diff --git a/2019/14xxx/CVE-2019-14763.json b/2019/14xxx/CVE-2019-14763.json new file mode 100644 index 00000000000..7b2fc5fbcb1 --- /dev/null +++ b/2019/14xxx/CVE-2019-14763.json @@ -0,0 +1,92 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4" + }, + { + "url": "https://www.spinics.net/lists/linux-usb/msg167355.html", + "refsource": "MISC", + "name": "https://www.spinics.net/lists/linux-usb/msg167355.html" + }, + { + "url": "https://www.spinics.net/lists/linux-usb/msg167393.html", + "refsource": "MISC", + "name": "https://www.spinics.net/lists/linux-usb/msg167393.html" + }, + { + "url": "https://github.com/torvalds/linux/commit/c91815b596245fd7da349ecc43c8def670d2269e", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/c91815b596245fd7da349ecc43c8def670d2269e" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c91815b596245fd7da349ecc43c8def670d2269e", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c91815b596245fd7da349ecc43c8def670d2269e" + }, + { + "url": "https://github.com/torvalds/linux/commit/072684e8c58d17e853f8e8b9f6d9ce2e58d2b036", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/072684e8c58d17e853f8e8b9f6d9ce2e58d2b036" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=072684e8c58d17e853f8e8b9f6d9ce2e58d2b036", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=072684e8c58d17e853f8e8b9f6d9ce2e58d2b036" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1918.json b/2019/1xxx/CVE-2019-1918.json index 5beec68b5dc..bc90f6352a2 100644 --- a/2019/1xxx/CVE-2019-1918.json +++ b/2019/1xxx/CVE-2019-1918.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition. " + "value": "A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1924.json b/2019/1xxx/CVE-2019-1924.json index f6e6bee224f..d2be2cbcf62 100644 --- a/2019/1xxx/CVE-2019-1924.json +++ b/2019/1xxx/CVE-2019-1924.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. " + "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user." } ] }, @@ -101,4 +101,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1925.json b/2019/1xxx/CVE-2019-1925.json index 91e01244208..77e0ad272cc 100644 --- a/2019/1xxx/CVE-2019-1925.json +++ b/2019/1xxx/CVE-2019-1925.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. " + "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user." } ] }, @@ -101,4 +101,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1926.json b/2019/1xxx/CVE-2019-1926.json index b7cde4b59c5..9ad01e1e402 100644 --- a/2019/1xxx/CVE-2019-1926.json +++ b/2019/1xxx/CVE-2019-1926.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. " + "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user." } ] }, @@ -101,4 +101,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1927.json b/2019/1xxx/CVE-2019-1927.json index dabad98674d..c844d6098fe 100644 --- a/2019/1xxx/CVE-2019-1927.json +++ b/2019/1xxx/CVE-2019-1927.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. " + "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user." } ] }, @@ -101,4 +101,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1928.json b/2019/1xxx/CVE-2019-1928.json index 28a8282c44f..9a7703560c6 100644 --- a/2019/1xxx/CVE-2019-1928.json +++ b/2019/1xxx/CVE-2019-1928.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. " + "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user." } ] }, @@ -101,4 +101,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1929.json b/2019/1xxx/CVE-2019-1929.json index 687ff3623f7..872bace9333 100644 --- a/2019/1xxx/CVE-2019-1929.json +++ b/2019/1xxx/CVE-2019-1929.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. " + "value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user." } ] }, @@ -101,4 +101,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1934.json b/2019/1xxx/CVE-2019-1934.json index 59824593342..913aa1b394f 100644 --- a/2019/1xxx/CVE-2019-1934.json +++ b/2019/1xxx/CVE-2019-1934.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. " + "value": "A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1944.json b/2019/1xxx/CVE-2019-1944.json index 05beadb9b7f..d57424c1efd 100644 --- a/2019/1xxx/CVE-2019-1944.json +++ b/2019/1xxx/CVE-2019-1944.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. " + "value": "Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1945.json b/2019/1xxx/CVE-2019-1945.json index 9acf373054e..15c023e2380 100644 --- a/2019/1xxx/CVE-2019-1945.json +++ b/2019/1xxx/CVE-2019-1945.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. " + "value": "Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file