diff --git a/2018/20xxx/CVE-2018-20144.json b/2018/20xxx/CVE-2018-20144.json index edea7f27be9..ba30bf002c6 100644 --- a/2018/20xxx/CVE-2018-20144.json +++ b/2018/20xxx/CVE-2018-20144.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20144", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/55200", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/55200" } ] } diff --git a/2019/10xxx/CVE-2019-10251.json b/2019/10xxx/CVE-2019-10251.json index ec32e5b487d..5b72d12d0ab 100644 --- a/2019/10xxx/CVE-2019-10251.json +++ b/2019/10xxx/CVE-2019-10251.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10251", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10251", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/", + "refsource": "MISC", + "name": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/" + }, + { + "url": "https://news.drweb.com/show/?i=13176&c=38", + "refsource": "MISC", + "name": "https://news.drweb.com/show/?i=13176&c=38" } ] } diff --git a/2019/10xxx/CVE-2019-10253.json b/2019/10xxx/CVE-2019-10253.json new file mode 100644 index 00000000000..96612bd3224 --- /dev/null +++ b/2019/10xxx/CVE-2019-10253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10254.json b/2019/10xxx/CVE-2019-10254.json new file mode 100644 index 00000000000..a6579bbf34a --- /dev/null +++ b/2019/10xxx/CVE-2019-10254.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/586cca384be6710b03e14bcbeb7588c1772604ec", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/586cca384be6710b03e14bcbeb7588c1772604ec" + }, + { + "url": "https://github.com/MISP/MISP/compare/f493659...0e4f66e", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/f493659...0e4f66e" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5025.json b/2019/5xxx/CVE-2019-5025.json index 6c20ca37670..20b80043c11 100644 --- a/2019/5xxx/CVE-2019-5025.json +++ b/2019/5xxx/CVE-2019-5025.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5025", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5025", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5674.json b/2019/5xxx/CVE-2019-5674.json index 36d9b2f73da..f3ee7f93d06 100644 --- a/2019/5xxx/CVE-2019-5674.json +++ b/2019/5xxx/CVE-2019-5674.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5674", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5674", + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA Corporation", + "product": { + "product_data": [ + { + "product_name": "GeForce Experience", + "version": { + "version_data": [ + { + "version_value": "before 3.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution, denial of service, or escalation of privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4784" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges." } ] } diff --git a/2019/7xxx/CVE-2019-7524.json b/2019/7xxx/CVE-2019-7524.json index 7c19b3ea3f0..ad15e166c68 100644 --- a/2019/7xxx/CVE-2019-7524.json +++ b/2019/7xxx/CVE-2019-7524.json @@ -61,6 +61,11 @@ "url": "https://dovecot.org/list/dovecot-news/2019-March/000403.html", "refsource": "MISC", "name": "https://dovecot.org/list/dovecot-news/2019-March/000403.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190328 CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files", + "url": "http://www.openwall.com/lists/oss-security/2019/03/28/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9864.json b/2019/9xxx/CVE-2019-9864.json index 0cbf31baf00..b1588e2411b 100644 --- a/2019/9xxx/CVE-2019-9864.json +++ b/2019/9xxx/CVE-2019-9864.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9864", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9864", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackingvila.wordpress.com/2019/03/19/php-scripts-mall-amazon-affiliate-store-2-1-6-allows-parameter-tampering-of-the-payment-amountcve-2019-9864/", + "url": "https://hackingvila.wordpress.com/2019/03/19/php-scripts-mall-amazon-affiliate-store-2-1-6-allows-parameter-tampering-of-the-payment-amountcve-2019-9864/" } ] }