From 5d617e0cd7b430d7e89393dfc88851c681735c81 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Nov 2019 18:01:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/5xxx/CVE-2011-5330.json | 62 ++++++++++++++++++++++++++++++++++ 2011/5xxx/CVE-2011-5331.json | 62 ++++++++++++++++++++++++++++++++++ 2019/5xxx/CVE-2019-5101.json | 58 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5102.json | 58 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5688.json | 64 ++++++++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9719.json | 2 +- 6 files changed, 284 insertions(+), 22 deletions(-) create mode 100644 2011/5xxx/CVE-2011-5330.json create mode 100644 2011/5xxx/CVE-2011-5331.json diff --git a/2011/5xxx/CVE-2011-5330.json b/2011/5xxx/CVE-2011-5330.json new file mode 100644 index 00000000000..f5fab0141fb --- /dev/null +++ b/2011/5xxx/CVE-2011-5330.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/17031", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/17031" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5331.json b/2011/5xxx/CVE-2011-5331.json new file mode 100644 index 00000000000..bb8574c7578 --- /dev/null +++ b/2011/5xxx/CVE-2011-5331.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/17058", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/17058" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5101.json b/2019/5xxx/CVE-2019-5101.json index d5b83804d7f..39494c4e77f 100644 --- a/2019/5xxx/CVE-2019-5101.json +++ b/2019/5xxx/CVE-2019-5101.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5101", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5101", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenWRT", + "version": { + "version_data": [ + { + "version_value": "OpenWrt 18.06.4, via wget (uclient-fetch) OpenWrt 15.05.1, via wget (busybox)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper certificate validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function __ustream_ssl_poll, which is used to dispatch the read/write events" } ] } diff --git a/2019/5xxx/CVE-2019-5102.json b/2019/5xxx/CVE-2019-5102.json index 436278c0c28..16ba4ab2ce5 100644 --- a/2019/5xxx/CVE-2019-5102.json +++ b/2019/5xxx/CVE-2019-5102.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5102", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5102", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenWRT", + "version": { + "version_data": [ + { + "version_value": "OpenWrt 18.06.4, via wget (uclient-fetch) OpenWrt 15.05.1, via wget (busybox)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper certificate validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request." } ] } diff --git a/2019/5xxx/CVE-2019-5688.json b/2019/5xxx/CVE-2019-5688.json index e9f096daf50..f8c04fecdc7 100644 --- a/2019/5xxx/CVE-2019-5688.json +++ b/2019/5xxx/CVE-2019-5688.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5688", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5688", + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "NVIDIA NVFlash, NVUFlash, GPUModeSwitch Tool", + "version": { + "version_data": [ + { + "version_value": "NVFlash" + }, + { + "version_value": "NVUFlash prior to v5.588.0" + }, + { + "version_value": "GPUModeSwitch prior to 2019-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privileges, information disclosure, denial of service." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service." } ] } diff --git a/2019/9xxx/CVE-2019-9719.json b/2019/9xxx/CVE-2019-9719.json index 726ef244193..09833793831 100644 --- a/2019/9xxx/CVE-2019-9719.json +++ b/2019/9xxx/CVE-2019-9719.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf." + "value": "** DISPUTED ** A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because \u201cno evidence of a vulnerability is provided\u201d and only \u201ca generic warning from a static code analysis\u201d is provided." } ] },