "version_value": "before 0.16.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4653", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4653" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4653" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4653", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4653" + }, + { + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201310-03.xml", + "url": "http://security.gentoo.org/glsa/glsa-201310-03.xml" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/45948", + "url": "http://www.securityfocus.com/bid/45948" } ] } diff --git a/2010/4xxx/CVE-2010-4654.json b/2010/4xxx/CVE-2010-4654.json index 65959238e69..b2aff7b50e3 100644 --- a/2010/4xxx/CVE-2010-4654.json +++ b/2010/4xxx/CVE-2010-4654.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4654", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "poppler", + "product": { + "product_data": [ + { + "product_name": "poppler", + "version": { + "version_data": [ + { + "version_value": "before 0.16.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4654", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4654" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-4654", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-4654" + }, + { + "url": "http://security.gentoo.org/glsa/glsa-201310-03.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201310-03.xml" } ] } diff --git a/2013/3xxx/CVE-2013-3516.json b/2013/3xxx/CVE-2013-3516.json index 66827c3070c..b308b28b626 100644 --- a/2013/3xxx/CVE-2013-3516.json +++ b/2013/3xxx/CVE-2013-3516.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3516", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/exploiting-soho-routers/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/exploiting-soho-routers/" + }, + { + "url": "https://www.ise.io/soho_service_hacks/", + "refsource": "MISC", + "name": "https://www.ise.io/soho_service_hacks/" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/research/studies-and-papers/netgear_wnr3500/", + "url": "https://www.ise.io/research/studies-and-papers/netgear_wnr3500/" } ] } diff --git a/2019/18xxx/CVE-2019-18793.json b/2019/18xxx/CVE-2019-18793.json new file mode 100644 index 00000000000..39923151010 --- /dev/null +++ b/2019/18xxx/CVE-2019-18793.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the \"fileName\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155175/Parallels-Plesk-Panel-9.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155175/Parallels-Plesk-Panel-9.5-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18837.json b/2019/18xxx/CVE-2019-18837.json new file mode 100644 index 00000000000..5f2435d6bd5 --- /dev/null +++ b/2019/18xxx/CVE-2019-18837.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/containers/crun/pull/173", + "url": "https://github.com/containers/crun/pull/173" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/containers/crun/releases/tag/0.10.5", + "url": "https://github.com/containers/crun/releases/tag/0.10.5" + }, + { + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITB2UNEGHXZUR3ATYHWPSK5LJB36N7AP/", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITB2UNEGHXZUR3ATYHWPSK5LJB36N7AP/" + }, + { + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTA5SJUAKQUK6HRY2CZVJUIZP5BO3EOG/", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTA5SJUAKQUK6HRY2CZVJUIZP5BO3EOG/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18844.json b/2019/18xxx/CVE-2019-18844.json new file mode 100644 index 00000000000..b7b8a282f6d --- /dev/null +++ b/2019/18xxx/CVE-2019-18844.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc", + "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc" + }, + { + "refsource": "MISC", + "name": "https://github.com/projectacrn/acrn-hypervisor/issues/3252", + "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252" + }, + { + "refsource": "MISC", + "name": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa", + "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa" + }, + { + "refsource": "MISC", + "name": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p", + "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p" + }, + { + "refsource": "MISC", + "name": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535", + "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18883.json b/2019/18xxx/CVE-2019-18883.json new file mode 100644 index 00000000000..8c8b9d72549 --- /dev/null +++ b/2019/18xxx/CVE-2019-18883.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LavaLite/cms/", + "refsource": "MISC", + "name": "https://github.com/LavaLite/cms/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155241/LavaLite-CMS-5.7-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155241/LavaLite-CMS-5.7-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18884.json b/2019/18xxx/CVE-2019-18884.json new file mode 100644 index 00000000000..a1d340717e6 --- /dev/null +++ b/2019/18xxx/CVE-2019-18884.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://codecanyon.net/item/rise-ultimate-project-manager/15455641", + "refsource": "MISC", + "name": "https://codecanyon.net/item/rise-ultimate-project-manager/15455641" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155242/RISE-Ultimate-Project-Manager-2.3-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/155242/RISE-Ultimate-Project-Manager-2.3-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2210.json b/2019/2xxx/CVE-2019-2210.json index 9f9192a0556..d709d2a637a 100644 --- a/2019/2xxx/CVE-2019-2210.json +++ b/2019/2xxx/CVE-2019-2210.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2210", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2210", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2019-11-01", + "url": "https://source.android.com/security/bulletin/pixel/2019-11-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-139148442" } ] } diff --git a/2019/9xxx/CVE-2019-9466.json b/2019/9xxx/CVE-2019-9466.json index d7d60a40f57..b2b392ba73b 100644 --- a/2019/9xxx/CVE-2019-9466.json +++ b/2019/9xxx/CVE-2019-9466.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9466", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9466", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2019-11-01", + "url": "https://source.android.com/security/bulletin/pixel/2019-11-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Broadcom Wi-Fi driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-130375182" } ] } diff --git a/2019/9xxx/CVE-2019-9467.json b/2019/9xxx/CVE-2019-9467.json index 4a394935cf1..7833e81bd4e 100644 --- a/2019/9xxx/CVE-2019-9467.json +++ b/2019/9xxx/CVE-2019-9467.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9467", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9467", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2019-11-01", + "url": "https://source.android.com/security/bulletin/pixel/2019-11-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910" } ] }