From 37ee02c3b476c16e958a359047899485aa56c53f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 9 Apr 2019 20:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/17xxx/CVE-2018-17144.json | 5 ++ 2018/18xxx/CVE-2018-18308.json | 10 +++ 2018/18xxx/CVE-2018-18365.json | 58 +++++++++++-- 2018/20xxx/CVE-2018-20237.json | 5 ++ 2018/3xxx/CVE-2018-3639.json | 5 ++ 2019/10xxx/CVE-2019-10845.json | 5 ++ 2019/1xxx/CVE-2019-1567.json | 58 +++++++++++-- 2019/5xxx/CVE-2019-5019.json | 31 ++++--- 2019/5xxx/CVE-2019-5511.json | 58 +++++++++++-- 2019/5xxx/CVE-2019-5512.json | 58 +++++++++++-- 2019/5xxx/CVE-2019-5513.json | 58 +++++++++++-- 2019/6xxx/CVE-2019-6977.json | 5 ++ 2019/7xxx/CVE-2019-7358.json | 150 ++++++++++++++++++++++++++++++++- 2019/7xxx/CVE-2019-7359.json | 150 ++++++++++++++++++++++++++++++++- 2019/7xxx/CVE-2019-7360.json | 150 ++++++++++++++++++++++++++++++++- 2019/7xxx/CVE-2019-7361.json | 150 ++++++++++++++++++++++++++++++++- 16 files changed, 893 insertions(+), 63 deletions(-) diff --git a/2018/17xxx/CVE-2018-17144.json b/2018/17xxx/CVE-2018-17144.json index 6e1c4eb8749..76158366cae 100644 --- a/2018/17xxx/CVE-2018-17144.json +++ b/2018/17xxx/CVE-2018-17144.json @@ -71,6 +71,11 @@ "name": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", "refsource": "MISC", "url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/JinBean/CVE-Extension", + "url": "https://github.com/JinBean/CVE-Extension" } ] } diff --git a/2018/18xxx/CVE-2018-18308.json b/2018/18xxx/CVE-2018-18308.json index f1cea6f2f50..c27052fb9f0 100644 --- a/2018/18xxx/CVE-2018-18308.json +++ b/2018/18xxx/CVE-2018-18308.json @@ -61,6 +61,16 @@ "name": "45628", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45628/" + }, + { + "refsource": "MISC", + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/356", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/356" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/bigtreecms/BigTree-CMS/commit/ffd668a3aa7d2f540dbcdf5751f207302519df72", + "url": "https://github.com/bigtreecms/BigTree-CMS/commit/ffd668a3aa7d2f540dbcdf5751f207302519df72" } ] } diff --git a/2018/18xxx/CVE-2018-18365.json b/2018/18xxx/CVE-2018-18365.json index c347bf04375..e6d883e6452 100644 --- a/2018/18xxx/CVE-2018-18365.json +++ b/2018/18xxx/CVE-2018-18365.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18365", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18365", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Norton Password Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.2.0.1078 (Android) & 6.2.309 (iOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Address Spoof" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/en_US/article.SYMSA1475.html", + "url": "https://support.symantec.com/en_US/article.SYMSA1475.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic." } ] } diff --git a/2018/20xxx/CVE-2018-20237.json b/2018/20xxx/CVE-2018-20237.json index 2e8c6b6a399..368d1a0c92e 100644 --- a/2018/20xxx/CVE-2018-20237.json +++ b/2018/20xxx/CVE-2018-20237.json @@ -74,6 +74,11 @@ "name": "107041", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107041" + }, + { + "refsource": "MISC", + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/" } ] } diff --git a/2018/3xxx/CVE-2018-3639.json b/2018/3xxx/CVE-2018-3639.json index aaae91ee21b..d54f0f527c9 100644 --- a/2018/3xxx/CVE-2018-3639.json +++ b/2018/3xxx/CVE-2018-3639.json @@ -732,6 +732,11 @@ "refsource": "CONFIRM", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" + }, + { + "refsource": "CONFIRM", + "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html", + "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html" } ] } diff --git a/2019/10xxx/CVE-2019-10845.json b/2019/10xxx/CVE-2019-10845.json index f4a2dac23a7..40f8fbc29a9 100644 --- a/2019/10xxx/CVE-2019-10845.json +++ b/2019/10xxx/CVE-2019-10845.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://vuldb.com/?id.132960", "url": "https://vuldb.com/?id.132960" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152452/Uniqkey-Password-Manager-1.14-Denial-Of-Service.html", + "url": "http://packetstormsecurity.com/files/152452/Uniqkey-Password-Manager-1.14-Denial-Of-Service.html" } ] } diff --git a/2019/1xxx/CVE-2019-1567.json b/2019/1xxx/CVE-2019-1567.json index 9c3ae39ef2d..0802e7e9382 100644 --- a/2019/1xxx/CVE-2019-1567.json +++ b/2019/1xxx/CVE-2019-1567.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1567", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1567", + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Palo Alto Networks Expedition Migration Tool", + "version": { + "version_data": [ + { + "version_value": "Expedition 1.1.6 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/141", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/141" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings." } ] } diff --git a/2019/5xxx/CVE-2019-5019.json b/2019/5xxx/CVE-2019-5019.json index 72e01dac5c9..70762ed957b 100644 --- a/2019/5xxx/CVE-2019-5019.json +++ b/2019/5xxx/CVE-2019-5019.json @@ -1,14 +1,17 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "talos-cna@cisco.com", - "DATE_PUBLIC": "2019-02-28T00:00:00", "ID": "CVE-2019-5019", + "ASSIGNER": "talos-cna@cisco.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "n/a", "product": { "product_data": [ { @@ -22,23 +25,11 @@ } } ] - }, - "vendor_name": "Talos" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A heap overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -54,10 +45,18 @@ "references": { "reference_data": [ { - "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780", "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780" } ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution." + } + ] } } \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5511.json b/2019/5xxx/CVE-2019-5511.json index 608a1d42088..6a1c130a929 100644 --- a/2019/5xxx/CVE-2019-5511.json +++ b/2019/5xxx/CVE-2019-5511.