diff --git a/2019/7xxx/CVE-2019-7006.json b/2019/7xxx/CVE-2019-7006.json index 7093074dc6f..8fcafd1886b 100644 --- a/2019/7xxx/CVE-2019-7006.json +++ b/2019/7xxx/CVE-2019-7006.json @@ -1,90 +1,39 @@ { - "CVE_data_meta": { - "ASSIGNER": "securityalerts@avaya.com", - "DATE_PUBLIC": "2019-02-26T07:00:00.000Z", - "ID": "CVE-2019-7006", - "STATE": "PUBLIC", - "TITLE": "Avaya one-X Communicator Weak Encryption" + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "DATE_PUBLIC" : "2019-02-26T07:00:00.000Z", + "ID" : "CVE-2019-7006", + "STATE" : "RESERVED", + "TITLE" : "Avaya one-X Communicator Weak Encryption" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "one-X Communicator", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "6.2.x", - "version_value": "6.2 SP13" - } - ] - } - } - ] - }, - "vendor_name": "Avaya" - } - ] + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + }, + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "LOCAL", + "availabilityImpact" : "LOW", + "baseScore" : 6.5, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "NONE", + "scope" : "UNCHANGED", + "userInteraction" : "REQUIRED", + "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", + "version" : "3.0" } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-326: Inadequate Encryption Strength" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://downloads.avaya.com/css/P8/documents/101055661", - "refsource": "CONFIRM", - "url": "https://downloads.avaya.com/css/P8/documents/101055661" - }, - { - "name": "https://downloads.avaya.com/css/P8/documents/101055601", - "refsource": "CONFIRM", - "url": "https://downloads.avaya.com/css/P8/documents/101055601" - } - ] - }, - "source": { - "advisory": "ASA-2019-046" + "source" : { + "advisory" : "ASA-2019-046" } } diff --git a/2019/9xxx/CVE-2019-9199.json b/2019/9xxx/CVE-2019-9199.json index f2b01cafb5b..4cf96cadd12 100644 --- a/2019/9xxx/CVE-2019-9199.json +++ b/2019/9xxx/CVE-2019-9199.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9199", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/", + "refsource" : "MISC", + "url" : "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/" + }, + { + "name" : "https://sourceforge.net/p/podofo/tickets/40/", + "refsource" : "MISC", + "url" : "https://sourceforge.net/p/podofo/tickets/40/" } ] } diff --git a/2019/9xxx/CVE-2019-9200.json b/2019/9xxx/CVE-2019-9200.json index a3072950cc9..ea5843a4880 100644 --- a/2019/9xxx/CVE-2019-9200.json +++ b/2019/9xxx/CVE-2019-9200.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9200", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/728", + "refsource" : "MISC", + "url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/728" + }, + { + "name" : "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/", + "refsource" : "MISC", + "url" : "https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/" } ] } diff --git a/2019/9xxx/CVE-2019-9201.json b/2019/9xxx/CVE-2019-9201.json new file mode 100644 index 00000000000..1e0cad06e4f --- /dev/null +++ b/2019/9xxx/CVE-2019-9201.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9201", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561", + "refsource" : "MISC", + "url" : "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9202.json b/2019/9xxx/CVE-2019-9202.json new file mode 100644 index 00000000000..9966113e207 --- /dev/null +++ b/2019/9xxx/CVE-2019-9202.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9202", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9203.json b/2019/9xxx/CVE-2019-9203.json new file mode 100644 index 00000000000..cc0a9f09ee9 --- /dev/null +++ b/2019/9xxx/CVE-2019-9203.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9203", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9204.json b/2019/9xxx/CVE-2019-9204.json new file mode 100644 index 00000000000..2faae79a84f --- /dev/null +++ b/2019/9xxx/CVE-2019-9204.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9204", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}