diff --git a/2011/4xxx/CVE-2011-4924.json b/2011/4xxx/CVE-2011-4924.json index 9ce81db715d..f658b7e0af4 100644 --- a/2011/4xxx/CVE-2011-4924.json +++ b/2011/4xxx/CVE-2011-4924.json @@ -1,8 +1,46 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4924", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zope", + "product": { + "product_data": [ + { + "product_name": "zope2, zope3", + "version": { + "version_data": [ + { + "version_value": "2.8.x before 2.8.12" + }, + { + "version_value": "2.9.x before 2.9.12" + }, + { + "version_value": "2.10.x before 2.10.11" + }, + { + "version_value": "2.11.x before 2.11.6" + }, + { + "version_value": "and 2.12.x before 2.12.3" + }, + { + "version_value": "3.1.1through 3.4.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +49,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incomplete upstream patch for CVE-2010-1104 issue" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2011-4924", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2011-4924" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2011-4924", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2011-4924" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/01/19/19", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/19/19" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/19/16", + "url": "http://www.openwall.com/lists/oss-security/2012/01/19/16" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/19/17", + "url": "http://www.openwall.com/lists/oss-security/2012/01/19/17" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/19/18", + "url": "http://www.openwall.com/lists/oss-security/2012/01/19/18" } ] } diff --git a/2012/6xxx/CVE-2012-6639.json b/2012/6xxx/CVE-2012-6639.json index aab74c7b7d4..9c34f0e1971 100644 --- a/2012/6xxx/CVE-2012-6639.json +++ b/2012/6xxx/CVE-2012-6639.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6639", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cloud-init", + "product": { + "product_data": [ + { + "product_name": "cloud-init", + "version": { + "version_data": [ + { + "version_value": "before 0.7.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insecure transmission of EC2 instance data can lead to root privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-6639", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-6639" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6639", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6639" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6639", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6639" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-6639", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-6639" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/03/06/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/03/06/7" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/66019/references", + "url": "https://www.securityfocus.com/bid/66019/references" } ] } diff --git a/2018/2xxx/CVE-2018-2025.json b/2018/2xxx/CVE-2018-2025.json index ee861e519e9..e08ba4a344a 100644 --- a/2018/2xxx/CVE-2018-2025.json +++ b/2018/2xxx/CVE-2018-2025.json @@ -1,118 +1,118 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0.0" - }, - { - "version_value" : "8.1.0.0" - }, - { - "version_value" : "8.1.8.0" - }, - { - "version_value" : "7.1.8.5" - } - ] - }, - "product_name" : "Spectrum Protect Backup-Archive Client" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0.0" - }, - { - "version_value" : "7.1.8.5" - }, - { - "version_value" : "8.1.0.0" - }, - { - "version_value" : "8.1.8.0" - } - ] - }, - "product_name" : "Spectrum Protect for Virtual Environments" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1.0.0" + }, + { + "version_value": "8.1.0.0" + }, + { + "version_value": "8.1.8.0" + }, + { + "version_value": "7.1.8.5" + } + ] + }, + "product_name": "Spectrum Protect Backup-Archive Client" + }, + { + "version": { + "version_data": [ + { + "version_value": "7.1.0.0" + }, + { + "version_value": "7.1.8.5" + }, + { + "version_value": "8.1.0.0" + }, + { + "version_value": "8.1.8.0" + } + ] + }, + "product_name": "Spectrum Protect for Virtual Environments" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "A" : "N", - "S" : "U", - "AV" : "L", - "I" : "L", - "C" : "L", - "SCORE" : "5.100", - "AC" : "L", - "PR" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-11-22T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-2025" - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/1107261", - "name" : "https://www.ibm.com/support/pages/node/1107261", - "title" : "IBM Security Bulletin 1107261 (Spectrum Protect Backup-Archive Client)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tsm-cve20182025-info-disc (155551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155551" - } - ] - } -} + } + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "A": "N", + "S": "U", + "AV": "L", + "I": "L", + "C": "L", + "SCORE": "5.100", + "AC": "L", + "PR": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-11-22T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2018-2025" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1107261", + "name": "https://www.ibm.com/support/pages/node/1107261", + "title": "IBM Security Bulletin 1107261 (Spectrum Protect Backup-Archive Client)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-tsm-cve20182025-info-disc (155551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155551" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16765.json b/2019/16xxx/CVE-2019-16765.json index bf62435f7f4..e3826d804ef 100644 --- a/2019/16xxx/CVE-2019-16765.json +++ b/2019/16xxx/CVE-2019-16765.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf.\n\nThis is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism.\n\nAfter upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here." + "value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here." } ] }, @@ -105,4 +105,4 @@ "value": "Manually review the workspace settings for any workspace obtained from an external source. These settings can be found in the .vscode/settings.json file within the workspace directory. Remove the configuration values for the codeQL.cli.executablePath, codeQL.cli.owner, and codeQL.cli.repository settings for the workspace.\n\nIf you wish to use the codeQL.cli.executablePath setting to indicate the location of a CodeQL CLI executable, then move this to your user settings, and check that you trust the configured path. You can access the user settings by choosing Preferences: Open User Settings from the Command Palette." } ] -} +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19252.json b/2019/19xxx/CVE-2019-19252.json new file mode 100644 index 00000000000..7e7c84a6b5f --- /dev/null +++ b/2019/19xxx/CVE-2019-19252.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/", + "refsource": "MISC", + "name": "https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19253.json b/2019/19xxx/CVE-2019-19253.json new file mode 100644 index 00000000000..2e1cce4b4a0 --- /dev/null +++ b/2019/19xxx/CVE-2019-19253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4406.json b/2019/4xxx/CVE-2019-4406.json index 29420844077..aa1a999cc62 100644 --- a/2019/4xxx/CVE-2019-4406.json +++ b/2019/4xxx/CVE-2019-4406.json @@ -1,99 +1,99 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0.0" - }, - { - "version_value" : "7.1.8.6" - }, - { - "version_value" : "8.1.0.0" - }, - { - "version_value" : "8.1.8.0" - } - ] - }, - "product_name" : "Spectrum Protect Backup-Archive Client" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.1.0.0" + }, + { + "version_value": "7.1.8.6" + }, + { + "version_value": "8.1.0.0" + }, + { + "version_value": "8.1.8.0" + } + ] + }, + "product_name": "Spectrum Protect Backup-Archive Client" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "PR" : "H", - "AC" : "L", - "SCORE" : "4.400", - "I" : "N", - "C" : "N", - "A" : "H", - "S" : "U", - "AV" : "L", - "UI" : "N" - } - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 1107777 (Spectrum Protect Backup-Archive Client)", - "name" : "https://www.ibm.com/support/pages/node/1107777", - "url" : "https://www.ibm.com/support/pages/node/1107777", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tsm-cve20194406-dos (162477)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162477", - "refsource" : "XF" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4406", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2019-11-22T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - } -} + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "PR": "H", + "AC": "L", + "SCORE": "4.400", + "I": "N", + "C": "N", + "A": "H", + "S": "U", + "AV": "L", + "UI": "N" + } + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1107777 (Spectrum Protect Backup-Archive Client)", + "name": "https://www.ibm.com/support/pages/node/1107777", + "url": "https://www.ibm.com/support/pages/node/1107777", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-tsm-cve20194406-dos (162477)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162477", + "refsource": "XF" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4406", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2019-11-22T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + } +} \ No newline at end of file