admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1947 from FBNeal/cve-publish

Browse Source 
Publish more CVEs for Facebook CNA
This commit is contained in:
CVE Team 2019-04-29 11:33:15 -04:00 committed by GitHub
commit 5696b86478
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 241 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2019/3xxx/CVE-2019-3560.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-25",
"ID": "CVE-2019-3560",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fizz",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "v2019.03.04.00"
},
{
"version_affected": "<",
"version_value": "v2019.03.04.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +40,29 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition (CWE-835)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2",
"refsource": "MISC",
"url": "https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2"
}
]
}
}
}

79
2019/3xxx/CVE-2019-3561.json
View File

@ -1,8 +1,53 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-03-28",
"ID": "CVE-2019-3561",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "4.0.4"
},
{
"version_affected": ">=",
"version_value": "4.0.0"
},
{
"version_affected": "!=>",
"version_value": "3.30.5"
},
{
"version_affected": ">=",
"version_value": "3.30.0"
},
{
"version_affected": "!=>",
"version_value": "3.27.8"
},
{
"version_affected": "<",
"version_value": "3.27.8"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +56,34 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75",
"refsource": "MISC",
"url": "https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75"
},
{
"name": "https://hhvm.com/blog/2019/04/03/hhvm-4.0.4.html",
"refsource": "MISC",
"url": "https://hhvm.com/blog/2019/04/03/hhvm-4.0.4.html"
}
]
}
}
}

62
2019/3xxx/CVE-2019-3562.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-03-28",
"ID": "CVE-2019-3562",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oculus Browser",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "5.7.11"
},
{
"version_affected": ">=",
"version_value": "5.2.7"
},
{
"version_affected": "!<",
"version_value": "5.2.7"
}
]
}
}
]
},
"vendor_name": "Oculus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +44,29 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (CWE-74)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3562",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3562"
}
]
}
}
}

58
2019/3xxx/CVE-2019-3563.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-04-15",
"ID": "CVE-2019-3563",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wangle",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "v2019.04.22.00"
},
{
"version_affected": "<",
"version_value": "v2019.04.22.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +40,29 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read (CWE-126)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/wangle/commit/5b3bceca875e4ea4ed9d14c20b20ce46c92c13c6",
"refsource": "MISC",
"url": "https://github.com/facebook/wangle/commit/5b3bceca875e4ea4ed9d14c20b20ce46c92c13c6"
}
]
}
}
}