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5511", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5511", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workstation", + "version": { + "version_data": [ + { + "version_value": "VMware Workstation 15.x prior to 15.0.3, 14.x before 14.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0002.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0002.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege." } ] } diff --git a/2019/5xxx/CVE-2019-5512.json b/2019/5xxx/CVE-2019-5512.json index 6b40bbe6c41..7e8cdb74c72 100644 --- a/2019/5xxx/CVE-2019-5512.json +++ b/2019/5xxx/CVE-2019-5512.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5512", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5512", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workstation", + "version": { + "version_data": [ + { + "version_value": "VMware Workstation 15.x prior to 15.0.3, 14.x before 14.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0002.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0002.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege." } ] } diff --git a/2019/5xxx/CVE-2019-5513.json b/2019/5xxx/CVE-2019-5513.json index a80b31083c1..1d6c36d6104 100644 --- a/2019/5xxx/CVE-2019-5513.json +++ b/2019/5xxx/CVE-2019-5513.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5513", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5513", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Horizon Connection Server", + "version": { + "version_data": [ + { + "version_value": "VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server\u2019s internal name, or the gateway\u2019s internal IP address." } ] } diff --git a/2019/6xxx/CVE-2019-6977.json b/2019/6xxx/CVE-2019-6977.json index 207b13c99dc..4c1382612ad 100644 --- a/2019/6xxx/CVE-2019-6977.json +++ b/2019/6xxx/CVE-2019-6977.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1140", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html", + "url": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html" } ] } diff --git a/2019/7xxx/CVE-2019-7358.json b/2019/7xxx/CVE-2019-7358.json index fc8cad92bdc..30357ef363d 100644 --- a/2019/7xxx/CVE-2019-7358.json +++ b/2019/7xxx/CVE-2019-7358.json @@ -1,8 +1,131 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2019-7358", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Autodesk AutoCAD LT", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk Civil 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk Advance Steel", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Map 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD MEP", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD P&ID", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + } + ] + }, + "vendor_name": "Autodesk" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +134,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001" } ] } diff --git a/2019/7xxx/CVE-2019-7359.json b/2019/7xxx/CVE-2019-7359.json index 9e8bd47bfd7..02f94061e5f 100644 --- a/2019/7xxx/CVE-2019-7359.json +++ b/2019/7xxx/CVE-2019-7359.json @@ -1,8 +1,131 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2019-7359", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Autodesk Advance Steel", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Map 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD MEP", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD P&ID", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD LT", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk Civil 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + } + ] + }, + "vendor_name": "Autodesk" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +134,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001" } ] } diff --git a/2019/7xxx/CVE-2019-7360.json b/2019/7xxx/CVE-2019-7360.json index c87a720cbd5..938e55cf08c 100644 --- a/2019/7xxx/CVE-2019-7360.json +++ b/2019/7xxx/CVE-2019-7360.json @@ -1,8 +1,131 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2019-7360", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Autodesk Civil 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk Advance Steel", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Map 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD MEP", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD P&ID", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD LT", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + } + ] + }, + "vendor_name": "Autodesk" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +134,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001" } ] } diff --git a/2019/7xxx/CVE-2019-7361.json b/2019/7xxx/CVE-2019-7361.json index 4cc25e2e793..0d17b462490 100644 --- a/2019/7xxx/CVE-2019-7361.json +++ b/2019/7xxx/CVE-2019-7361.json @@ -1,8 +1,131 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2019-7361", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Autodesk Civil 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk Advance Steel", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Map 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD MEP", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD P&ID", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + }, + { + "product_name": "Autodesk AutoCAD LT", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + } + ] + }, + "vendor_name": "Autodesk" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +134,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001" } ] }