diff --git a/2018/18xxx/CVE-2018-18669.json b/2018/18xxx/CVE-2018-18669.json index 58b23b38f73..37236bf336e 100644 --- a/2018/18xxx/CVE-2018-18669.json +++ b/2018/18xxx/CVE-2018-18669.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18669", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board title contents\" parameter, aka the adm/board_form_update.php bo_subject parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0", + "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172", + "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168", + "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168" } ] } diff --git a/2019/1010xxx/CVE-2019-1010173.json b/2019/1010xxx/CVE-2019-1010173.json index ee94b742192..11d5c6fdad4 100644 --- a/2019/1010xxx/CVE-2019-1010173.json +++ b/2019/1010xxx/CVE-2019-1010173.json @@ -1,17 +1,64 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jsish", + "product": { + "product_data": [ + { + "product_name": "Jsi", + "version": { + "version_data": [ + { + "version_value": "2.4.84" + }, + { + "version_value": "2.0484 [fixed: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3]" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reachable Assertion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://jsish.org/fossil/jsi/tktview/b3278d1a441477d50363d28df79bbf58de2448af", + "url": "https://jsish.org/fossil/jsi/tktview/b3278d1a441477d50363d28df79bbf58de2448af" } ] } diff --git a/2019/12xxx/CVE-2019-12162.json b/2019/12xxx/CVE-2019-12162.json index 15abf347880..00f342f24e7 100644 --- a/2019/12xxx/CVE-2019-12162.json +++ b/2019/12xxx/CVE-2019-12162.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12162", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12162", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.upwork.com/hc/en-us/categories/360001180954", + "refsource": "MISC", + "name": "https://support.upwork.com/hc/en-us/categories/360001180954" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.138406", + "url": "https://vuldb.com/?id.138406" } ] }