From 503e2b4507278a84c46a6b3971020a087640655f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 25 Sep 2019 23:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/18xxx/CVE-2017-18635.json | 77 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17793.json | 63 ++++------------------------ 2019/15xxx/CVE-2019-15292.json | 5 +++ 2019/16xxx/CVE-2019-16253.json | 62 +++++++++++++++++++++++++++ 4 files changed, 151 insertions(+), 56 deletions(-) create mode 100644 2017/18xxx/CVE-2017-18635.json create mode 100644 2019/16xxx/CVE-2019-16253.json diff --git a/2017/18xxx/CVE-2017-18635.json b/2017/18xxx/CVE-2017-18635.json new file mode 100644 index 00000000000..53a43155afe --- /dev/null +++ b/2017/18xxx/CVE-2017-18635.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/novnc/noVNC/issues/748", + "refsource": "MISC", + "name": "https://github.com/novnc/noVNC/issues/748" + }, + { + "url": "https://github.com/novnc/noVNC/releases/tag/v0.6.2", + "refsource": "MISC", + "name": "https://github.com/novnc/noVNC/releases/tag/v0.6.2" + }, + { + "url": "https://bugs.launchpad.net/horizon/+bug/1656435", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/horizon/+bug/1656435" + }, + { + "url": "https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534", + "refsource": "MISC", + "name": "https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17793.json b/2018/17xxx/CVE-2018-17793.json index c4a253dc5d6..41555275478 100644 --- a/2018/17xxx/CVE-2018-17793.json +++ b/2018/17xxx/CVE-2018-17793.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-17793", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17793", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via \"python $(bash >&2)\" and \"python $(rbash >&2)\" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/pypa/virtualenv/issues/1207", - "refsource": "MISC", - "url": "https://github.com/pypa/virtualenv/issues/1207" - }, - { - "name": "45528", - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/45528/" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/15xxx/CVE-2019-15292.json b/2019/15xxx/CVE-2019-15292.json index f5824a30a15..790dd711e52 100644 --- a/2019/15xxx/CVE-2019-15292.json +++ b/2019/15xxx/CVE-2019-15292.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K27112954", + "url": "https://support.f5.com/csp/article/K27112954" } ] } diff --git a/2019/16xxx/CVE-2019-16253.json b/2019/16xxx/CVE-2019-16253.json new file mode 100644 index 00000000000..a0b618e8f78 --- /dev/null +++ b/2019/16xxx/CVE-2019-16253.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154614/Samsung-Mobile-Android-SamsungTTS-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/154614/Samsung-Mobile-Android-SamsungTTS-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file