diff --git a/2019/5xxx/CVE-2019-5716.json b/2019/5xxx/CVE-2019-5716.json index 0d828b87df5..84e3375d80f 100644 --- a/2019/5xxx/CVE-2019-5716.json +++ b/2019/5xxx/CVE-2019-5716.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-5716", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217", + "refsource" : "MISC", + "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217" + }, + { + "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010", + "refsource" : "MISC", + "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010" + }, + { + "name" : "https://www.wireshark.org/security/wnpa-sec-2019-01.html", + "refsource" : "MISC", + "url" : "https://www.wireshark.org/security/wnpa-sec-2019-01.html" } ] } diff --git a/2019/5xxx/CVE-2019-5717.json b/2019/5xxx/CVE-2019-5717.json index d9999337e49..974430bba11 100644 --- a/2019/5xxx/CVE-2019-5717.json +++ b/2019/5xxx/CVE-2019-5717.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-5717", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337", + "refsource" : "MISC", + "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337" + }, + { + "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bf9272a92f3df1e4ccfaad434e123222ae5313f7", + "refsource" : "MISC", + "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bf9272a92f3df1e4ccfaad434e123222ae5313f7" + }, + { + "name" : "https://www.wireshark.org/security/wnpa-sec-2019-02.html", + "refsource" : "MISC", + "url" : "https://www.wireshark.org/security/wnpa-sec-2019-02.html" } ] } diff --git a/2019/5xxx/CVE-2019-5718.json b/2019/5xxx/CVE-2019-5718.json index 2afd5ecc496..c1806357cf6 100644 --- a/2019/5xxx/CVE-2019-5718.json +++ b/2019/5xxx/CVE-2019-5718.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-5718", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", + "refsource" : "MISC", + "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" + }, + { + "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", + "refsource" : "MISC", + "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" + }, + { + "name" : "https://www.wireshark.org/security/wnpa-sec-2019-03.html", + "refsource" : "MISC", + "url" : "https://www.wireshark.org/security/wnpa-sec-2019-03.html" } ] } diff --git a/2019/5xxx/CVE-2019-5719.json b/2019/5xxx/CVE-2019-5719.json index 0ce6ec2078f..f57840baf76 100644 --- a/2019/5xxx/CVE-2019-5719.json +++ b/2019/5xxx/CVE-2019-5719.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-5719", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374", + "refsource" : "MISC", + "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374" + }, + { + "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5b02f2a9b8772d8814096f86c60a32889d61f2c", + "refsource" : "MISC", + "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5b02f2a9b8772d8814096f86c60a32889d61f2c" + }, + { + "name" : "https://www.wireshark.org/security/wnpa-sec-2019-04.html", + "refsource" : "MISC", + "url" : "https://www.wireshark.org/security/wnpa-sec-2019-04.html" } ] } diff --git a/2019/5xxx/CVE-2019-5721.json b/2019/5xxx/CVE-2019-5721.json index d0a28933ac8..7e5047dec2f 100644 --- a/2019/5xxx/CVE-2019-5721.json +++ b/2019/5xxx/CVE-2019-5721.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-5721", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470", + "refsource" : "MISC", + "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470" + }, + { + "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe", + "refsource" : "MISC", + "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe" + }, + { + "name" : "https://www.wireshark.org/security/wnpa-sec-2019-05.html", + "refsource" : "MISC", + "url" : "https://www.wireshark.org/security/wnpa-sec-2019-05.html" } ] } diff --git a/2019/5xxx/CVE-2019-5725.json b/2019/5xxx/CVE-2019-5725.json new file mode 100644 index 00000000000..09d05edb489 --- /dev/null +++ b/2019/5xxx/CVE-2019-5725.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-5725", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/novysodope/Qibosoft-CMS", + "refsource" : "MISC", + "url" : "https://github.com/novysodope/Qibosoft-CMS" + } + ] + } +}