From 716af4e679e1818515664c4a1da97da48a24731a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 25 Mar 2019 22:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/7xxx/CVE-2017-7342.json | 58 ++++- 2018/14xxx/CVE-2018-14522.json | 5 + 2018/14xxx/CVE-2018-14523.json | 5 + 2018/19xxx/CVE-2018-19859.json | 7 +- 2019/0xxx/CVE-2019-0204.json | 62 +++++- 2019/6xxx/CVE-2019-6538.json | 381 ++++++++++++++++++++++++++++++++- 2019/7xxx/CVE-2019-7642.json | 48 ++++- 7 files changed, 546 insertions(+), 20 deletions(-) diff --git a/2017/7xxx/CVE-2017-7342.json b/2017/7xxx/CVE-2017-7342.json index c957304f796..c718ce3f279 100644 --- a/2017/7xxx/CVE-2017-7342.json +++ b/2017/7xxx/CVE-2017-7342.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-7342", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7342", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet, Inc.", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal versions 4.0.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-17-114", + "url": "https://fortiguard.com/psirt/FG-IR-17-114" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button" } ] } diff --git a/2018/14xxx/CVE-2018-14522.json b/2018/14xxx/CVE-2018-14522.json index 905dd60fb77..e610d335663 100644 --- a/2018/14xxx/CVE-2018-14522.json +++ b/2018/14xxx/CVE-2018-14522.json @@ -56,6 +56,11 @@ "name": "https://github.com/aubio/aubio/issues/188", "refsource": "MISC", "url": "https://github.com/aubio/aubio/issues/188" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1049", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html" } ] } diff --git a/2018/14xxx/CVE-2018-14523.json b/2018/14xxx/CVE-2018-14523.json index 7d6b06abb03..f58ac3dd5a7 100644 --- a/2018/14xxx/CVE-2018-14523.json +++ b/2018/14xxx/CVE-2018-14523.json @@ -56,6 +56,11 @@ "name": "https://github.com/aubio/aubio/issues/189", "refsource": "MISC", "url": "https://github.com/aubio/aubio/issues/189" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1049", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html" } ] } diff --git a/2018/19xxx/CVE-2018-19859.json b/2018/19xxx/CVE-2018-19859.json index a0a756147fd..9820f13587f 100644 --- a/2018/19xxx/CVE-2018-19859.json +++ b/2018/19xxx/CVE-2018-19859.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "OpenRefine before 3.5 allows directory traversal via a relative pathname in a ZIP archive." + "value": "OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive." } ] }, @@ -56,6 +56,11 @@ "name": "https://github.com/OpenRefine/OpenRefine/issues/1840", "refsource": "MISC", "url": "https://github.com/OpenRefine/OpenRefine/issues/1840" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/OpenRefine/OpenRefine/pull/1901", + "url": "https://github.com/OpenRefine/OpenRefine/pull/1901" } ] } diff --git a/2019/0xxx/CVE-2019-0204.json b/2019/0xxx/CVE-2019-0204.json index 2cded00720f..bc1df7d7336 100644 --- a/2019/0xxx/CVE-2019-0204.json +++ b/2019/0xxx/CVE-2019-0204.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@apache.org", "ID": "CVE-2019-0204", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,63 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Mesos", + "version": { + "version_data": [ + { + "version_value": "pre-1.4.x" + }, + { + "version_value": "1.4.0 to 1.4.2" + }, + { + "version_value": "1.5.0 to 1.5.2" + }, + { + "version_value": "1.6.0 to 1.6.1" + }, + { + "version_value": "1.7.0 to 1.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", + "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E" } ] } diff --git a/2019/6xxx/CVE-2019-6538.json b/2019/6xxx/CVE-2019-6538.json index 079959804da..5269e29e5a5 100644 --- a/2019/6xxx/CVE-2019-6538.json +++ b/2019/6xxx/CVE-2019-6538.json @@ -1,17 +1,384 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6538", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6538", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "MyCareLink Monitor versions 24950 and 24952" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "CareLink Monitor version 2490C" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "CareLink 2090 Programmer" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Amplia CRT-D" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Claria CRT-D" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Compia CRT-D" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Concerto CRT-D" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Concerto II CRT-D" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Consulta CRT-D" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Evera ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Maximo II CRT-D and ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Mirro ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Nayamed ND ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Primo ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Protecta ICD and CRT-D" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Secura ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Virtuoso ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Virtuoso II ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Visia AF ICD" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Medtronic", + "product": { + "product_data": [ + { + "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", + "version": { + "version_data": [ + { + "version_value": "Viva CRT-D" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product\u2019s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device." } ] } diff --git a/2019/7xxx/CVE-2019-7642.json b/2019/7xxx/CVE-2019-7642.json index d6654b507c4..b4b5c73a635 100644 --- a/2019/7xxx/CVE-2019-7642.json +++ b/2019/7xxx/CVE-2019-7642.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7642", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md" } ] }