diff --git a/2018/14xxx/CVE-2018-14062.json b/2018/14xxx/CVE-2018-14062.json index bb2b1cab44a..cebb47536e0 100644 --- a/2018/14xxx/CVE-2018-14062.json +++ b/2018/14xxx/CVE-2018-14062.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14062", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://conference.hitb.org/hitbsecconf2019ams/sessions/the-birdman-hacking-cospas-sarsat-satellites/", + "url": "https://conference.hitb.org/hitbsecconf2019ams/sessions/the-birdman-hacking-cospas-sarsat-satellites/" + }, + { + "refsource": "MISC", + "name": "https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%20-%20The%20Birdman%20and%20Cospas-Sarsat%20Satellites%20-%20Hao%20Jingli.pdf", + "url": "https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%20-%20The%20Birdman%20and%20Cospas-Sarsat%20Satellites%20-%20Hao%20Jingli.pdf" } ] } diff --git a/2019/12xxx/CVE-2019-12255.json b/2019/12xxx/CVE-2019-12255.json index 04553242b47..313dc2ff09b 100644 --- a/2019/12xxx/CVE-2019-12255.json +++ b/2019/12xxx/CVE-2019-12255.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Affected versions: 6.6, 6.7, 6.8, 6.9" + "value": "Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow." } ] }, diff --git a/2019/12xxx/CVE-2019-12256.json b/2019/12xxx/CVE-2019-12256.json index 021b7416355..4a1bf10e3e9 100644 --- a/2019/12xxx/CVE-2019-12256.json +++ b/2019/12xxx/CVE-2019-12256.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets\u2019 IP optionss." + "value": "Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets\u2019 IP options." } ] }, diff --git a/2019/12xxx/CVE-2019-12257.json b/2019/12xxx/CVE-2019-12257.json index d84d5abe528..678a34b2663 100644 --- a/2019/12xxx/CVE-2019-12257.json +++ b/2019/12xxx/CVE-2019-12257.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc." + "value": "Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc." } ] }, diff --git a/2019/12xxx/CVE-2019-12791.json b/2019/12xxx/CVE-2019-12791.json index a0d070e4602..65b2e8dd8b2 100644 --- a/2019/12xxx/CVE-2019-12791.json +++ b/2019/12xxx/CVE-2019-12791.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12791", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12791", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-password-reset-form/", + "url": "https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-password-reset-form/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/serghey-rodin/vesta/issues/1921", + "url": "https://github.com/serghey-rodin/vesta/issues/1921" } ] } diff --git a/2019/12xxx/CVE-2019-12792.json b/2019/12xxx/CVE-2019-12792.json index 8a876cd390a..c46410da63c 100644 --- a/2019/12xxx/CVE-2019-12792.json +++ b/2019/12xxx/CVE-2019-12792.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12792", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12792", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/serghey-rodin/vesta/issues/1921", + "url": "https://github.com/serghey-rodin/vesta/issues/1921" + }, + { + "refsource": "MISC", + "name": "https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-upload-handler/", + "url": "https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-upload-handler/" } ] }